oneonestar
commented
3 weeks ago Open Mrzyxing opened 3 weeks ago
oneonestar
commented
3 weeks ago 
Mrzyxing
commented
3 weeks ago Does this work for you? https://trinodb.github.io/trino-gateway/security/?h=insecure#extra-self-signed-certificate-in-trino
Not actually.
Execute ~/trino-cli-418-executable.jar --server https://proxy-address:443 --catalog hive --user admin --password --insecure with select * from system.runtime.nodes , and it will returen an error of ProxyResponseHandler because ProxyRequestHandler post this sql to a https server via /v1/statement/ but use the default JettyClient which not support the insecure (or just not recongnize ?).
Currently, I am just foce enable JettyClient support insecure as follow work around:
# io.trino.gateway.baseapp.BaseApp.java
private static void registerProxyResources(Binder binder)
{
jaxrsBinder(binder).bind(RouteToBackendResource.class);
jaxrsBinder(binder).bind(RouterPreMatchContainerRequestFilter.class);
jaxrsBinder(binder).bind(ProxyRequestHandler.class);
# trust all
binder.bind(SslContextFactory.Client.class).toInstance(new SslContextFactory.Client(true));
httpClientBinder(binder).bindHttpClient("proxy", ForProxy.class);
httpClientBinder(binder).bindHttpClient("monitor", ForMonitor.class);
}It worked, but looks like ugly.
We have some self-signed HTTPS servers and are using it in an insecure mode, but we cannot proxy it for two reasons:
ClusterStatsJdbcMonitor.javadoes not supportinsecureproperties(use JDBC cause we got 404 for REST check) However, this could be easily added and we can quickly implement it and let the backend workProxyRequestHandler.javaalso missinginsecureproperties Unfortunately, we cannot add an insecure handler because it appears that Airlift requires a certificate configurationIn our enviromnet, there are many
insecureusage, Is there any way to simply skip SSL verification, or is there a plan to add this configuration?