You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zeppelin.apache.org by mo...@apache.org on 2016/05/18 21:30:47 UTC
svn commit: r1744456 - in
/incubator/zeppelin/site/docs/0.6.0-incubating-SNAPSHOT: ./
assets/themes/zeppelin/img/screenshots/ security/
Author: moon
Date: Wed May 18 21:30:47 2016
New Revision: 1744456
URL: http://svn.apache.org/viewvc?rev=1744456&view=rev
Log:
https://github.com/apache/incubator-zeppelin/pull/877
Removed:
incubator/zeppelin/site/docs/0.6.0-incubating-SNAPSHOT/assets/themes/zeppelin/img/screenshots/authentication-basic-auth-nginx-https.png
incubator/zeppelin/site/docs/0.6.0-incubating-SNAPSHOT/assets/themes/zeppelin/img/screenshots/authentication-basic-auth-nginx-request.png
Modified:
incubator/zeppelin/site/docs/0.6.0-incubating-SNAPSHOT/atom.xml
incubator/zeppelin/site/docs/0.6.0-incubating-SNAPSHOT/rss.xml
incubator/zeppelin/site/docs/0.6.0-incubating-SNAPSHOT/security/authentication.html
incubator/zeppelin/site/docs/0.6.0-incubating-SNAPSHOT/sitemap.txt
Modified: incubator/zeppelin/site/docs/0.6.0-incubating-SNAPSHOT/atom.xml
URL: http://svn.apache.org/viewvc/incubator/zeppelin/site/docs/0.6.0-incubating-SNAPSHOT/atom.xml?rev=1744456&r1=1744455&r2=1744456&view=diff
==============================================================================
--- incubator/zeppelin/site/docs/0.6.0-incubating-SNAPSHOT/atom.xml (original)
+++ incubator/zeppelin/site/docs/0.6.0-incubating-SNAPSHOT/atom.xml Wed May 18 21:30:47 2016
@@ -4,7 +4,7 @@
<title>Apache Zeppelin (incubating)</title>
<link href="http://zeppelin.incubator.apache.org/" rel="self"/>
<link href="http://zeppelin.incubator.apache.org"/>
- <updated>2016-05-18T14:19:55-07:00</updated>
+ <updated>2016-05-18T14:30:55-07:00</updated>
<id>http://zeppelin.incubator.apache.org</id>
<author>
<name>The Apache Software Foundation</name>
Modified: incubator/zeppelin/site/docs/0.6.0-incubating-SNAPSHOT/rss.xml
URL: http://svn.apache.org/viewvc/incubator/zeppelin/site/docs/0.6.0-incubating-SNAPSHOT/rss.xml?rev=1744456&r1=1744455&r2=1744456&view=diff
==============================================================================
--- incubator/zeppelin/site/docs/0.6.0-incubating-SNAPSHOT/rss.xml (original)
+++ incubator/zeppelin/site/docs/0.6.0-incubating-SNAPSHOT/rss.xml Wed May 18 21:30:47 2016
@@ -5,8 +5,8 @@
<description>Apache Zeppelin (incubating) - The Apache Software Foundation</description>
<link>http://zeppelin.incubator.apache.org</link>
<link>http://zeppelin.incubator.apache.org</link>
- <lastBuildDate>2016-05-18T14:19:55-07:00</lastBuildDate>
- <pubDate>2016-05-18T14:19:55-07:00</pubDate>
+ <lastBuildDate>2016-05-18T14:30:55-07:00</lastBuildDate>
+ <pubDate>2016-05-18T14:30:55-07:00</pubDate>
<ttl>1800</ttl>
Modified: incubator/zeppelin/site/docs/0.6.0-incubating-SNAPSHOT/security/authentication.html
URL: http://svn.apache.org/viewvc/incubator/zeppelin/site/docs/0.6.0-incubating-SNAPSHOT/security/authentication.html?rev=1744456&r1=1744455&r2=1744456&view=diff
==============================================================================
--- incubator/zeppelin/site/docs/0.6.0-incubating-SNAPSHOT/security/authentication.html (original)
+++ incubator/zeppelin/site/docs/0.6.0-incubating-SNAPSHOT/security/authentication.html Wed May 18 21:30:47 2016
@@ -197,34 +197,35 @@ Here are instructions how to accomplish
<ol>
<li><p>Install NGINX server on your server instance</p>
-<p>You can install NGINX server with same machine where zeppelin installed or separate machine where it is dedicated to serve as proxy server.</p>
+<p>You can install NGINX server with same box where zeppelin installed or separate box where it is dedicated to serve as proxy server.</p>
<div class="highlight"><pre><code class="text language-text" data-lang="text">$ apt-get install nginx
-</code></pre></div></li>
+</code></pre></div>
+<p><em>Important: On pre 1.3.13 version of NGINX, Proxy for Websocket may not fully works. Please use latest version of NGINX. See: <a href="https://www.nginx.com/blog/websocket-nginx/">NGINX documentation</a></em></p></li>
<li><p>Setup init script in NGINX</p>
<p>In most cases, NGINX configuration located under <code>/etc/nginx/sites-available</code>. Create your own configuration or add your existing configuration at <code>/etc/nginx/sites-available</code>.</p>
<div class="highlight"><pre><code class="text language-text" data-lang="text">$ cd /etc/nginx/sites-available
-$ touch my-basic-auth
+$ touch my-zeppelin-auth-setting
</code></pre></div>
-<p>Now add this script into <code>my-basic-auth</code> file. You can comment out <code>optional</code> lines If you want serve Zeppelin under regular HTTP 80 Port.</p>
