Confluent
1 前言
一个问题,一篇文章,一出故事。
笔者安装Confluent Kafka默认使用HTTP协议,我们期待使用SSL,于是整理此文。
2 最佳实践
2.1 部署Confluent Kafka环境
本章基于以上环境,如果你需要理解本文,建议你先按如下章节搭建环境,
2.2 配置基本认证
2.2.1 启用基本身份验证
vim /etc/confluent-control-center/control-center-production.properties
添加如下配置,
# Configure TLS/SSL for Control Center confluent.controlcenter.rest.listeners=https://0.0.0.0:9021 confluent.controlcenter.rest.ssl.keystore.location=/etc/confluent-control-center/cfkafka01.cmdschool.org.jks confluent.controlcenter.rest.ssl.keystore.password=jkspwd confluent.controlcenter.rest.ssl.key.password=jkspwd confluent.controlcenter.rest.ssl.truststore.location=/etc/confluent-control-center/cfkafka01.cmdschool.org.jks confluent.controlcenter.rest.ssl.truststore.password=jkspwd
根据以上配置,我们需要使用如下命令部署证书,
cp cfkafka01.cmdschool.org.jks /etc/confluent-control-center/
证书请自行准备,笔者建议你申请权威的腾讯云证书,使用申请的Tomcat JKS格式证书即可,
https://cloud.tencent.com/product/ssl
2.2.2 重启服务使配置生效
systemctl restart confluent-control-center
2.2.3 https连接测试
https://cfkafka01.cmdschool.org:9021
参阅我文档
==================
SSL配置向导
——————-
https://docs.confluent.io/platform/current/control-center/security/ssl.html
配置参数解析
——————
https://docs.confluent.io/5.1.0/control-center/installation/configuration.html
docker配置范例
——————
https://github.com/confluentinc/cp-demo/blob/7.1.1-post/docker-compose.yml
没有评论