This is an automated email from the ASF dual-hosted git repository. lhotari pushed a commit to branch branch-3.3 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit cf1e521ca1501dd97d7fd76ea71654817993ad1f Author: Lari Hotari <[email protected]> AuthorDate: Fri Feb 14 08:56:40 2025 +0200 [improve][proxy] Make keep-alive interval configurable in Pulsar Proxy (#23981) (cherry picked from commit eb1391a199d2c85f1ad7ce22a4d3eefa78d2fed3) --- conf/proxy.conf | 7 + .../pulsar/proxy/server/ProxyConfiguration.java | 9 + .../pulsar/proxy/server/ProxyConnection.java | 2 +- .../proxy/server/ProxyConfigurationTest.java | 16 +- .../proxy/server/ProxyOriginalClientIPTest.java | 3 +- .../ProxyServiceStarterDisableZeroCopyTest.java | 2 +- .../proxy/server/ProxyServiceStarterTest.java | 45 +++- .../proxy/server/ProxyServiceTlsStarterTest.java | 22 +- pulsar-proxy/src/test/resources/proxy.conf | 250 --------------------- 9 files changed, 76 insertions(+), 280 deletions(-) diff --git a/conf/proxy.conf b/conf/proxy.conf index 6e6c960e800..cda1034d653 100644 --- a/conf/proxy.conf +++ b/conf/proxy.conf @@ -59,6 +59,13 @@ bindAddress=0.0.0.0 # If not set, the value of `InetAddress.getLocalHost().getCanonicalHostName()` is used. advertisedAddress= +# Specifies the interval (in seconds) for sending ping messages to the client. Set to 0 to disable +# ping messages. This setting applies to client connections used for topic lookups and +# partition metadata requests. When a client establishes a broker connection via the proxy, +# the client and broker will communicate directly without the proxy intercepting the messages. +# In that case, the broker's keepAliveIntervalSeconds configuration becomes relevant. +keepAliveIntervalSeconds=30 + # Enable or disable the HAProxy protocol. # If true, the real IP addresses of consumers and producers can be obtained when getting topic statistics data. haProxyProtocolEnabled=false diff --git a/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyConfiguration.java b/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyConfiguration.java index d65408748f4..32fbfebaa1d 100644 --- a/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyConfiguration.java +++ b/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyConfiguration.java @@ -264,6 +264,15 @@ public class ProxyConfiguration implements PulsarConfiguration { ) private String advertisedAddress; + @FieldContext( + category = CATEGORY_SERVER, + doc = "Specifies the interval (in seconds) for sending ping messages to the client. Set to 0 to disable " + + "ping messages. This setting applies to client connections used for topic lookups and " + + "partition metadata requests. When a client establishes a broker connection via the proxy, " + + "the client and broker will communicate directly without the proxy intercepting the messages. " + + "In that case, the broker's keepAliveIntervalSeconds configuration becomes relevant.") + private int keepAliveIntervalSeconds = 30; + @FieldContext(category = CATEGORY_SERVER, doc = "Enable or disable the proxy protocol.") private boolean haProxyProtocolEnabled; diff --git a/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyConnection.java b/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyConnection.java index 594d6cbc3bb..6c538d550ce 100644 --- a/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyConnection.java +++ b/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyConnection.java @@ -155,7 +155,7 @@ public class ProxyConnection extends PulsarHandler { } public ProxyConnection(ProxyService proxyService, DnsAddressResolverGroup dnsAddressResolverGroup) { - super(30, TimeUnit.SECONDS); + super(proxyService.getConfiguration().getKeepAliveIntervalSeconds(), TimeUnit.SECONDS); this.service = proxyService; this.dnsAddressResolverGroup = dnsAddressResolverGroup; this.state = State.Init; diff --git a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyConfigurationTest.java b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyConfigurationTest.java index a9a562e04c8..18e7efbd7b5 100644 --- a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyConfigurationTest.java +++ b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyConfigurationTest.java @@ -147,7 +147,7 @@ public class ProxyConfigurationTest { theMock.when(PulsarConfigurationLoader.create(Mockito.anyString(), Mockito.any())) .thenReturn(configuration); try { - new ProxyServiceStarter(ProxyServiceStarterTest.ARGS); + new ProxyServiceStarter(ProxyServiceStarterTest.getArgs()); fail("brokerServiceURL must start with pulsar://"); } catch (Exception ex) { assertTrue(ex.getMessage().contains("brokerServiceURL must start with pulsar://")); @@ -161,7 +161,7 @@ public class ProxyConfigurationTest { theMock.when(PulsarConfigurationLoader.create(Mockito.anyString(), Mockito.any())) .thenReturn(configuration); try { - new ProxyServiceStarter(ProxyServiceStarterTest.ARGS); + new ProxyServiceStarter(ProxyServiceStarterTest.getArgs()); fail("brokerServiceURLTLS must start with pulsar+ssl://"); } catch (Exception ex) { assertTrue(ex.getMessage().contains("brokerServiceURLTLS must start with pulsar+ssl://")); @@ -174,7 +174,7 @@ public class ProxyConfigurationTest { theMock.when(PulsarConfigurationLoader.create(Mockito.anyString(), Mockito.any())) .thenReturn(configuration); try { - new ProxyServiceStarter(ProxyServiceStarterTest.ARGS); + new ProxyServiceStarter(ProxyServiceStarterTest.getArgs()); fail("brokerServiceURL does not support multi urls yet"); } catch (Exception ex) { assertTrue(ex.getMessage().contains("does not support multi urls yet")); @@ -188,7 +188,7 @@ public class ProxyConfigurationTest { theMock.when(PulsarConfigurationLoader.create(Mockito.anyString(), Mockito.any())) .thenReturn(configuration); try { - new ProxyServiceStarter(ProxyServiceStarterTest.ARGS); + new ProxyServiceStarter(ProxyServiceStarterTest.getArgs()); fail("brokerServiceURLTLS does not support multi urls yet"); } catch (Exception ex) { assertTrue(ex.getMessage().contains("does not support multi urls yet")); @@ -202,7 +202,7 @@ public class ProxyConfigurationTest { theMock.when(PulsarConfigurationLoader.create(Mockito.anyString(), Mockito.any())) .thenReturn(configuration); try { - new ProxyServiceStarter(ProxyServiceStarterTest.ARGS); + new ProxyServiceStarter(ProxyServiceStarterTest.getArgs()); fail("brokerWebServiceURL does not support multi urls yet"); } catch (Exception ex) { assertTrue(ex.getMessage().contains("does not support multi urls yet")); @@ -216,7 +216,7 @@ public class ProxyConfigurationTest { theMock.when(PulsarConfigurationLoader.create(Mockito.anyString(), Mockito.any())) .thenReturn(configuration); try { - new ProxyServiceStarter(ProxyServiceStarterTest.ARGS); + new ProxyServiceStarter(ProxyServiceStarterTest.getArgs()); fail("brokerWebServiceURLTLS does not support multi urls yet"); } catch (Exception ex) { assertTrue(ex.getMessage().contains("does not support multi urls yet")); @@ -230,7 +230,7 @@ public class ProxyConfigurationTest { theMock.when(PulsarConfigurationLoader.create(Mockito.anyString(), Mockito.any())) .thenReturn(configuration); try { - new ProxyServiceStarter(ProxyServiceStarterTest.ARGS); + new ProxyServiceStarter(ProxyServiceStarterTest.getArgs()); fail("functionWorkerWebServiceURL does not support multi urls yet"); } catch (Exception ex) { assertTrue(ex.getMessage().contains("does not support multi urls yet")); @@ -244,7 +244,7 @@ public class ProxyConfigurationTest { theMock.when(PulsarConfigurationLoader.create(Mockito.anyString(), Mockito.any())) .thenReturn(configuration); try { - new ProxyServiceStarter(ProxyServiceStarterTest.ARGS); + new ProxyServiceStarter(ProxyServiceStarterTest.getArgs()); fail("functionWorkerWebServiceURLTLS does not support multi urls yet"); } catch (Exception ex) { assertTrue(ex.getMessage().contains("does not support multi urls yet")); diff --git a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyOriginalClientIPTest.java b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyOriginalClientIPTest.java index b267439d471..50ae6e627e8 100644 --- a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyOriginalClientIPTest.java +++ b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyOriginalClientIPTest.java @@ -39,7 +39,6 @@ import org.testng.annotations.Test; @Slf4j @Test(groups = "broker") public class ProxyOriginalClientIPTest extends MockedPulsarServiceBaseTest { - static final String[] ARGS = new String[]{"-c", "./src/test/resources/proxy.conf"}; HttpClient httpClient; ProxyServiceStarter serviceStarter; String webServiceUrl; @@ -49,7 +48,7 @@ public class ProxyOriginalClientIPTest extends MockedPulsarServiceBaseTest { @BeforeClass protected void setup() throws Exception { internalSetup(); - serviceStarter = new ProxyServiceStarter(ARGS, proxyConfig -> { + serviceStarter = new ProxyServiceStarter(ProxyServiceStarterTest.getArgs(), proxyConfig -> { proxyConfig.setBrokerServiceURL(pulsar.getBrokerServiceUrl()); proxyConfig.setBrokerWebServiceURL(pulsar.getWebServiceAddress()); proxyConfig.setWebServicePort(Optional.of(0)); diff --git a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyServiceStarterDisableZeroCopyTest.java b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyServiceStarterDisableZeroCopyTest.java index 937526629ac..b645c472425 100644 --- a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyServiceStarterDisableZeroCopyTest.java +++ b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyServiceStarterDisableZeroCopyTest.java @@ -27,7 +27,7 @@ public class ProxyServiceStarterDisableZeroCopyTest extends ProxyServiceStarterT @BeforeClass protected void setup() throws Exception { internalSetup(); - serviceStarter = new ProxyServiceStarter(ARGS, null, true); + serviceStarter = new ProxyServiceStarter(getArgs(), null, true); serviceStarter.getConfig().setBrokerServiceURL(pulsar.getBrokerServiceUrl()); serviceStarter.getConfig().setBrokerWebServiceURL(pulsar.getWebServiceAddress()); serviceStarter.getConfig().setWebServicePort(Optional.of(0)); diff --git a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyServiceStarterTest.java b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyServiceStarterTest.java index d96d2cd1f6e..6ef24874387 100644 --- a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyServiceStarterTest.java +++ b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyServiceStarterTest.java @@ -21,16 +21,23 @@ package org.apache.pulsar.proxy.server; import static org.testng.Assert.assertEquals; import static org.testng.Assert.assertTrue; import static org.testng.Assert.fail; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; import java.net.URI; import java.nio.ByteBuffer; import java.util.Base64; import java.util.Map; import java.util.Optional; +import java.util.Properties; import java.util.concurrent.ArrayBlockingQueue; import java.util.concurrent.Future; import java.util.function.Consumer; import lombok.Cleanup; +import lombok.SneakyThrows; import org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest; import org.apache.pulsar.client.api.Authentication; import org.apache.pulsar.client.api.Producer; @@ -50,17 +57,38 @@ import org.testng.annotations.BeforeClass; import org.testng.annotations.Test; public class ProxyServiceStarterTest extends MockedPulsarServiceBaseTest { - - public static final String[] ARGS = new String[]{"-c", "./src/test/resources/proxy.conf"}; - protected ProxyServiceStarter serviceStarter; protected String serviceUrl; + private static File proxyConfFileForTests; + + @SneakyThrows + public static String[] getArgs() { + if (proxyConfFileForTests == null) { + // load the properties from the proxy.conf file + Properties properties = new Properties(); + try (InputStream inputStream = new FileInputStream("../conf/proxy.conf")) { + properties.load(inputStream); + } + // set dummy values for the required properties so that validation is passed + properties.setProperty("brokerServiceURL", "pulsar://0.0.0.0:0"); + properties.setProperty("brokerWebServiceURL", "http://0.0.0.0:0";); + // change keepAliveIntervalSeconds default value so that it's possible to validate that it's configured + properties.setProperty("keepAliveIntervalSeconds", "25"); + // write the properties to a temporary file + proxyConfFileForTests = File.createTempFile("proxy", ".conf"); + proxyConfFileForTests.deleteOnExit(); + try (OutputStream out = new FileOutputStream(proxyConfFileForTests)) { + properties.store(out, null); + } + } + return new String[] { "-c", proxyConfFileForTests.getAbsolutePath() }; + } @Override @BeforeClass protected void setup() throws Exception { internalSetup(); - serviceStarter = new ProxyServiceStarter(ARGS, null, true); + serviceStarter = new ProxyServiceStarter(getArgs(), null, true); serviceStarter.getConfig().setBrokerServiceURL(pulsar.getBrokerServiceUrl()); serviceStarter.getConfig().setBrokerWebServiceURL(pulsar.getWebServiceAddress()); serviceStarter.getConfig().setWebServicePort(Optional.of(0)); @@ -100,6 +128,11 @@ public class ProxyServiceStarterTest extends MockedPulsarServiceBaseTest { } } + @Test + public void testKeepAliveIntervalSecondsIsConfigured() throws Exception { + assertEquals(serviceStarter.getConfig().getKeepAliveIntervalSeconds(), 25); + } + @Test public void testProduceAndConsumeMessageWithWebsocket() throws Exception { @Cleanup("stop") @@ -180,7 +213,7 @@ public class ProxyServiceStarterTest extends MockedPulsarServiceBaseTest { - ProxyServiceStarter serviceStarter = new ProxyServiceStarter(ARGS, null, true); + ProxyServiceStarter serviceStarter = new ProxyServiceStarter(getArgs(), null, true); initConfig.accept(serviceStarter.getConfig()); // ProxyServiceStarter will throw an exception when Authentication#start is failed serviceStarter.getConfig().setBrokerClientAuthenticationPlugin(ExceptionAuthentication1.class.getName()); @@ -192,7 +225,7 @@ public class ProxyServiceStarterTest extends MockedPulsarServiceBaseTest { assertTrue(serviceStarter.getProxyClientAuthentication() instanceof ExceptionAuthentication1); } - serviceStarter = new ProxyServiceStarter(ARGS, null, true); + serviceStarter = new ProxyServiceStarter(getArgs(), null, true); initConfig.accept(serviceStarter.getConfig()); // ProxyServiceStarter will throw an exception when Authentication#start and Authentication#close are failed serviceStarter.getConfig().setBrokerClientAuthenticationPlugin(ExceptionAuthentication2.class.getName()); diff --git a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyServiceTlsStarterTest.java b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyServiceTlsStarterTest.java index 770424d9374..b134332bd5a 100644 --- a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyServiceTlsStarterTest.java +++ b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyServiceTlsStarterTest.java @@ -18,6 +18,15 @@ */ package org.apache.pulsar.proxy.server; +import static org.apache.pulsar.proxy.server.ProxyServiceStarterTest.getArgs; +import static org.testng.Assert.assertEquals; +import static org.testng.Assert.assertTrue; +import java.net.URI; +import java.nio.ByteBuffer; +import java.util.Base64; +import java.util.Optional; +import java.util.concurrent.ArrayBlockingQueue; +import java.util.concurrent.Future; import lombok.Cleanup; import org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest; import org.apache.pulsar.client.api.Producer; @@ -35,17 +44,6 @@ import org.testng.annotations.AfterClass; import org.testng.annotations.BeforeClass; import org.testng.annotations.Test; -import java.net.URI; -import java.nio.ByteBuffer; -import java.util.Base64; -import java.util.Optional; -import java.util.concurrent.ArrayBlockingQueue; -import java.util.concurrent.Future; - -import static org.apache.pulsar.proxy.server.ProxyServiceStarterTest.ARGS; -import static org.testng.Assert.assertEquals; -import static org.testng.Assert.assertTrue; - public class ProxyServiceTlsStarterTest extends MockedPulsarServiceBaseTest { private ProxyServiceStarter serviceStarter; private String serviceUrl; @@ -55,7 +53,7 @@ public class ProxyServiceTlsStarterTest extends MockedPulsarServiceBaseTest { @BeforeClass protected void setup() throws Exception { internalSetup(); - serviceStarter = new ProxyServiceStarter(ARGS, null, true); + serviceStarter = new ProxyServiceStarter(getArgs(), null, true); serviceStarter.getConfig().setBrokerServiceURL(pulsar.getBrokerServiceUrl()); serviceStarter.getConfig().setBrokerServiceURLTLS(pulsar.getBrokerServiceUrlTls()); serviceStarter.getConfig().setBrokerWebServiceURL(pulsar.getWebServiceAddress()); diff --git a/pulsar-proxy/src/test/resources/proxy.conf b/pulsar-proxy/src/test/resources/proxy.conf deleted file mode 100644 index aec9f5ee1c5..00000000000 --- a/pulsar-proxy/src/test/resources/proxy.conf +++ /dev/null @@ -1,250 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -### --- Broker