You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@skywalking.apache.org by "pg-yang (via GitHub)" <gi...@apache.org> on 2023/04/15 07:50:19 UTC

[GitHub] [skywalking] pg-yang commented on a diff in pull request #10684: Support no-proxy mode for aws-firehose receiver

pg-yang commented on code in PR #10684:
URL: https://github.com/apache/skywalking/pull/10684#discussion_r1167425906


##########
docs/en/setup/backend/aws-firehose-receiver.md:
##########
@@ -32,5 +32,7 @@ The following blogs demonstrate complete setup process for AWS S3 and API Gatewa
 ## Notice
 
 1. Only OpenTelemetry format is supported (refer to [Metric streams output formats](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-formats.html))
-2. A proxy(e.g. Nginx, Envoy) is required in front of OAP's Firehose receiver to accept HTTPS requests from AWS Firehose through port `443` (refer to [Amazon Kinesis Data Firehose Delivery Stream HTTP Endpoint Delivery Specifications](https://docs.aws.amazon.com/firehose/latest/dev/httpdeliveryrequestresponse.html).
+2. According to HTTPS requirement by AWS Firehose(refer to [Amazon Kinesis Data Firehose Delivery Stream HTTP Endpoint Delivery Specifications](https://docs.aws.amazon.com/firehose/latest/dev/httpdeliveryrequestresponse.html), users have two options
+  - A proxy(e.g. Nginx, Envoy) is required in front of OAP's Firehose receiver to accept HTTPS requests from AWS Firehose through port `443`. (Recommended based on the general security policy)
+  - Set `aws-firehose/enableTLS=true` and `acceptProxyRequest=true` at OAP side to accept requests from firehose directly.

Review Comment:
   Consider a case, users use a gateway to accept TCP over TLS(participate in TLS handshake), and then transport TCP without TSL to a firehose receiver, the configuration will be `enableTLS =false,acceptProxyRequest=true`. I know the case is uncommon.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org