You can have a list of advertised.listeners On Fri, Aug 21, 2015 at 11:09 AM, Qi Xu <shkir...@gmail.com> wrote:
> Hi Ben, > Thank you very much for the information. This is very helpful. > One question I have about the listeners and the advertising host and port. > Now the listeners can have two host and port for non SSL and SSL. > For advertising host and port, how do I specify both for remote client and > brokers respectively? > So my scenario is that I like the SSL port to be accessed by the > remote client and the advertising host will be the NLB's IP (with some > port mapping) , but for the inter-broker communication, I hope it uses > non-SSL port with internal IP. Is that do-able? > > Thanks again, > Qi > > > On Fri, Aug 21, 2015 at 6:28 AM, Ben Stopford <b...@confluent.io> wrote: > > > Hi Qi > > > > Trunk seems fairly stable. > > > > There are guidelines here which includes how to generate keys > > > https://cwiki.apache.org/confluence/display/KAFKA/Deploying+SSL+for+Kafka > > < > https://cwiki.apache.org/confluence/display/KAFKA/Deploying+SSL+for+Kafka > > > > > > > Your server config needs these properties (also on the webpage): > > > > listeners=PLAINTEXT://:9092,SSL://:9093 > > > > ssl.protocol = TLS > > ssl.keystore.type = JKS > > ssl.keystore.location = <path>/keystore.jks > > ssl.keystore.password = <pass> > > ssl.key.password = <pass> > > ssl.truststore.type = JKS > > ssl.truststore.location = <path>/truststore.jks > > ssl.truststore.password = <pass> > > > > To get yourself going it’s easiest to just generate a set of certs > locally > > and spark up the console producer/consumer pair. You’ll need the latest > cut > > from trunk (from today) to get a console consumer that works. > > > > Hope that helps > > > > Ben > > > > > > > On 21 Aug 2015, at 07:10, Qi Xu <shkir...@gmail.com> wrote: > > > > > > Hi folks, > > > I tried to clone the latest version of kafka truck and try to enable > the > > > SSL. The server.properties seems not having any security related > > settings, > > > and it seems there's no other config file relevant to SSL either. > > > So may I know is this feature ready to use now in truck branch? > > > > > > BTW, we're using the SSL feature from the branch : > > > https://github.com/relango/kafka/tree/0.8.2. Is there any significant > > > difference between Kafka-truck and relango's branch? > > > > > > Thanks, > > > Qi > > > > >
