Right now I have configured my Kafka server with a self-signed certificate.
version: '2'
services:
zookeeper:
image: wurstmeister/zookeeper:latest
ports:
- 2181:2181
hostname: zookeeper
kafka:
image: wurstmeister/kafka:2.11-2.0.0
command: [start-kafka.sh]
ports:
- 9093:9093
hostname: kafka
environment:
KAFKA_LISTENERS: SSL://0.0.0.0:9093
KAFKA_ADVERTISED_LISTENERS: SSL://alfrescokafka.leafycode.com:9093
KAFKA_SSL_KEYSTORE_LOCATION: /home/amur42s/ssl/kafka.server.keystore.jks
KAFKA_SSL_KEYSTORE_PASSWORD: oE4KJ9FVMjMXGpgpp0qwLzUDy0uz
KAFKA_SSL_KEY_PASSWORD: oE4KJ9FVMjMXGpgpp0qwLzUDy0uz
KAFKA_SSL_TRUSTSTORE_LOCATION: /home/amur42s/ssl/kafka.server.truststore.jks
KAFKA_SSL_TRUSTSTORE_PASSWORD: 123
KAFKA_ADVERTISED_HOST_NAME: 116.203.65.132 # docker-machine ip
KAFKA_ZOOKEEPER_CONNECT: "zookeeper:2181"
KAFKA_CREATE_TOPICS: ""
KAFKA_SSL_CLIENT_AUTH: 'required'
KAFKA_SECURITY_INTER_BROKER_PROTOCOL: 'SSL'
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /home/ssl:/home/ssl
depends_on:
- "zookeeper"
Unfortunetely, I'm unable to connect to it using kafka node. Looks like I need to set the ssl.truststore.location and ssl.trsutstore.password. How can I do this?
You should not need to pass those options in the client. If it's self-signed you will need to include this option in the KafkaClient option:
sslOptions: {
rejectUnauthorized: false
}
@hyperlink Thanks it worked!
Hi, what to do if its properly signed certificate? I need these values to set in my code.
security.protocol=SSL
ssl.truststore.location=kafka.client.truststore.jks
ssl.truststore.password=clientpass
Nothing. Just pass an empty sslOptions object and provide the correct kafka port.
Nothing. Just pass an empty sslOptions object and provide the correct kafka port.
Hi, I hava the same question.
Hi, what to do if its properly signed certificate? I need these values to set in my code.
security.protocol=SSL
ssl.truststore.location=kafka.client.truststore.jks
ssl.truststore.password=clientpass
Hi, I get the same question. How do you fix it? Just pass an empty sslOptions?
I am facing the same issue. Has anyone bee able to figure this out?
You should not need to pass those options in the client. If it's self-signed you will need to include this option in the KafkaClient option:
sslOptions: { rejectUnauthorized: false }
The above did not work me.
add ca option with the contents of your .pem file.
you should make an example for ssl
An example for TLS/SSL connection would help a lot. Eventually a tutorial.
Here is my solution:
var kafkaClientOption = {
clientId: 'kafkaadmin',
kafkaHost : 'broker1:9092,broker2:9092,broker3:9092',
ssl: true,
sslOptions: {
rejectUnauthorized: false,
ca: [fs.readFileSync('./bin/chain.pem', 'utf-8')],
cert: [fs.readFileSync('./bin/kafkaadmin.pem', 'utf-8')],
key: [fs.readFileSync('./bin/kafkaadmin.key', 'utf-8')],
passphrase: "mypass",
},
autoConnect: true,
connectTimeout: 1000,
requestTimeout: 1000
}
var client = new kafka.KafkaClient( kafkaClientOption );
Thank u very much, and I solved this problem by the method u provide
发送自 Windows 10 版邮件https://go.microsoft.com/fwlink/?LinkId=550986应用
发件人: Ferdy2003 notifications@github.com
发送时间: Wednesday, August 14, 2019 4:44:58 PM
收件人: SOHU-Co/kafka-node kafka-node@noreply.github.com
抄送: marugechen marugezte@outlook.com; Comment comment@noreply.github.com
主题: Re: [SOHU-Co/kafka-node] How to pass the SSL config like truststore location and password? (#1185)
Here is my solution:
var kafkaClientOption = {
clientId: 'kafkaadmin',
kafkaHost : 'broker1:9092,broker2:9092,broker3:9092',
ssl: true,
sslOptions: {
rejectUnauthorized: false,
ca: [fs.readFileSync('./bin/chain.pem', 'utf-8')],
cert: [fs.readFileSync('./bin/kafkaadmin.pem', 'utf-8')],
key: [fs.readFileSync('./bin/kafkaadmin.key', 'utf-8')],
passphrase: "mypass",
},
autoConnect: true,
connectTimeout: 1000,
requestTimeout: 1000
}
var client = new kafka.KafkaClient( kafkaClientOption );
―
You are receiving this because you commented.
Reply to this email directly, view it on GitHubhttps://github.com/SOHU-Co/kafka-node/issues/1185?email_source=notifications&email_token=AILZFEYHNDVWA5UU7LJ4I3DQEPAYVA5CNFSM4GU25EA2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD4ID6SA#issuecomment-521158472, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AILZFE6ODZFKRKGPEV6LPE3QEPAYVANCNFSM4GU25EAQ.
Hello, Don't we have support for the JKS file ?
Most helpful comment
Here is my solution: