871921256 opened a new issue #11528:
URL: https://github.com/apache/pulsar/issues/11528
In client.conf, webserviceurl and brokerserviceurl are configured as the
addresses after proxy,messages can be produce and consumer normally, but can
not used for pulsar admin operations such as cluster information
query:bin/pulsar-admin clusters list,it will return HTTP 401 Unauthorized。
If the webserviceurl and brokerserviceurl are configured as the address of
the broker in client.conf,we can query the cluster information. Which parameter
of proxy needs to be modified before pulsar admin operation can be performed at
the address after the client uses proxy proxy?
**The cluster and proxy configurations are as follows:**
**bin/pulsar-admin clusters get AAA-test:**
{
"serviceUrl" : "http://AAA-test.xxx.com.cn:443";,
"brokerServiceUrl" : "pulsar://AAA-test.xxx.com.cn:6443",
"brokerClientTlsEnabled" : false,
"tlsAllowInsecureConnection" : false,
"brokerClientTlsEnabledWithKeyStore" : false,
"brokerClientTlsTrustStoreType" : "JKS"
}
**proxy.conf:**
zookeeperServers=10.87.134.58:2181,10.87.134.79:2181,10.87.134.83:2181
configurationStoreServers=10.87.134.58:2181,10.87.134.79:2181,10.87.134.83:2181
brokerServiceURL=pulsar://AAA-test.xxx.com.cn:6443
#PROXY : pulsar://AAA-test.XXX.com.cn:9443
brokerServiceURLTLS=
brokerWebServiceURL=http://AAA-test.xxx.com.cn:443
#PROXY :http://AAA-test.XX.com.cn:8443
brokerWebServiceURLTLS=
functionWorkerWebServiceURL=http://AAA-test.xxx.com.cn:443
functionWorkerWebServiceURLTLS=
zookeeperSessionTimeoutMs=30000
zooKeeperCacheExpirySeconds=300
bindAddress=0.0.0.0
advertisedAddress=10.87.134.58
haProxyProtocolEnabled=false
servicePort=8086
servicePortTls=
webServicePort=8057
webServicePortTls=
statusFilePath=
proxyLogLevel=0
superUserRoles=admin
authorizationEnabled=false
authorizationProvider=org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider
forwardAuthorizationCredentials=true
authenticationEnabled=true
authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderToken
anonymousUserRole=
brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationToken
brokerClientAuthenticationParameters={"token":"eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhZG1pbiJ9.HqVJ9gsvqT5BLLmdftUi1PcIQ95a_SbhUR3g8TU78Xs"}
brokerClientTrustCertsFilePath=
tlsEnabledWithBroker=false
tlsCertRefreshCheckDurationSec=300
maxConcurrentInboundConnections=10000
maxConcurrentLookupRequests=50000
tlsEnabledInProxy=false
tlsCertificateFilePath=
tlsKeyFilePath=
tlsTrustCertsFilePath=
tlsAllowInsecureConnection=false
tlsHostnameVerificationEnabled=false
tlsProtocols=
tlsCiphers=
tlsRequireTrustedClientCertOnConnect=false
httpReverseProxyConfigs=
httpOutputBufferSize=32768
httpNumThreads=8
httpRequestsLimitEnabled=false
httpRequestsMaxPerSecond=100.0
tokenSecretKey=file:///work/apache-pulsar-2.8.0/my-secret.key
tokenPublicKey=
tokenAuthClaim=
tokenAudienceClaim=
tokenAudience=
webSocketServiceEnabled=false
clusterName=AAA-test
globalZookeeperServers=
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
