Anonymitaet commented on a change in pull request #11681: URL: https://github.com/apache/pulsar/pull/11681#discussion_r691044967
########## File path: site2/docs/security-tls-keystore.md ########## @@ -131,6 +131,13 @@ brokerClientTlsTrustStorePassword=clientpw NOTE: it is important to restrict access to the store files via filesystem permissions. +When TLS is configured on the broker, the non-TLS ports `brokerServicePort` and `webServicePort` can be disabled by providing an empty value in configuration. +``` +brokerServicePort= +webServicePort= +``` +In this case it's mandatory to specify `brokerClientTlsEnabled=true`, `brokerClientTlsEnabledWithKeyStore=true` and the related configuration properties `brokerClientTlsTrustStore` and `brokerClientTlsTrustStorePassword`. Review comment: ```suggestion In this case, you need to set the following configurations. ```conf brokerClientTlsEnabled=true // Set this to true brokerClientTlsEnabledWithKeyStore=true // Set this to true brokerClientTlsTrustStore= // Set this to your desired value brokerClientTlsTrustStorePassword= // Set this to your desired value ``` ``` ########## File path: site2/docs/security-tls-keystore.md ########## @@ -131,6 +131,13 @@ brokerClientTlsTrustStorePassword=clientpw NOTE: it is important to restrict access to the store files via filesystem permissions. +When TLS is configured on the broker, the non-TLS ports `brokerServicePort` and `webServicePort` can be disabled by providing an empty value in configuration. Review comment: ```suggestion If you have configured TLS on the broker, to disable non-TLS ports, you can set the values of the following configurations to empty as below. ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@pulsar.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org