[jira] [Updated] (ZOOKEEPER-4259) Allow AdminServer to force https

Wed, 24 Mar 2021 09:16:07 -0700 


     [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-4259?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Norbert Kalmár updated ZOOKEEPER-4259:
--------------------------------------
    Description: 
Since portunification (ZOOKEEPER-3371), AdminServer supports https. But there 
is no way to disable http and allow https only. It is my understanding, that to 
be FLIPS compliant, only https is allowed. This is one reason it is good to 
have such a feature. 

To enable https currently, we need to set these parameters in zoo.cfg:

{code:java}
ssl.quorum.keyStore.location=/tmp/zookeeper/keystore.jks
ssl.quorum.keyStore.password=password
ssl.quorum.trustStore.location=/tmp/zookeeper/truststore.jks
ssl.quorum.trustStore.password=password

admin.portUnification=true
{code}


  was:
Since portunification (ZOOKEEPER-3371), AdminServer supports https. But there 
is no way to disable http and allow https only. It is my understanding, that to 
be FLIPS compliant, only https is allowed. This is one reason it is good to 
have such a feature. 

To enable https currently, we need to set these parameters in zoo.cfg:

{code:java}
serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
ssl.quorum.keyStore.location=/tmp/zookeeper/keystore.jks
ssl.quorum.keyStore.password=password
ssl.quorum.trustStore.location=/tmp/zookeeper/truststore.jks
ssl.quorum.trustStore.password=password

ssl.keyStore.location=/tmp/zookeeper/keystore.jks
ssl.keyStore.password=password 
ssl.trustStore.location=/tmp/zookeeper/truststore.jks
ssl.trustStore.password=password

admin.portUnification=true
{code}



> Allow AdminServer to force https
> --------------------------------
>
>                 Key: ZOOKEEPER-4259
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4259
>             Project: ZooKeeper
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 3.7.0
>            Reporter: Norbert Kalmár
>            Assignee: Norbert Kalmár
>            Priority: Minor
>
> Since portunification (ZOOKEEPER-3371), AdminServer supports https. But there 
> is no way to disable http and allow https only. It is my understanding, that 
> to be FLIPS compliant, only https is allowed. This is one reason it is good 
> to have such a feature. 
> To enable https currently, we need to set these parameters in zoo.cfg:
> {code:java}
> ssl.quorum.keyStore.location=/tmp/zookeeper/keystore.jks
> ssl.quorum.keyStore.password=password
> ssl.quorum.trustStore.location=/tmp/zookeeper/truststore.jks
> ssl.quorum.trustStore.password=password
> admin.portUnification=true
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to