Qi, yes you can use inter-broker communication over non-ssl(PLAINTEXT) You can use this config security.inter.broker.protocol by default its PLAINTEXT and make sure you’ve two listeners one is for PLAINTEXT and another one SSL.
Thanks, Harsha On August 21, 2015 at 11:37:09 AM, Gwen Shapira (g...@confluent.io) wrote: You can have a list of advertised.listeners On Fri, Aug 21, 2015 at 11:09 AM, Qi Xu <shkir...@gmail.com> wrote: > Hi Ben, > Thank you very much for the information. This is very helpful. > One question I have about the listeners and the advertising host and port. > Now the listeners can have two host and port for non SSL and SSL. > For advertising host and port, how do I specify both for remote client and > brokers respectively? > So my scenario is that I like the SSL port to be accessed by the > remote client and the advertising host will be the NLB's IP (with some > port mapping) , but for the inter-broker communication, I hope it uses > non-SSL port with internal IP. Is that do-able? > > Thanks again, > Qi > > > On Fri, Aug 21, 2015 at 6:28 AM, Ben Stopford <b...@confluent.io> wrote: > > > Hi Qi > > > > Trunk seems fairly stable. > > > > There are guidelines here which includes how to generate keys > > > https://cwiki.apache.org/confluence/display/KAFKA/Deploying+SSL+for+Kafka > > < > https://cwiki.apache.org/confluence/display/KAFKA/Deploying+SSL+for+Kafka > > > > > > > Your server config needs these properties (also on the webpage): > > > > listeners=PLAINTEXT://:9092,SSL://:9093 > > > > ssl.protocol = TLS > > ssl.keystore.type = JKS > > ssl.keystore.location = <path>/keystore.jks > > ssl.keystore.password = <pass> > > ssl.key.password = <pass> > > ssl.truststore.type = JKS > > ssl.truststore.location = <path>/truststore.jks > > ssl.truststore.password = <pass> > > > > To get yourself going it’s easiest to just generate a set of certs > locally > > and spark up the console producer/consumer pair. You’ll need the latest > cut > > from trunk (from today) to get a console consumer that works. > > > > Hope that helps > > > > Ben > > > > > > > On 21 Aug 2015, at 07:10, Qi Xu <shkir...@gmail.com> wrote: > > > > > > Hi folks, > > > I tried to clone the latest version of kafka truck and try to enable > the > > > SSL. The server.properties seems not having any security related > > settings, > > > and it seems there's no other config file relevant to SSL either. > > > So may I know is this feature ready to use now in truck branch? > > > > > > BTW, we're using the SSL feature from the branch : > > > https://github.com/relango/kafka/tree/0.8.2. Is there any significant > > > difference between Kafka-truck and relango's branch? > > > > > > Thanks, > > > Qi > > > > >
