Versions Compared

Old Version 9

changes.mady.by.user Juliane Wetzel

Saved on

compared with

New Version Current

changes.mady.by.user Konsta Danyliuk

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Info

INFO

SSL shall be enabled for using Datameer X in enterprise or production environments. Note that even if you enable a firewall to ensure that only SSL is available, Datameer X uses both HTTP and HTTPS services. For using Datameer X on a standard port (443), system administrators need to implement additional configuration.

This change eliminates the need to type ':8443' at the end of the URL each time they access Datameer.

All port changes should be made in the 'start.ini' file, which overrides 'jetty.port'.

...

The following commands will enable SSL and disable normal HTTP traffic.

Note

Important! The enable-ssl.sh script uses relies on the GNU version of the sed utility and might not work as expected if your terminal uses another implementation. We recommend checking this before running the script. Please reach Datameer support if you observe any issues.

  1. Change your working path to where you have installed the target Datameer X distribution.

  2. Stop the Datameer X service if currently running with:

    Code Block
    $ ./bin/conductor.sh stop

  3. Execute the bin/enable-ssl.sh script. Example:

    Code Block
    [Datameer-11.1.8-emr-6.1.0]$ ./bin/enable-ssl.sh 
Java found. (version 1.8)
Disabling http module. Changes to DAS_PORT in das-env.sh will have no effect anymore.
Creating https.ini in start.d/
WARN  : Use both ${jetty.base}/start.d and ${jetty.base}/start.ini is deprecated
INFO  : https           initialized in ${jetty.base}/start.d/https.ini
INFO  : ssl             transitively enabled, ini template available with --add-to-start=ssl
COPY  : ${jetty.base}/modules/ssl/keystore to ${jetty.base}/etc/keystore
INFO  : Base directory was modified
Creating ssl.ini in start.d/
WARN  : Use both ${jetty.base}/start.d and ${jetty.base}/start.ini is deprecated
INFO  : ssl             initialized in ${jetty.base}/start.d/ssl.ini
INFO  : Base directory was modified

Datameer will use default configuration. If a non standard configuration is required, edit start.d/ssl.ini.
Refer to Datameer Documentation for more details.

  4. If required, edit the start.d/ssl.ini file to customize the configuration to match your environmental variables.

    Code Block
    jetty.ssl.port=<desired_port>						(default=8443)
jetty.sslContext.keyStorePath=<path/to/keystore> 	(default=etc/keystore)
jetty.sslContext.trustStorePath=<path/to/keystore> 	(default=etc/keystore)
jetty.sslContext.keyStorePassword=<password>		(default=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
jetty.sslContext.keyManagerPassword=<password>		(default=OBF:1u2u1wml1z7s1z7a1wnl1u2g)
jetty.sslContext.trustStorePassword=<password>		(default=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4)

  5. Start the Datameer X service with:

    Code Block
    $ ./bin/conductor.sh start

...

  1. Disabling SSLĀ 

The following commands will disable SSL and restore normal HTTP traffic.

...