Repository: hbase Updated Branches: refs/heads/master 534beefc1 -> dd02634f1
HBASE-11153 Document that http webUI's should redirect to https when enabled Project: http://git-wip-us.apache.org/repos/asf/hbase/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/dd02634f Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/dd02634f Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/dd02634f Branch: refs/heads/master Commit: dd02634f1e278637d8fae528801245f35f62836e Parents: 534beef Author: Misty Stanley-Jones <[email protected]> Authored: Thu Dec 11 10:45:30 2014 +1000 Committer: Misty Stanley-Jones <[email protected]> Committed: Fri Dec 12 08:55:24 2014 +1000 ---------------------------------------------------------------------- src/main/docbkx/security.xml | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hbase/blob/dd02634f/src/main/docbkx/security.xml ---------------------------------------------------------------------- diff --git a/src/main/docbkx/security.xml b/src/main/docbkx/security.xml index d649f95..61493cd 100644 --- a/src/main/docbkx/security.xml +++ b/src/main/docbkx/security.xml @@ -28,7 +28,37 @@ * limitations under the License. */ --> - <title>Secure Apache HBase</title> + <title>Securing Apache HBase</title> + <para>HBase provides mechanisms to secure various components and aspects of HBase and how it + relates to the rest of the Hadoop infrastructure, as well as clients and resources outside + Hadoop.</para> + <section> + <title>Using Secure HTTP (HTTPS) for the Web UI</title> + <para>A default HBase install uses insecure HTTP connections for web UIs for the master and + region servers. To enable secure HTTP (HTTPS) connections instead, set + <code>hadoop.ssl.enabled</code> to <literal>true</literal> in + <filename>hbase-site.xml</filename>. This does not change the port used by the Web UI. To + change the port for the web UI for a given HBase component, configure that port's setting in + hbase-site.xml. These settings are:</para> + <itemizedlist> + <listitem><para><code>hbase.master.info.port</code></para></listitem> + <listitem><para><code>hbase.regionserver.info.port</code></para></listitem> + </itemizedlist> + <note> + <title>If you enable HTTPS, clients should avoid using the non-secure HTTP connection.</title> + <para>If you enable secure HTTP, clients should connect to HBase using the + <code>https://</code> URL. Clients using the <code>http://</code> URL will receive an HTTP + response of <literal>200</literal>, but will not receive any data. The following exception is logged:</para> + <screen>javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?</screen> + <para>This is because the same port is used for HTTP and HTTPS.</para> + <para>HBase uses Jetty for the Web UI. Without modifying Jetty itself, it does not seem + possible to configure Jetty to redirect one port to another on the same host. See Nick + Dimiduk's contribution on this <link + xlink:href="http://stackoverflow.com/questions/20611815/redirect-from-http-to-https-in-jetty"; + >Stack Overflow</link> thread for more information. If you know how to fix this without + opening a second port for HTTPS, patches are appreciated.</para> + </note> + </section> <section xml:id="hbase.secure.configuration"> <title>Secure Client Access to Apache HBase</title>
