Andrew Ash created SPARK-17874:
----------------------------------
Summary: Enabling SSL on HistoryServer should only open one port
not two
Key: SPARK-17874
URL: https://issues.apache.org/jira/browse/SPARK-17874
Project: Spark
Issue Type: Improvement
Components: Web UI
Affects Versions: 2.0.1
Reporter: Andrew Ash
When turning on SSL on the HistoryServer with
{{spark.ssl.historyServer.enabled=true}} this opens up a second port, at the
[hardcoded|https://github.com/apache/spark/blob/v2.0.1/core/src/main/scala/org/apache/spark/ui/JettyUtils.scala#L262]
result of calculating {{spark.history.ui.port + 400}}, and sets up a redirect
from the original (http) port to the new (https) port.
{noformat}
$ netstat -nlp | grep 23714
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 :::18080 :::*
LISTEN 23714/java
tcp 0 0 :::18480 :::*
LISTEN 23714/java
{noformat}
By enabling {{spark.ssl.historyServer.enabled}} I would have expected the one
open port to change protocol from http to https, not to have 1) additional
ports open 2) the http port remain open 3) the additional port at a value I
didn't specify.
To fix this could take one of two approaches:
Approach 1:
- one port always, which is configured with {{spark.history.ui.port}}
- the protocol on that port is http by default
- or if {{spark.ssl.historyServer.enabled=true}} then it's https
Approach 2:
- add a new configuration item {{spark.history.ui.sslPort}} which configures
the second port that starts up
In approach 1 we probably need a way to specify to Spark jobs whether the
history server has ssl or not, based on SPARK-16988
That makes me think we should go with approach 2.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
