Github user alopresto commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2410#discussion_r162530802
--- Diff: nifi-docs/src/main/asciidoc/administration-guide.adoc ---
@@ -3083,6 +3092,12 @@ Providing three total network interfaces, including
`nifi.web.https.network.int
|nifi.web.jetty.working.directory|The location of the Jetty working
directory. The default value is `./work/jetty`.
|nifi.web.jetty.threads|The number of Jetty threads. The default value is
`200`.
|nifi.web.max.header.size|The maximum size allowed for request and
response headers. The default value is 16 KB.
+|nifi.web.proxy.host|A comma separated list of allowed HTTP Host header
values to consider when NiFi is running securely and will be receiving requests
to a different host[:port] than it is bound to.
+For example, when running in a Docker container or behind a proxy (e.g.
localhost:18443, proxyhost:443). By default, this value is blank meaning NiFi
should only allow requests sent to the
+host[:port] that NiFi is bound to.
+|nifi.web.proxy.context.path|A comma separated list of allowed HTTP
X-ProxyContextPath or X-Forwarded-Context header values to consider when NiFi
is running securely. By default, this value is
+blank meaning any proxy context path is allowed. Configuring this property
would result in rejecting of incoming requests where the value of the
X-ProxyContextPath or X-Forwarded-Context
+header is not contained in this listing.
--- End diff --
See notes above about my understanding of this behavior (verified on
`master` running with a vanilla configuration).
---
