From ec487fa93b46456fdddf31a5bfae3e282d39744a Mon Sep 17 00:00:00 2001 From: Misty Stanley-Jones Date: Thu, 11 Dec 2014 10:45:30 +1000 Subject: [PATCH] HBASE-11153 Document that http webUI's should redirect to https when enabled --- src/main/docbkx/security.xml | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/src/main/docbkx/security.xml b/src/main/docbkx/security.xml index d649f95..61493cd 100644 --- a/src/main/docbkx/security.xml +++ b/src/main/docbkx/security.xml @@ -28,7 +28,37 @@ * limitations under the License. */ --> - Secure Apache HBase + Securing Apache HBase + HBase provides mechanisms to secure various components and aspects of HBase and how it + relates to the rest of the Hadoop infrastructure, as well as clients and resources outside + Hadoop. +
+ Using Secure HTTP (HTTPS) for the Web UI + A default HBase install uses insecure HTTP connections for web UIs for the master and + region servers. To enable secure HTTP (HTTPS) connections instead, set + hadoop.ssl.enabled to true in + hbase-site.xml. This does not change the port used by the Web UI. To + change the port for the web UI for a given HBase component, configure that port's setting in + hbase-site.xml. These settings are: + + hbase.master.info.port + hbase.regionserver.info.port + + + If you enable HTTPS, clients should avoid using the non-secure HTTP connection. + If you enable secure HTTP, clients should connect to HBase using the + https:// URL. Clients using the http:// URL will receive an HTTP + response of 200, but will not receive any data. The following exception is logged: + javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? + This is because the same port is used for HTTP and HTTPS. + HBase uses Jetty for the Web UI. Without modifying Jetty itself, it does not seem + possible to configure Jetty to redirect one port to another on the same host. See Nick + Dimiduk's contribution on this Stack Overflow thread for more information. If you know how to fix this without + opening a second port for HTTPS, patches are appreciated. + +
Secure Client Access to Apache HBase -- 2.2.0