You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2020/12/14 17:53:51 UTC
[GitHub] [pulsar] deonvdv opened a new pull request #8957: Add TLS SNI support for cpp and python clients
deonvdv opened a new pull request #8957:
URL: https://github.com/apache/pulsar/pull/8957
### Motivation
Implementation of [PIP-60](https://github.com/apache/pulsar/wiki/PIP-60:-Support-Proxy-server-with-SNI-routing)
A proxy server is a go‑between or intermediary server that forwards requests from multiple clients to different servers across the Internet. The proxy server can act as a “traffic cop,” in both forward and reverse proxy scenarios, and adds various benefits in your system such as load balancing, performance, security, auto-scaling, etc.. There are already many proxy servers already available in the market which are fast, scalable and more importantly covers various essential security aspects that are needed by the large organization to securely share their confidential data over the network. Pulsar already provides proxy implementation PIP-1 which acts as a reverse proxy and creates a gateway in front of brokers. However, pulsar doesn’t provide support to use other proxies such as Apache traffic server (ATS), HAProxy, Nginx, Envoy those are more scalable and secured. Most of these proxy-servers support SNI ROUTING which can route traffic to a destination without having to t
erminate the SSL connection. Routing at layer 4 gives greater transparency because the outbound connection is determined by examining the destination address in the client TCP packets.
Netty supports sending SNI header on TLS handshake and this PR uses that Netty feature to send SNI header while connecting to proxy.
### Modification
[https://github.com/apache/pulsar/wiki/PIP-60:-Support-Proxy-server-with-SNI-routing](https://github.com/apache/pulsar/wiki/PIP-60):-Support-Proxy-server-with-SNI-routing#changes
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] sijie commented on pull request #8957: [PIP-60] Add TLS SNI support for cpp and python clients
Posted by GitBox <gi...@apache.org>.
sijie commented on pull request #8957:
URL: https://github.com/apache/pulsar/pull/8957#issuecomment-750451756
@jiazhai @BewareMyPower Can you review this PR?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] BewareMyPower commented on pull request #8957: [PIP-60] Add TLS SNI support for cpp and python clients
Posted by GitBox <gi...@apache.org>.
BewareMyPower commented on pull request #8957:
URL: https://github.com/apache/pulsar/pull/8957#issuecomment-748974581
/pulsarbot run-failure-checks
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] BewareMyPower commented on pull request #8957: [PIP-60] Add TLS SNI support for cpp and python clients
Posted by GitBox <gi...@apache.org>.
BewareMyPower commented on pull request #8957:
URL: https://github.com/apache/pulsar/pull/8957#issuecomment-744951681
For the format issues, you should format your code by clang-format 5.0. Besides, Pulsar C++ client uses camel case but not snake case, though there's no related check like format.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] BewareMyPower commented on pull request #8957: [PIP-60] Add TLS SNI support for cpp and python clients
Posted by GitBox <gi...@apache.org>.
BewareMyPower commented on pull request #8957:
URL: https://github.com/apache/pulsar/pull/8957#issuecomment-745007632
Also, I think a unit test is required for verification, like #6566 did.
By the way, the PR description should not just copy from the PIP 60
> Netty supports sending SNI header on TLS handshake and this PR uses that Netty feature to send SNI header while connecting to proxy.
Netty is for Java client.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] Anonymitaet commented on pull request #8957: [PIP-60] Add TLS SNI support for cpp and python clients
Posted by GitBox <gi...@apache.org>.
Anonymitaet commented on pull request #8957:
URL: https://github.com/apache/pulsar/pull/8957#issuecomment-796387522
@deonvdv thanks for your great work. Would you like to add docs accordingly? Then I can help review, thanks
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] sijie merged pull request #8957: [PIP-60] Add TLS SNI support for cpp and python clients
Posted by GitBox <gi...@apache.org>.
sijie merged pull request #8957:
URL: https://github.com/apache/pulsar/pull/8957
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] eolivelli commented on pull request #8957: [PIP-60] Add TLS SNI support for cpp and python clients
Posted by GitBox <gi...@apache.org>.
eolivelli commented on pull request #8957:
URL: https://github.com/apache/pulsar/pull/8957#issuecomment-817328285
@BewareMyPower @merlimat @sijie
is it safe to pick this to 2.7.2 ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] sijie commented on pull request #8957: [PIP-60] Add TLS SNI support for cpp and python clients
Posted by GitBox <gi...@apache.org>.
sijie commented on pull request #8957:
URL: https://github.com/apache/pulsar/pull/8957#issuecomment-744632542
@BewareMyPower Can you review this pull request?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org