You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Kiran Kumar M R (JIRA)" <ji...@apache.org> on 2014/09/24 13:02:34 UTC

[jira] [Commented] (HBASE-11153) http webUI's should redirect to https when enabled

    [ https://issues.apache.org/jira/browse/HBASE-11153?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14146199#comment-14146199 ] 

Kiran Kumar M R commented on HBASE-11153:
-----------------------------------------

I have analysed this issue is 0.98, following are the main observations:
\\
# HBase is only having one port for info.server i.e, {{hbase.regionserver.info.port}}. Based on the configuration {{hadoop.ssl.enabled}}. It can only run in HTTP or HTTPS at a time.

# The jetty redirect configuration cited by [~ndimiduk] from [http://stackoverflow.com/questions/20611815/redirect-from-http-to-https-in-jetty] works when jetty is running with two ports. One for HTTP and other for HTTPS.
As I can see from HBase logs, the HTTP plaintext connection is getting rejected at SSL Socket itself. So its not possible to use redirect method.
{code}
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
        at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:671)
        at sun.security.ssl.InputRecord.read(InputRecord.java:504)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
        at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:708)
        at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
{code}        
# Is it possible to serve both HTTP and HTTPS from same port?  Yes, that requires Jetty to be modified. Its a hack and not compliant with SSl/TLS standard. Refer this [http://stackoverflow.com/questions/11182192/how-do-i-serve-https-and-http-for-jetty-from-one-port/] for more details.
# One possible solution is to modify HBase to have both HTTP and HTTPS ports. Then we can configure jetty to redirect HTTP to HTTPS.

> http webUI's should redirect to https when enabled
> --------------------------------------------------
>
>                 Key: HBASE-11153
>                 URL: https://issues.apache.org/jira/browse/HBASE-11153
>             Project: HBase
>          Issue Type: Bug
>          Components: master, regionserver
>    Affects Versions: 0.98.0
>            Reporter: Nick Dimiduk
>            Priority: Minor
>              Labels: beginner
>
> When configured to listen on https, we should redirect non-secure requests to the appropriate port/protocol. Currently we respond with a 200 and no data, which is perplexing.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)