Site to Site Routing Properties for Reverse Proxies

Site-to-Site requires peer-to-peer communication between a client and a remote NiFi node. E.g. if a remote NiFi cluster has 3 nodes (nifi0, nifi1 and nifi2) then client requests have to be reachable to each of those remote nodes.

If a NiFi cluster is planned to receive/transfer data from/to Site-to-Site clients over the internet or a company firewall, a reverse proxy server can be deployed in front of the NiFi cluster nodes as a gateway to route client requests to upstream NiFi nodes, to reduce number of servers and ports those have to be exposed.

In such environment, the same NiFi cluster would also be expected to be accessed by Site-to-Site clients within the same network. Sending FlowFiles to itself for load distribution among NiFi cluster nodes can be a typical example. In this case, client requests should be routed directly to a node without going through the reverse proxy.

In order to support such deployments, remote NiFi clusters need to expose its Site-to-Site endpoints dynamically based on client request contexts. Following properties configure how peers should be exposed to clients. A routing definition consists of 4 properties, when, hostname, port, and secure, grouped by protocol and name. Multiple routing definitions can be configured. protocol represents Site-to-Site transport protocol, i.e. RAW or HTTP.




Boolean value, true or false. Controls whether the routing definition for this name should be used.


Specify hostname that will be introduced to Site-to-Site clients for further communications.


Specify port number that will be introduced to Site-to-Site clients for further communications.


Boolean value, true or false. Specify whether the remote peer should be accessed via secure protocol. Defaults to false.

All of above routing properties can use NiFi Expression Language to compute target peer description from request context. Available variables are:

Variable name



Hostname of the source where the request came from, and the original target.


Same as above, for ports. Source port may not be useful as it is just a client side TCP port.


Same as above, for secure or not.


The name of Site-to-Site protocol being used, RAW or HTTP.


The name of current request type, SiteToSiteDetail or Peers. See Site-to-Site protocol sequence below for detail.

HTTP request headers

HTTP request header values can be referred by its name.