Nifi instance behind the internal https load balancer GCP

0
votes

I have a nifi instance running on the

 https://localhost:9443/nifi
 https://delta:9443/nifi

The instance is still running on local. I want to have an internal https load balancer infront of the nifi instance. I have read that we can add the SAN ip address of the load balancer on the nifi-cert. I am still confused on DNS and SAN address. I have a self-signed certificate for the https load balancer and there is a DNS entry for the load balancer as well. Now when I create a standalone nifi CA, at that point do I have to give the DNS of the load balancer as

tls-toolkit.sh standalone -n 'loadbalancer DNS' -C 'CN=username,OU=NIFI' --subjectAlternativeNames 'lb-ip-address'

or am I missing something big??

1
apache-nifigoogle-cloud-load-balancer

1 Answers

0
votes

I am not sure if SAN flag would accept other thing than domain names and no IP addresses instead but according to this it might work.

-n flag should be populated with the domain name associated to your frontend (Load Balancer).