You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@skywalking.apache.org by "kezhenxu94 (via GitHub)" <gi...@apache.org> on 2023/04/14 00:17:16 UTC

[GitHub] [skywalking] kezhenxu94 commented on a diff in pull request #10684: Support no-proxy mode for aws-firehose receiver

kezhenxu94 commented on code in PR #10684:
URL: https://github.com/apache/skywalking/pull/10684#discussion_r1166150663


##########
docs/en/setup/backend/aws-firehose-receiver.md:
##########
@@ -32,5 +32,7 @@ The following blogs demonstrate complete setup process for AWS S3 and API Gatewa
 ## Notice
 
 1. Only OpenTelemetry format is supported (refer to [Metric streams output formats](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-formats.html))
-2. A proxy(e.g. Nginx, Envoy) is required in front of OAP's Firehose receiver to accept HTTPS requests from AWS Firehose through port `443` (refer to [Amazon Kinesis Data Firehose Delivery Stream HTTP Endpoint Delivery Specifications](https://docs.aws.amazon.com/firehose/latest/dev/httpdeliveryrequestresponse.html).
+2. According to HTTPS requirement by AWS Firehose(refer to [Amazon Kinesis Data Firehose Delivery Stream HTTP Endpoint Delivery Specifications](https://docs.aws.amazon.com/firehose/latest/dev/httpdeliveryrequestresponse.html), users have two options
+  - A proxy(e.g. Nginx, Envoy) is required in front of OAP's Firehose receiver to accept HTTPS requests from AWS Firehose through port `443`. (Recommended based on the general security policy)
+  - Set `aws-firehose/enableTLS=true` and `acceptProxyRequest=true` at OAP side to accept requests from firehose directly.

Review Comment:
   I think we can enable `acceptProxyRequest=true` always and remove this config to minimize the configurations, users don't need to set this extra config. It has no side effect right?
   
   Also for the tls setting, we should also mention the cert/key files settings here. 



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org