You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@drill.apache.org by "Krystal (JIRA)" <ji...@apache.org> on 2015/10/06 18:00:28 UTC

[jira] [Closed] (DRILL-3725) Add HTTPS support for Drill web interface

     [ https://issues.apache.org/jira/browse/DRILL-3725?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Krystal closed DRILL-3725.
--------------------------

Verified that drill used the values for the following entries when specified in the drill-override.conf file:
    java.net.ssl.keyStore
    java.net.ssl.keyStorePassword
    java.net.ssl.trustStore
    java.net.ssl.trustStorePassword

If the above values were not specified in the drill-override.conf file, a self signed certificate were generated and used for TLS.  Below are the entries from log file showing such behavior:
2015-10-06 08:36:18,231 [main] INFO  o.a.drill.exec.server.rest.WebServer - Setting up HTTPS connector for web server
2015-10-06 08:36:18,237 [main] INFO  o.a.drill.exec.server.rest.WebServer - Using generated self-signed SSL settings for web server

> Add HTTPS support for Drill web interface
> -----------------------------------------
>
>                 Key: DRILL-3725
>                 URL: https://issues.apache.org/jira/browse/DRILL-3725
>             Project: Apache Drill
>          Issue Type: New Feature
>          Components: Client - HTTP
>            Reporter: Venki Korukanti
>            Assignee: Venki Korukanti
>             Fix For: 1.2.0
>
>
> Currently web UI or REST API calls don't support transport layer security (TLS). This jira is to add support for TLS. We need this feature before adding the user authentication to Drill's web interface.
> Proposal is:
> * Always default to HTTPS
> * Cluster admin can set the following SSL configuration to specify their own keystore and/or truststore.
> ** java.net.ssl.keyStore
> ** java.net.ssl.keyStorePassword
> ** java.net.ssl.trustStore
> ** java.net.ssl.trustStorePassword
> * If cluster admin didn't specified the above SSL config, generate a self signed certificate programmatically and use it by using libraries such as [Bouncy Castle|http://www.bouncycastle.org/].
> * Make use of the Jetty APIs to add a HTTPS connection. Example is [here|http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/examples/embedded/src/main/java/org/eclipse/jetty/embedded/LikeJettyXml.java].
> Let me know if you have any comments.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)