Discovery --- ### - -# The metadata store URL -# Examples: -# * zk:my-zk-1:2181,my-zk-2:2181,my-zk-3:2181 -# * my-zk-1:2181,my-zk-2:2181,my-zk-3:2181 (will default to ZooKeeper when the schema is not specified) -# * zk:my-zk-1:2181,my-zk-2:2181,my-zk-3:2181/my-chroot-path (to add a ZK chroot path) -metadataStoreUrl= - -# The metadata store URL for the configuration data. If empty, we fall back to use metadataStoreUrl -configurationMetadataStoreUrl= - -# if Service Discovery is Disabled this url should point to the discovery service provider. -brokerServiceURL=pulsar://0.0.0.0:0 -brokerServiceURLTLS= - -# These settings are unnecessary if `zookeeperServers` is specified -brokerWebServiceURL=http://0.0.0.0:0 -brokerWebServiceURLTLS= - -# If function workers are setup in a separate cluster, configure the following 2 settings -# to point to the function workers cluster -functionWorkerWebServiceURL= -functionWorkerWebServiceURLTLS= - -# ZooKeeper session timeout (in milliseconds) -zookeeperSessionTimeoutMs=30000 - -# ZooKeeper cache expiry time in seconds -zooKeeperCacheExpirySeconds=300 - -### --- Server --- ### - -# Hostname or IP address the service binds on, default is 0.0.0.0. -bindAddress=0.0.0.0 - -# Hostname or IP address the service advertises to the outside world. -# If not set, the value of `InetAddress.getLocalHost().getCanonicalHostName()` is used. -advertisedAddress= - -# Enable or disable the HAProxy protocol. -haProxyProtocolEnabled=false - -# Enables zero-copy transport of data across network interfaces using the splice system call. -# Zero copy mode cannot be used when TLS is enabled or when proxyLogLevel is > 0. -proxyZeroCopyModeEnabled=true - -# The port to use for server binary Protobuf requests -servicePort=6650 - -# The port to use to server binary Protobuf TLS requests -servicePortTls= - -# Port that discovery service listen on -webServicePort=8080 - -# Port to use to server HTTPS request -webServicePortTls= - -# Path for the file used to determine the rotation status for the proxy instance when responding -# to service discovery health checks -statusFilePath= - -# Proxy log level, default is 0. -# 0: Do not log any tcp channel info -# 1: Parse and log any tcp channel info and command info without message body -# 2: Parse and log channel info, command info and message body -proxyLogLevel=0 - -### ---Authorization --- ### - -# Role names that are treated as "super-users," meaning that they will be able to perform all admin -# operations and publish/consume to/from all topics (as a comma-separated list) -superUserRoles= - -# Whether authorization is enforced by the Pulsar proxy -authorizationEnabled=false - -# Authorization provider as a fully qualified class name -authorizationProvider=org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider - -# Whether client authorization credentials are forwared to the broker for re-authorization. -# Authentication must be enabled via authenticationEnabled=true for this to take effect. -forwardAuthorizationCredentials=false - -### --- Authentication --- ### - -# Whether authentication is enabled for the Pulsar proxy -authenticationEnabled=false - -# Authentication provider name list (a comma-separated list of class names) -authenticationProviders= - -# When this parameter is not empty, unauthenticated users perform as anonymousUserRole -anonymousUserRole= - -### --- Client Authentication --- ### - -# The three brokerClient* authentication settings below are for the proxy itself and determine how it -# authenticates with Pulsar brokers - -# The authentication plugin used by the Pulsar proxy to authenticate with Pulsar brokers -brokerClientAuthenticationPlugin= - -# The authentication parameters used by the Pulsar proxy to authenticate with Pulsar brokers -brokerClientAuthenticationParameters= - -# The path to trusted certificates used by the Pulsar proxy to authenticate with Pulsar brokers -brokerClientTrustCertsFilePath= - -# Whether TLS is enabled when communicating with Pulsar brokers -tlsEnabledWithBroker=false - -# Tls cert refresh duration in seconds (set 0 to check on every new connection) -tlsCertRefreshCheckDurationSec=300 - -##### --- Rate Limiting --- ##### - -# Max concurrent inbound connections. The proxy will reject requests beyond that. -maxConcurrentInboundConnections=10000 - -# Max concurrent outbound connections. The proxy will error out requests beyond that. -maxConcurrentLookupRequests=50000 - -##### --- TLS --- ##### - -# Deprecated - use servicePortTls and webServicePortTls instead -tlsEnabledInProxy=false - -# Path for the TLS certificate file -tlsCertificateFilePath= - -# Path for the TLS private key file -tlsKeyFilePath= - -# Path for the trusted TLS certificate file. -# This cert is used to verify that any certs presented by connecting clients -# are signed by a certificate authority. If this verification -# fails, then the certs are untrusted and the connections are dropped. -tlsTrustCertsFilePath= - -# Accept untrusted TLS certificate from client. -# If true, a client with a cert which cannot be verified with the -# 'tlsTrustCertsFilePath' cert will allowed to connect to the server, -# though the cert will not be used for client authentication. -tlsAllowInsecureConnection=false - -# Whether the hostname is validated when the proxy creates a TLS connection with brokers -tlsHostnameVerificationEnabled=false - -# Specify the tls protocols the broker will use to negotiate during TLS handshake -# (a comma-separated list of protocol names). -# Examples:- [TLSv1.3, TLSv1.2] -tlsProtocols= - -# Specify the tls cipher the broker will use to negotiate during TLS Handshake -# (a comma-separated list of ciphers). -# Examples:- [TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] -tlsCiphers= - -# Whether client certificates are required for TLS. Connections are rejected if the client -# certificate isn't trusted. -tlsRequireTrustedClientCertOnConnect=false - -##### --- HTTP --- ##### - -# Http directs to redirect to non-pulsar services. -httpReverseProxyConfigs= - -# Http output buffer size. The amount of data that will be buffered for http requests -# before it is flushed to the channel. A larger buffer size may result in higher http throughput -# though it may take longer for the client to see data. -# If using HTTP streaming via the reverse proxy, this should be set to the minimum value, 1, -# so that clients see the data as soon as possible. -httpOutputBufferSize=32768 - -# Number of threads to use for HTTP requests processing. Default is -# 2 * Runtime.getRuntime().availableProcessors() -httpNumThreads= - -# Enable the enforcement of limits on the incoming HTTP requests -httpRequestsLimitEnabled=false - -# Max HTTP requests per seconds allowed. The excess of requests will be rejected with HTTP code 429 (Too many requests) -httpRequestsMaxPerSecond=100.0 - - -### --- Token Authentication Provider --- ### - -## Symmetric key -# Configure the secret key to be used to validate auth tokens -# The key can be specified like: -# tokenSecretKey=data:;base64,xxxxxxxxx -# tokenSecretKey=file:///my/secret.key ( Note: key file must be DER-encoded ) -tokenSecretKey= - -## Asymmetric public/private key pair -# Configure the public key to be used to validate auth tokens -# The key can be specified like: -# tokenPublicKey=data:;base64,xxxxxxxxx -# tokenPublicKey=file:///my/public.key ( Note: key file must be DER-encoded ) -tokenPublicKey= - -# The token "claim" that will be interpreted as the authentication "role" or "principal" by AuthenticationProviderToken (defaults to "sub" if blank) -tokenAuthClaim= - -# The token audience "claim" name, e.g. "aud", that will be used to get the audience from token. -# If not set, audience will not be verified. -tokenAudienceClaim= - -# The token audience stands for this broker. The field `tokenAudienceClaim` of a valid token, need contains this. -tokenAudience= - -### --- WebSocket config variables --- ### - -# Enable or disable the WebSocket servlet. -webSocketServiceEnabled=false - -# Name of the cluster to which this broker belongs to -clusterName= - -### --- Deprecated config variables --- ### - -# Deprecated. Use configurationStoreServers -globalZookeeperServers= - -# The ZooKeeper quorum connection string (as a comma-separated list) -zookeeperServers= - -# Configuration store connection string (as a comma-separated list) -configurationStoreServers=
