[
https://issues.apache.org/jira/browse/HADOOP-8581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13784830#comment-13784830
]
Suresh Srinivas commented on HADOOP-8581:
-----------------------------------------
bq. OK, reading again things, HDFS-5271 is a documentation issue now.
I fail to understand. With hadoop.ssl.enabled 50070 which is configured as http
port becomes https port. How is this just a documentation issue?
bq. Serving the same content over HTTP and HTTPS seems unnecessary.
A lot of standard services support secure and non-secure ports. A deployment
might choose to support both http and https. Depending on what an application
is accessing the service for, an app can choose to use secure or insecure. The
proposed solution gives flexibility of support both http and https and in cases
where an admin wants to allow only https access, that is also possible.
bq. while browsers do this automatically, if i recall correctly Java does not
follow redirections from HTTP to HTTPS. This may be an issue for fsimage and
webhdfs.
There are other tools that can handle the redirection. This gives an
opportunity for such tools to continue to work even when server changes from
http to https, without requiring need for URL change.
bq. Sounds good, but I would rather user http or https as value than numbers
We did discuss using names instead of number. I prefer number instead of long
strings that describe http, http and https, http redirect to https etc. But if
others feel strings are better, I am okay.
bq. If we remove it from 2.2, what that exactly means? what functionality we
lose?
Most of the functionality added by this change already existed for hdfs. Only
thing we lose is enforcing https only access.
bq. What else is a problem that would justify a revert?
I thought I covered it earlier. Here is again for convenience:
{quote}
hadoop.ssl.enable property will be removed. The reasons for this are:
- Currently uses http port for https
- This configuration is not backward compatible and is in conflict with the
existing configuration by adding multiple ways to do the same thing.
- Per project control to enforce policy is required instead of one global flag.
- We want to support both http and https. With redirect from http to https
options, migration to the new setting does not require the applications to
change the URL they are currently using.
{quote}
> add support for HTTPS to the web UIs
> ------------------------------------
>
> Key: HADOOP-8581
> URL: https://issues.apache.org/jira/browse/HADOOP-8581
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 2.0.2-alpha
>
> Attachments: HADOOP-8581.patch, HADOOP-8581.patch, HADOOP-8581.patch,
> HADOOP-8581.patch, HADOOP-8581.patch, HADOOP-8581.patch, HADOOP-8581.patch
>
>
> HDFS/MR web UIs don't work over HTTPS, there are places where 'http://' is
> hardcoded.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
