[jira] [Closed] (DRILL-3725) Add HTTPS support for Drill web interface

Tue, 06 Oct 2015 09:01:54 -0700 

     [ 
https://issues.apache.org/jira/browse/DRILL-3725?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Krystal closed DRILL-3725.
--------------------------

Verified that drill used the values for the following entries when specified in 
the drill-override.conf file:
    java.net.ssl.keyStore
    java.net.ssl.keyStorePassword
    java.net.ssl.trustStore
    java.net.ssl.trustStorePassword

If the above values were not specified in the drill-override.conf file, a self 
signed certificate were generated and used for TLS.  Below are the entries from 
log file showing such behavior:
2015-10-06 08:36:18,231 [main] INFO  o.a.drill.exec.server.rest.WebServer - 
Setting up HTTPS connector for web server
2015-10-06 08:36:18,237 [main] INFO  o.a.drill.exec.server.rest.WebServer - 
Using generated self-signed SSL settings for web server

> Add HTTPS support for Drill web interface
> -----------------------------------------
>
>                 Key: DRILL-3725
>                 URL: https://issues.apache.org/jira/browse/DRILL-3725
>             Project: Apache Drill
>          Issue Type: New Feature
>          Components: Client - HTTP
>            Reporter: Venki Korukanti
>            Assignee: Venki Korukanti
>             Fix For: 1.2.0
>
>
> Currently web UI or REST API calls don't support transport layer security 
> (TLS). This jira is to add support for TLS. We need this feature before 
> adding the user authentication to Drill's web interface.
> Proposal is:
> * Always default to HTTPS
> * Cluster admin can set the following SSL configuration to specify their own 
> keystore and/or truststore.
> ** java.net.ssl.keyStore
> ** java.net.ssl.keyStorePassword
> ** java.net.ssl.trustStore
> ** java.net.ssl.trustStorePassword
> * If cluster admin didn't specified the above SSL config, generate a self 
> signed certificate programmatically and use it by using libraries such as 
> [Bouncy Castle|http://www.bouncycastle.org/].
> * Make use of the Jetty APIs to add a HTTPS connection. Example is 
> [here|http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/examples/embedded/src/main/java/org/eclipse/jetty/embedded/LikeJettyXml.java].
> Let me know if you have any comments.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to