Table of Contents
HBase provides mechanisms to secure various components and aspects of HBase and how it relates to the rest of the Hadoop infrastructure, as well as clients and resources outside Hadoop.
A default HBase install uses insecure HTTP connections for web UIs for the master and
region servers. To enable secure HTTP (HTTPS) connections instead, set
hadoop.ssl.enabled
to true
in
hbase-site.xml
. This does not change the port used by the Web UI. To
change the port for the web UI for a given HBase component, configure that port's setting in
hbase-site.xml. These settings are:
hbase.master.info.port
hbase.regionserver.info.port
If you enable secure HTTP, clients should connect to HBase using the
https://
URL. Clients using the http://
URL will receive an HTTP
response of 200
, but will not receive any data. The following exception is logged:
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
This is because the same port is used for HTTP and HTTPS.
HBase uses Jetty for the Web UI. Without modifying Jetty itself, it does not seem possible to configure Jetty to redirect one port to another on the same host. See Nick Dimiduk's contribution on this Stack Overflow thread for more information. If you know how to fix this without opening a second port for HTTPS, patches are appreciated.