[
https://issues.apache.org/jira/browse/KAFKA-9768?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17073083#comment-17073083
]
Chris Egerton commented on KAFKA-9768:
--------------------------------------
[~rhauch] this is already called out in the description:
{quote}A workaround can be performed by changing the order of the {{listeners}}
list to put the desired advertised listener at the beginning.
{quote}
> rest.advertised.listener configuration is not handled properly by the worker
> ----------------------------------------------------------------------------
>
> Key: KAFKA-9768
> URL: https://issues.apache.org/jira/browse/KAFKA-9768
> Project: Kafka
> Issue Type: Bug
> Components: KafkaConnect
> Reporter: Chris Egerton
> Assignee: Chris Egerton
> Priority: Major
>
> The {{rest.advertised.listener}} config can currently be set to either "http"
> or "https", and a listener with that protocol should be used when advertising
> the URL of the worker to other members of the Connect cluster.
> For example, someone might configure their worker with a {{listeners}} value
> of
> {{[https://localhost:42069,http://localhost:4761|https://localhost:42069%2Chttp//localhost:4761]}}
> and a {{rest.advertised.listener}} value of {{http}}, which should cause the
> worker to listen on port {{42069}} with TLS and port {{4761}} with plaintext,
> and advertise the URL {{[http://localhost:4761|http://localhost:4761/]}} to
> other workers.
> However, the worker instead advertises the URL
> {{[https://localhost:42069|https://localhost:42069/]}} to other workers. This
> is because the {{RestServer}} class, which is responsible for determining
> which URL to advertise to other workers, simply [chooses the first listener
> whose name begins with the
> protocol|https://github.com/apache/kafka/blob/0f48446690e42b78a9a6b8c6a9bbab9f01d84cb1/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/rest/RestServer.java#L422]
> specified in the {{rest.advertised.listener}} config.
> This breaks because "http" is a prefix of "https", so if the advertised
> listener is "http" but the first listener that's found starts with
> "https://";, that listener will still be chosen.
> This bug has been present since SSL support (and the
> {{rest.advertised.listener}} config) were added via
> [KIP-208|https://cwiki.apache.org/confluence/display/KAFKA/KIP-208%3A+Add+SSL+support+to+Kafka+Connect+REST+interface],
> in release 1.1.0.
> This bug should only present in the case where a user has set
> {{rest.advertised.listener}} to {{http}} but the {{listeners}} list begins
> with a listener that uses {{https}}. A workaround can be performed by
> changing the order of the {{listeners}} list to put the desired advertised
> listener at the beginning.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
