Shulou(Shulou.com)06/03 Report--

Apache Pulsar is an enterprise-class distributed messaging system, originally developed by Yahoo, open source in 2016, and graduated in September 2018 to become a top-level project of the Apache Foundation. Pulsar has been used in Yahoo's production environment for more than three years, mainly serving Mail, Finance, Sports, Flickr, the Gemini Ads platform, Sherpa (Yahoo's KV storage).

Pulsar is a multi-tenant, high-performance solution for server-to-server messaging.

By default, Apache Pulsar clients communicate with Apache Pulsar services in plain text. You can configure TLS transport encryption to enable TLS to affect the transmission performance. The following are the specific configuration Pulsar TLS operations and considerations. (Pulsar version 2.4.2 passed test)

Create the private key of the root certificate under $mkdir my-ca $cd my-ca $wget-- no-check-certificate https://raw.githubusercontent.com/apache/pulsar/master/site2/website/static/examples/openssl.cnf $export CA_HOME=$ (pwd) $mkdir certs crl newcerts private $chmod 700private/ $touch index.txt $echo 1000 > serial under the CA / data directory You need to enter the secret. After recording the password, you will use $openssl genrsa-aes256-out private/ca.key.pem 4096 to generate the root certificate CA $openssl req-config openssl.cnf-key private/ca.key.pem\-new-x509-days 7300-sha256-extensions v3_ca\-out certs/ca.cert.pem 1) enter the above private key password 2) enter the information Country Name (2 letter code) is used after recording the entered information: CN / / country name State or Province Name:beijing / / province name Locality Name:beijing / / city name Organization Name:test / / organization name Organizational Unit Name:test / / organization unit name Common Name: server domain Name or ip Email Address: email $chmod 444 certs/ca.cert.pem II generation server certificate key $openssl genrsa-out broker.key.pem 2048$ openssl pkcs8-topk8-inform PEM-outform PEM\-in broker.key.pem-out broker.key-pk8.pem-nocrypt generation server certificate request Fill in the basic information such as the information country according to the prompt is consistent with the CA root certificate. The domain name of the server to be entered in Common Name (IP can be entered for a single Broker) $openssl req-config openssl.cnf\-key broker.key.pem-new-sha256-out broker.csr.pem $openssl ca-config openssl.cnf-extensions server_cert\-days 1000-notext-md sha256\-in broker.csr.pem-out broker.cert.pem three Broker The default brokerServicePortTls webServicePortTls in the configuration broker.conf file is empty Do not start TLS by filling in the port number to tell the server to open the TL channel, and remove the ports of brokerServicePort and webServicePort if you want to close the normal channel. BrokerServicePort=6650 brokerServicePortTls=6651 webServicePort=8080 webServicePortTls=8443 tlsCertificateFilePath=/data/my-ca/broker.cert.pem tlsKeyFilePath=/data/my-ca/broker.key-pk8.pem tlsTrustCertsFilePath=/data/my-ca/certs/ca.cert.pem Note: if tlsProtocols tlsCiphers is configured in the official documentation, I will fail when I use the client test. These two tests can be passed without filling in. 4 configuration completed broker.conf startup Broker view log file hint the following information indicates that the server has enabled the TLS service Started PulsarServerConnector@6a2eea2a {SSL, [ssl, http/1.1]} {0.0.0.0 TLS 8443} five JAVA client test 1) copy out the public certificate / data/my-ca/certs/ca.cert.pem just generated and put it on the client service 2) java main code Sending or receiving data indicates that the configuration is successful PulsarClient client = PulsarClient.builder () .serviceUrl (url) .tlsTrustCertsFilePath ("D:/jar/ca.cert.pem") / / Public certificate path on the client server .enableTlsHostnameplate (false) .allowTlsInsecureConnecti on (false)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.