Yukang-Lian opened a new pull request, #65212:
URL: https://github.com/apache/doris/pull/65212

   ## Proposed changes
   
   When `enable_https` is enabled, several FE-internal HTTP requests are still 
built with `http://` URLs. Relying on an HTTP-to-HTTPS redirect is fragile for 
these internal Java clients, especially for `HttpURLConnection` paths where 
cross-protocol redirects are not a good contract for internal node 
communication.
   
   This PR adds an `InternalHttpClientProvider` abstraction for FE JVM internal 
HTTP clients and an OSS implementation that centralizes internal URL 
normalization:
   
   - `Target.FE` URLs are rewritten to `https://...:${https_port}` when 
`enable_https=true`.
   - `Target.BE` URLs are not rewritten by OSS HTTPS.
   - Inputs that are already `https://` are left unchanged.
   - External/user-provided HTTP clients are not moved to the internal provider.
   - Existing FE HTTP TLS-module fail-fast behavior is kept centralized through 
`TlsProtocolSet.isHttpTlsActive()`.
   
   Internal call sites migrated include FE-to-FE helper/meta paths, REST 
forwarding, audit loading, upload/stream-load submitter, MySQL LOAD, show 
config, show load warnings, node config manager paths, profile/session/cluster 
guard fan-out, BE proc display URLs, and BE warmup stats collection.
   
   ## Tests
   
   ```bash
   MAVEN_HOME=/data/data14/lianyukang/apache-maven-3.9.13 \
   PATH=/data/data14/lianyukang/apache-maven-3.9.13/bin:$PATH \
   DORIS_GCC_HOME=/data/data14/lianyukang/ldb_toolchain \
   ./run-fe-ut.sh --run 
org.apache.doris.httpv2.client.OssInternalHttpClientProviderTest
   ```
   
   Result:
   
   ```text
   Tests run: 5, Failures: 0, Errors: 0, Skipped: 0
   BUILD SUCCESS
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to