From 32f6b622259266afad6c7bb63cf0f5ca53a07fce Mon Sep 17 00:00:00 2001 From: liuzhaokun Date: Mon, 19 Mar 2018 16:18:12 +0800 Subject: [PATCH] [STORM-2997] Add logviewer ssl module in SECURITY.md --- docs/SECURITY.md | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/docs/SECURITY.md b/docs/SECURITY.md index fbd1018058f..96aef73e238 100644 --- a/docs/SECURITY.md +++ b/docs/SECURITY.md @@ -92,9 +92,9 @@ curl -i --negotiate -u:anyUser -b ~/cookiejar.txt -c ~/cookiejar.txt http://s **Caution**: In AD MIT Keberos setup the key size is bigger than the default UI jetty server request header size. Make sure you set ui.header.buffer.bytes to 65536 in storm.yaml. More details are on [STORM-633](https://issues.apache.org/jira/browse/STORM-633) -## UI / DRPC SSL +## UI / DRPC / LOGVIEWER SSL -Both UI and DRPC allows users to configure ssl . +UI,DRPC and LOGVIEWER allows users to configure ssl . ### UI @@ -139,6 +139,26 @@ If users want to setup 2-way auth +### LOGVIEWER +similarly to UI and DRPC , users need to configure following for LOGVIEWER + +1. logviewer.https.port +2. logviewer.https.keystore.type (example "jks") +3. logviewer.https.keystore.path (example "/etc/ssl/storm_keystore.jks") +4. logviewer.https.keystore.password (keystore password) +5. logviewer.https.key.password (private key password) + +optional config +6. logviewer.https.truststore.path (example "/etc/ssl/storm_truststore.jks") +7. logviewer.https.truststore.password (truststore password) +8. logviewer.https.truststore.type (example "jks") + +If users want to setup 2-way auth +9. logviewer.https.want.client.auth (If this set to true server requests for client certifcate authentication, but keeps the connection if no authentication provided) +10. logviewer.https.need.client.auth (If this set to true server requires client to provide authentication) + + + ## Authentication (Kerberos)