hbase-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mi...@apache.org
Subject hbase git commit: HBASE-11153 Document that http webUI's should redirect to https when enabled
Date Thu, 11 Dec 2014 22:54:36 GMT
Repository: hbase
Updated Branches:
  refs/heads/master 534beefc1 -> dd02634f1

HBASE-11153 Document that http webUI's should redirect to https when enabled

Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/dd02634f
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/dd02634f
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/dd02634f

Branch: refs/heads/master
Commit: dd02634f1e278637d8fae528801245f35f62836e
Parents: 534beef
Author: Misty Stanley-Jones <mstanleyjones@cloudera.com>
Authored: Thu Dec 11 10:45:30 2014 +1000
Committer: Misty Stanley-Jones <mstanleyjones@cloudera.com>
Committed: Fri Dec 12 08:55:24 2014 +1000

 src/main/docbkx/security.xml | 32 +++++++++++++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/src/main/docbkx/security.xml b/src/main/docbkx/security.xml
index d649f95..61493cd 100644
--- a/src/main/docbkx/security.xml
+++ b/src/main/docbkx/security.xml
@@ -28,7 +28,37 @@
  * limitations under the License.
-  <title>Secure Apache HBase</title>
+  <title>Securing Apache HBase</title>
+  <para>HBase provides mechanisms to secure various components and aspects of HBase
and how it
+    relates to the rest of the Hadoop infrastructure, as well as clients and resources outside
+    Hadoop.</para>
+  <section>
+    <title>Using Secure HTTP (HTTPS) for the Web UI</title>
+    <para>A default HBase install uses insecure HTTP connections for web UIs for the
master and
+      region servers. To enable secure HTTP (HTTPS) connections instead, set
+        <code>hadoop.ssl.enabled</code> to <literal>true</literal>
+        <filename>hbase-site.xml</filename>. This does not change the port used
by the Web UI. To
+      change the port for the web UI for a given HBase component, configure that port's setting
+      hbase-site.xml. These settings are:</para>
+    <itemizedlist>
+      <listitem><para><code>hbase.master.info.port</code></para></listitem>
+      <listitem><para><code>hbase.regionserver.info.port</code></para></listitem>
+    </itemizedlist>
+    <note>
+      <title>If you enable HTTPS, clients should avoid using the non-secure HTTP connection.</title>
+      <para>If you enable secure HTTP, clients should connect to HBase using the
+          <code>https://</code> URL. Clients using the <code>http://</code>
URL will receive an HTTP
+        response of <literal>200</literal>, but will not receive any data. The
following exception is logged:</para>
+      <screen>javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?</screen>
+      <para>This is because the same port is used for HTTP and HTTPS.</para>
+      <para>HBase uses Jetty for the Web UI. Without modifying Jetty itself, it does
not seem
+        possible to configure Jetty to redirect one port to another on the same host. See
+        Dimiduk's contribution on this <link
+          xlink:href="http://stackoverflow.com/questions/20611815/redirect-from-http-to-https-in-jetty"
+          >Stack Overflow</link> thread for more information. If you know how to
fix this without
+        opening a second port for HTTPS, patches are appreciated.</para>
+    </note>
+  </section>
     <title>Secure Client Access to Apache HBase</title>

View raw message