Return-Path: 
 <commits-return-21598-apmail-hbase-commits-archive=hbase.apache.org@hbase.apache.org>
X-Original-To: apmail-hbase-commits-archive@www.apache.org
Delivered-To: apmail-hbase-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 2A1E4C3D3
	for <apmail-hbase-commits-archive@www.apache.org>;
 Thu, 11 Dec 2014 22:54:37 +0000 (UTC)
Received: (qmail 32533 invoked by uid 500); 11 Dec 2014 22:54:37 -0000
Delivered-To: apmail-hbase-commits-archive@hbase.apache.org
Received: (qmail 32487 invoked by uid 500); 11 Dec 2014 22:54:37 -0000
Mailing-List: contact commits-help@hbase.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@hbase.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@hbase.apache.org>
List-Post: <mailto:commits@hbase.apache.org>
List-Id: <commits.hbase.apache.org>
Reply-To: dev@hbase.apache.org
Delivered-To: mailing list commits@hbase.apache.org
Received: (qmail 32478 invoked by uid 99); 11 Dec 2014 22:54:37 -0000
Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org)
 (140.211.11.114)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 11 Dec 2014 22:54:36 +0000
Received: by tyr.zones.apache.org (Postfix, from userid 65534)
	id B7307A2775C; Thu, 11 Dec 2014 22:54:36 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: misty@apache.org
To: commits@hbase.apache.org
Message-Id: <e0ba5651ff5c467abf5ffaf792e2b659@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: hbase git commit: HBASE-11153 Document that http webUI's should
 redirect to https when enabled
Date: Thu, 11 Dec 2014 22:54:36 +0000 (UTC)

Repository: hbase
Updated Branches:
  refs/heads/master 534beefc1 -> dd02634f1


HBASE-11153 Document that http webUI's should redirect to https when enabled


Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/dd02634f
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/dd02634f
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/dd02634f

Branch: refs/heads/master
Commit: dd02634f1e278637d8fae528801245f35f62836e
Parents: 534beef
Author: Misty Stanley-Jones <mstanleyjones@cloudera.com>
Authored: Thu Dec 11 10:45:30 2014 +1000
Committer: Misty Stanley-Jones <mstanleyjones@cloudera.com>
Committed: Fri Dec 12 08:55:24 2014 +1000

----------------------------------------------------------------------
 src/main/docbkx/security.xml | 32 +++++++++++++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hbase/blob/dd02634f/src/main/docbkx/security.xml
----------------------------------------------------------------------
diff --git a/src/main/docbkx/security.xml b/src/main/docbkx/security.xml
index d649f95..61493cd 100644
--- a/src/main/docbkx/security.xml
+++ b/src/main/docbkx/security.xml
@@ -28,7 +28,37 @@
  * limitations under the License.
  */
 -->
-  <title>Secure Apache HBase</title>
+  <title>Securing Apache HBase</title>
+  <para>HBase provides mechanisms to secure various components and aspects of HBase and how it
+    relates to the rest of the Hadoop infrastructure, as well as clients and resources outside
+    Hadoop.</para>
+  <section>
+    <title>Using Secure HTTP (HTTPS) for the Web UI</title>
+    <para>A default HBase install uses insecure HTTP connections for web UIs for the master and
+      region servers. To enable secure HTTP (HTTPS) connections instead, set
+        <code>hadoop.ssl.enabled</code> to <literal>true</literal> in
+        <filename>hbase-site.xml</filename>. This does not change the port used by the Web UI. To
+      change the port for the web UI for a given HBase component, configure that port's setting in
+      hbase-site.xml. These settings are:</para>
+    <itemizedlist>
+      <listitem><para><code>hbase.master.info.port</code></para></listitem>
+      <listitem><para><code>hbase.regionserver.info.port</code></para></listitem>
+    </itemizedlist>
+    <note>
+      <title>If you enable HTTPS, clients should avoid using the non-secure HTTP connection.</title>
+      <para>If you enable secure HTTP, clients should connect to HBase using the
+          <code>https://</code> URL. Clients using the <code>http://</code> URL will receive an HTTP
+        response of <literal>200</literal>, but will not receive any data. The following exception is logged:</para>
+      <screen>javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?</screen>
+      <para>This is because the same port is used for HTTP and HTTPS.</para>
+      <para>HBase uses Jetty for the Web UI. Without modifying Jetty itself, it does not seem
+        possible to configure Jetty to redirect one port to another on the same host. See Nick
+        Dimiduk's contribution on this <link
+          xlink:href="http://stackoverflow.com/questions/20611815/redirect-from-http-to-https-in-jetty"
+          >Stack Overflow</link> thread for more information. If you know how to fix this without
+        opening a second port for HTTPS, patches are appreciated.</para>
+    </note>
+  </section>
   <section
     xml:id="hbase.secure.configuration">
     <title>Secure Client Access to Apache HBase</title>