andmarios
commented
5 years ago Hi @rimoore. It's important for the client to be able to verify that the broker address matches the addresses in the broker's SSL certificate. To do that more easily, use the ADV_HOST variable, which tells the broker which address to advertise and set manually the hostname for fast-data-dev.
E.g: docker run ... --hostname=kafka -e ADV_HOST=kafka -e SSL_EXTRA_HOSTS=kafka,xxx,yyy,zzz ...
Then you can set your other containers to use SSL://kafka:9093.
rimoore
Setup solution to use SSL for the topic and could not get working without adding DNS name of the docker container to my remote clients hosts file. Below is the error received and an example of the docker run string...
[2019-02-07 02:54:01,270] WARN [Producer clientId=producer-1] Error connecting to node da97d81049b1:9093 (id: 0 rack: null) (org.apache.kafka.clients.NetworkClient) java.io.IOException: Can't resolve address: da97d81049b1:9093 at org.apache.kafka.common.network.Selector.doConnect(Selector.java:235) at org.apache.kafka.common.network.Selector.connect(Selector.java:214) at org.apache.kafka.clients.NetworkClient.initiateConnect(NetworkClient.java:864) at org.apache.kafka.clients.NetworkClient.ready(NetworkClient.java:265) at org.apache.kafka.clients.producer.internals.Sender.sendProducerData(Sender.java:266) at org.apache.kafka.clients.producer.internals.Sender.run(Sender.java:238) at org.apache.kafka.clients.producer.internals.Sender.run(Sender.java:176) at java.lang.Thread.run(Thread.java:748) Caused by: java.nio.channels.UnresolvedAddressException at sun.nio.ch.Net.checkAddress(Net.java:101) at sun.nio.ch.SocketChannelImpl.connect(SocketChannelImpl.java:622) at org.apache.kafka.common.network.Selector.doConnect(Selector.java:233) ... 7 more
docker run -d -p 2181:2181 -p 3030:3030 -p 8081-8083:8081-8083 -p 9581-9585:9581-9585 -p 9092:9092 -p 9093:9093 -p 9001:9001 -e SUPERVISORWEB=1 -e PASSWORD=xxxx -e ENABLE_SSL=1 -e SSL_EXTRA_HOSTS=xxx,yyy,zzz landoop/fast-data-dev