wu-sheng commented on code in PR #10684: URL: https://github.com/apache/skywalking/pull/10684#discussion_r1166165127
########## docs/en/setup/backend/aws-firehose-receiver.md: ########## @@ -32,5 +32,7 @@ The following blogs demonstrate complete setup process for AWS S3 and API Gatewa ## Notice 1. Only OpenTelemetry format is supported (refer to [Metric streams output formats](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-formats.html)) -2. A proxy(e.g. Nginx, Envoy) is required in front of OAP's Firehose receiver to accept HTTPS requests from AWS Firehose through port `443` (refer to [Amazon Kinesis Data Firehose Delivery Stream HTTP Endpoint Delivery Specifications](https://docs.aws.amazon.com/firehose/latest/dev/httpdeliveryrequestresponse.html). +2. According to HTTPS requirement by AWS Firehose(refer to [Amazon Kinesis Data Firehose Delivery Stream HTTP Endpoint Delivery Specifications](https://docs.aws.amazon.com/firehose/latest/dev/httpdeliveryrequestresponse.html), users have two options + - A proxy(e.g. Nginx, Envoy) is required in front of OAP's Firehose receiver to accept HTTPS requests from AWS Firehose through port `443`. (Recommended based on the general security policy) + - Set `aws-firehose/enableTLS=true` and `acceptProxyRequest=true` at OAP side to accept requests from firehose directly. Review Comment: > I think we can enable acceptProxyRequest=true always and remove this config to minimize the configurations, users don't need to set this extra config. It has no side effect right? About this, I think `acceptProxyRequest=true` is harmless from our use case. @pg-yang Could you recheck about this? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
