Drew and I discussed creating a helpful document which outlines the steps behind the common task of deploying NiFi in an environment where user/API access is restricted to proxy access. This document would include (generic) steps for deploying to widely-used proxies like httpd and nginx. Special attention would be paid to configuring a secured instance, which would include notes like:
- Overriding the Origin header to allow for POST requests to the template endpoint originating from a different host - [https://lists.apache.org/api/atom.lua?mid=b8ee4e9699f9c8b55a2b9e54b7e551a34fcbae070c7d625fdfbc0870@%3Cusers.nifi.apache.org%3E|Invalid CORS request error on NiFi v1.8.0 and 1.9.0 behind nginx]
- Configuring the proxy host accepted lists [https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#proxy_configuration|Admin Guide - Proxy Configuration]
This document could also address (or link to another addressing) reverse proxy configuration allowing site-to-site connectivity. There is a [https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#site-to-site-and-reverse-proxy-examples|section in the Admin Guide] addressing this already.
I'd like to see us build out more prescriptive than descriptive documentation to help guide people through common tasks. Our current documentation is an excellent and exhaustive reference for people who know what they're looking for, but can be daunting to new users or users trying to perform a task for the first time.