When turning on SSL on the HistoryServer with spark.ssl.historyServer.enabled=true this opens up a second port, at the hardcoded result of calculating spark.history.ui.port + 400, and sets up a redirect from the original (http) port to the new (https) port.
By enabling spark.ssl.historyServer.enabled I would have expected the one open port to change protocol from http to https, not to have 1) additional ports open 2) the http port remain open 3) the additional port at a value I didn't specify.
To fix this could take one of two approaches:
- one port always, which is configured with spark.history.ui.port
- the protocol on that port is http by default
- or if spark.ssl.historyServer.enabled=true then it's https
- add a new configuration item spark.history.ui.sslPort which configures the second port that starts up
In approach 1 we probably need a way to specify to Spark jobs whether the history server has ssl or not, based on
That makes me think we should go with approach 2.