You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Kiran Kumar M R (JIRA)" <ji...@apache.org> on 2014/09/24 13:02:34 UTC
[jira] [Commented] (HBASE-11153) http webUI's should redirect to
https when enabled
[ https://issues.apache.org/jira/browse/HBASE-11153?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14146199#comment-14146199 ]
Kiran Kumar M R commented on HBASE-11153:
-----------------------------------------
I have analysed this issue is 0.98, following are the main observations:
\\
# HBase is only having one port for info.server i.e, {{hbase.regionserver.info.port}}. Based on the configuration {{hadoop.ssl.enabled}}. It can only run in HTTP or HTTPS at a time.
# The jetty redirect configuration cited by [~ndimiduk] from [http://stackoverflow.com/questions/20611815/redirect-from-http-to-https-in-jetty] works when jetty is running with two ports. One for HTTP and other for HTTPS.
As I can see from HBase logs, the HTTP plaintext connection is getting rejected at SSL Socket itself. So its not possible to use redirect method.
{code}
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:671)
at sun.security.ssl.InputRecord.read(InputRecord.java:504)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:708)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
{code}
# Is it possible to serve both HTTP and HTTPS from same port? Yes, that requires Jetty to be modified. Its a hack and not compliant with SSl/TLS standard. Refer this [http://stackoverflow.com/questions/11182192/how-do-i-serve-https-and-http-for-jetty-from-one-port/] for more details.
# One possible solution is to modify HBase to have both HTTP and HTTPS ports. Then we can configure jetty to redirect HTTP to HTTPS.
> http webUI's should redirect to https when enabled
> --------------------------------------------------
>
> Key: HBASE-11153
> URL: https://issues.apache.org/jira/browse/HBASE-11153
> Project: HBase
> Issue Type: Bug
> Components: master, regionserver
> Affects Versions: 0.98.0
> Reporter: Nick Dimiduk
> Priority: Minor
> Labels: beginner
>
> When configured to listen on https, we should redirect non-secure requests to the appropriate port/protocol. Currently we respond with a 200 and no data, which is perplexing.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)