HTTPS for Kafdrop

[KhoiDinh]

Is there currently a way to connect to Kafdrop securely (using https instead of http)?

[ekoutanov]

Not out of the box. Your choices are to either:

1. Configure SpringBoot to serve HTTPS traffic, and deploy a certificate
2. Put a reverse proxy or a TLS-capable load-balancer in front of Kafdrop

[KhoiDinh]

Do I need to alter the kafdrop code itself? or pass in a custom application.yml file that will support https connection?

I have set up a special application.yml file with these contents:

spring:
  jmx:
    enabled: true
    default_domain: Kafdrop
  jackson:
    deserialization:
      fail_on_unknown_properties: false
      read_unknown_enum_values_as_null: true

management:
  endpoints:
    web:
      base-path: /actuator
      exposure.include: "*"
  server:
    port: 9000

kafdrop.monitor:
  clientId: Kafdrop

kafka:
  brokerConnect: localhost:9092
  isSecured: false
  saslMechanism: "PLAIN"
  securityProtocol: "SASL_PLAINTEXT"

zookeeper:
  connect: localhost:2181

server:
  ssl:
    key-store: C:\Users\dinh\Desktop\kafdropUpdated\kafdrop-3.18.1\target\server.keystore.jks
    key-store-password: password
    key-store-type: JKS
    key-alias: synopsys
    key-password: password
  port: 8443

The command to run kafdrop is:

java -jar kafdrop-3.19.0-SNAPSHOT.jar --zookeeper.connect=10.15.164.233:2181 --kafka.brokerConnect=10.15.164.233:9093 --kafka.properties="C:\Users\dinh\Desktop\kafkaUI\kafdrop-master\kafdrop-master\target\kafka.properties" -Dspring.config.location=C:\Users\dinh\Desktop\kafdropUpdated\kafdrop-3.18.1\target\application.yml

When I try to access "https://localhost:9000" I get the error:

javax.net.ssl.SSLHandshakeException: no cipher suites in common
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:307)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:263)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:254)
        at java.base/sun.security.ssl.ServerHello$T12ServerHelloProducer.chooseCipherSuite(ServerHello.java:460)
        at java.base/sun.security.ssl.ServerHello$T12ServerHelloProducer.produce(ServerHello.java:295)
        at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:436)
        at java.base/sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(ClientHello.java:1102)
        at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:854)
        at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:813)
        at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
        at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
        at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1074)
        at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1061)
        at java.base/java.security.AccessController.doPrivileged(AccessController.java:689)
        at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1008)
        at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1072)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Wor

Could you possibly add a ReadMe section that explains how to do so?

[ekoutanov]

I'm not sure of the ssl configuration for SpringBoot

[ekoutanov]

Closing due to inactivity.