You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2021/08/18 09:01:49 UTC

[GitHub] [pulsar] Anonymitaet commented on a change in pull request #11681: [Broker] Support disabling non-TLS service ports

Anonymitaet commented on a change in pull request #11681:
URL: https://github.com/apache/pulsar/pull/11681#discussion_r691044967



##########
File path: site2/docs/security-tls-keystore.md
##########
@@ -131,6 +131,13 @@ brokerClientTlsTrustStorePassword=clientpw
 
 NOTE: it is important to restrict access to the store files via filesystem permissions.
 
+When TLS is configured on the broker, the non-TLS ports `brokerServicePort` and `webServicePort` can be disabled by providing an empty value in configuration.
+```
+brokerServicePort=
+webServicePort=
+```
+In this case it's mandatory to specify `brokerClientTlsEnabled=true`, `brokerClientTlsEnabledWithKeyStore=true` and the related configuration properties `brokerClientTlsTrustStore` and `brokerClientTlsTrustStorePassword`.

Review comment:
       ```suggestion
   In this case, you need to set the following configurations.
   
   ```conf
   brokerClientTlsEnabled=true // Set this to true
   brokerClientTlsEnabledWithKeyStore=true  // Set this to true
   brokerClientTlsTrustStore= // Set this to your desired value
   brokerClientTlsTrustStorePassword= // Set this to your desired value
   ```
   ```

##########
File path: site2/docs/security-tls-keystore.md
##########
@@ -131,6 +131,13 @@ brokerClientTlsTrustStorePassword=clientpw
 
 NOTE: it is important to restrict access to the store files via filesystem permissions.
 
+When TLS is configured on the broker, the non-TLS ports `brokerServicePort` and `webServicePort` can be disabled by providing an empty value in configuration.

Review comment:
       ```suggestion
   If you have configured TLS on the broker, to disable non-TLS ports, you can set the values of the following configurations to empty as below.
   ```




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org