+<p>Now add this script into <code>my-zeppelin-auth-setting</code> file. You can comment out <code>optional</code> lines If you want serve Zeppelin under regular HTTP 80 Port.</p>
<div class="highlight"><pre><code class="text language-text" data-lang="text">upstream zeppelin {
- server [YOUR-ZEPPELIN-SERVER-IP]:8080;
+ server [YOUR-ZEPPELIN-SERVER-IP]:[YOUR-ZEPPELIN-SERVER-PORT]; # For security, It is highly recommended to make this address/port as non-public accessible
}
# Zeppelin Website
server {
listen [YOUR-ZEPPELIN-WEB-SERVER-PORT];
- listen 443 ssl; # optional, to serve HTTPS connection
- server_name [YOUR-ZEPPELIN-SERVER-HOST]; # for example: zeppelin.mycompany.com
+ listen 443 ssl; # optional, to serve HTTPS connection
+ server_name [YOUR-ZEPPELIN-SERVER-HOST]; # for example: zeppelin.mycompany.com
ssl_certificate [PATH-TO-YOUR-CERT-FILE]; # optional, to serve HTTPS connection
ssl_certificate_key [PATH-TO-YOUR-CERT-KEY-FILE]; # optional, to serve HTTPS connection
if ($ssl_protocol = "") {
- rewrite ^ https://$host$request_uri? permanent; # optional, force to use HTTPS
+ rewrite ^ https://$host$request_uri? permanent; # optional, to force use of HTTPS
}
- location / {
+ location / { # For regular websever support
proxy_pass http://zeppelin;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -235,7 +236,7 @@ server {
auth_basic_user_file /etc/nginx/.htpasswd;
}
- location /ws {
+ location /ws { # For websocket support
proxy_pass http://zeppelin;
proxy_http_version 1.1;
proxy_set_header Upgrade websocket;
@@ -245,25 +246,22 @@ server {
}
</code></pre></div>
<p>Then make a symbolic link to this file from <code>/etc/nginx/sites-enabled/</code> to enable configuration above when NGINX reloads.</p>
-<div class="highlight"><pre><code class="text language-text" data-lang="text">$ ln -s /etc/nginx/sites-enabled/my-basic-auth /etc/nginx/sites-available/my-basic-auth
+<div class="highlight"><pre><code class="text language-text" data-lang="text">$ ln -s /etc/nginx/sites-enabled/my-zeppelin-auth-setting /etc/nginx/sites-available/my-zeppelin-auth-setting
</code></pre></div></li>
<li><p>Setup user credential into <code>.htpasswd</code> file and restart server</p>
<p>Now you need to setup <code>.htpasswd</code> file to serve list of authenticated user credentials for NGINX server.</p>
<div class="highlight"><pre><code class="text language-text" data-lang="text">$ cd /etc/nginx
-$ htpasswd -c htpasswd [YOUR_ID]
-$ NEW passwd: [YOUR_PASSWORD]
-$ RE-type new passwd: [YOUR_PASSWORD_AGAIN]
+$ htpasswd -c htpasswd [YOUR-ID]
+$ NEW passwd: [YOUR-PASSWORD]
+$ RE-type new passwd: [YOUR-PASSWORD-AGAIN]
</code></pre></div>
-<p>Or you can use your own apache <code>.htpasswd</code> files in other location by setup property <code>auth_basic_user_file</code></p>
+<p>Or you can use your own apache <code>.htpasswd</code> files in other location for setting up property: <code>auth_basic_user_file</code></p>
<p>Restart NGINX server.</p>
<div class="highlight"><pre><code class="text language-text" data-lang="text">$ service nginx restart
</code></pre></div>
-<p>Then check HTTP Basic Authentication works in browser. If you can see regular basic auth popup and then able to login with credential you entered into <code>.htpasswd</code> you are good to go.</p>
-
-<p><img src="/assets/themes/zeppelin/img/screenshots/authentication-basic-auth-nginx-request.png" />
-<img src="/assets/themes/zeppelin/img/screenshots/authentication-basic-auth-nginx-https.png" /></p></li>
+<p>Then check HTTP Basic Authentication works in browser. If you can see regular basic auth popup and then able to login with credential you entered into <code>.htpasswd</code> you are good to go.</p></li>
<li><p>More security consideration</p></li>
</ol>
Modified: incubator/zeppelin/site/docs/0.6.0-incubating-SNAPSHOT/sitemap.txt
URL: http://svn.apache.org/viewvc/incubator/zeppelin/site/docs/0.6.0-incubating-SNAPSHOT/sitemap.txt?rev=1744456&r1=1744455&r2=1744456&view=diff
==============================================================================
--- incubator/zeppelin/site/docs/0.6.0-incubating-SNAPSHOT/sitemap.txt (original)
+++ incubator/zeppelin/site/docs/0.6.0-incubating-SNAPSHOT/sitemap.txt Wed May 18 21:30:47 2016
@@ -2,6 +2,7 @@
http://zeppelin.incubator.apache.org/atom.xml
http://zeppelin.incubator.apache.org/development/howtocontribute.html
http://zeppelin.incubator.apache.org/development/howtocontributewebsite.html
+http://zeppelin.incubator.apache.org/development/writingheliumapplication.html
http://zeppelin.incubator.apache.org/development/writingzeppelininterpreter.html
http://zeppelin.incubator.apache.org/displaysystem/back-end-angular.html
http://zeppelin.incubator.apache.org/displaysystem/display.html