Web Properties

These properties pertain to the web-based User Interface.


Property	Description
`nifi.web.http.host`	The HTTP host. The default value is blank.
`nifi.web.http.port`	The HTTP port. The default value is blank.
`nifi.web.http.port.forwarding`	The port which forwards incoming HTTP requests to `nifi.web.http.host`. This property is designed to be used with 'port forwarding', when NiFi has to be started by a non-root user for better security, yet it needs to be accessed via low port to go through a firewall. For example, to expose NiFi via HTTP protocol on port 80, but actually listening on port 8080, you need to configure OS level port forwarding such as `iptables` (Linux/Unix) or `pfctl` (macOS) that redirects requests from 80 to 8080. Then set `nifi.web.http.port` as 8080, and `nifi.web.http.port.forwarding` as 80. It is blank by default.
`nifi.web.http.network.interface`*	The name of the network interface to which NiFi should bind for HTTP requests. It is blank by default. + NOTE: Multiple network interfaces can be specified by using the `nifi.web.http.network.interface.` prefix with unique suffixes and separate network interface names as values. + For example, to provide two additional network interfaces, a user could also specify additional properties with keys of: + `nifi.web.http.network.interface.eth0=eth0` `nifi.web.http.network.interface.eth1=eth1` + Providing three total network interfaces, including `nifi.web.http.network.interface.default`.
`nifi.web.https.host`	The HTTPS host. The default value is `127.0.0.1`.
`nifi.web.https.port`	The HTTPS port. The default value is `8443`.
`nifi.web.https.port.forwarding`	Same as `nifi.web.http.port.forwarding`, but with HTTPS for secure communication. It is blank by default.
`nifi.web.https.ciphersuites.include`	Cipher suites used to initialize the SSLContext of the Jetty HTTPS port. If unspecified, the runtime SSLContext defaults are used.
`nifi.web.https.ciphersuites.exclude`	Cipher suites that may not be used by an SSL client to establish a connection to Jetty. If unspecified, the runtime SSLContext defaults are used.
`nifi.web.max.access.token.requests.per.second`	Maximum amount of requests per second the token endpoints will accept before filtering requests. The default value is `25`
`nifi.web.should.send.server.version`	Whether the Server header should be included in HTTP responses. The default value is `true` In Chrome, the SSL cipher negotiated with Jetty may be examined in the 'Developer Tools' plugin, in the 'Security' tab. In Firefox, the SSL cipher negotiated with Jetty may be examined in the 'Secure Connection' widget found to the left of the URL in the browser address bar.
`nifi.web.https.network.interface`*	The name of the network interface to which NiFi should bind for HTTPS requests. It is blank by default. + NOTE: Multiple network interfaces can be specified by using the `nifi.web.https.network.interface.` prefix with unique suffixes and separate network interface names as values. + For example, to provide two additional network interfaces, a user could also specify additional properties with keys of: + `nifi.web.https.network.interface.eth0=eth0` `nifi.web.https.network.interface.eth1=eth1` + Providing three total network interfaces, including `nifi.web.https.network.interface.default`.
`nifi.web.jetty.working.directory`	The location of the Jetty working directory. The default value is `./work/jetty`.
`nifi.web.jetty.threads`	The number of Jetty threads. The default value is `200`.
`nifi.web.max.header.size`	The maximum size allowed for request and response headers. The default value is `16 KB`.
`nifi.web.proxy.host`	A comma separated list of allowed HTTP Host header values to consider when NiFi is running securely and will be receiving requests to a different host[:port] than it is bound to. For example, when running in a Docker container or behind a proxy (e.g. localhost:18443, proxyhost:443). By default, this value is blank meaning NiFi should only allow requests sent to the host[:port] that NiFi is bound to.
`nifi.web.proxy.context.path`	A comma separated list of allowed HTTP X-ProxyContextPath, X-Forwarded-Context, or X-Forwarded-Prefix header values to consider. By default, this value is blank meaning all requests containing a proxy context path are rejected. Configuring this property would allow requests where the proxy path is contained in this listing.
`nifi.web.max.content.size`	The maximum size (HTTP `Content-Length`) for PUT and POST requests. No default value is set for backward compatibility. Providing a value for this property enables the `Content-Length` filter on all incoming API requests (except Site-to-Site and cluster communications). A suggested value is `20 MB`.
`nifi.web.max.requests.per.second`	The maximum number of requests from a connection per second. Requests in excess of this are first delayed, then throttled.
`nifi.web.max.access.token.requests.per.second`	The maximum number of requests for login Access Tokens from a connection per second. Requests in excess of this are rejected with HTTP 429.
`nifi.web.request.ip.whitelist`	A comma separated list of IP addresses. Used to specify the IP addresses of clients which can exceed the maximum requests per second (`nifi.web.max.requests.per.second`). Does not apply to web request timeout.
`nifi.web.request.timeout`	The request timeout for web requests. Requests running longer than this time will be forced to end with a HTTP 503 Service Unavailable response. Default value is `60 secs`.