Open Mrzyxing opened 2 weeks ago
Does this work for you? https://trinodb.github.io/trino-gateway/security/?h=insecure#extra-self-signed-certificate-in-trino
Not actually.
Execute ~/trino-cli-418-executable.jar --server https://proxy-address:443 --catalog hive --user admin --password --insecure
with select * from system.runtime.nodes
, and it will returen an error of ProxyResponseHandler
because ProxyRequestHandler
post this sql to a https server via /v1/statement/
but use the default JettyClient
which not support the insecure
(or just not recongnize ?).
Currently, I am just foce enable JettyClient
support insecure
as follow work around:
# io.trino.gateway.baseapp.BaseApp.java
private static void registerProxyResources(Binder binder)
{
jaxrsBinder(binder).bind(RouteToBackendResource.class);
jaxrsBinder(binder).bind(RouterPreMatchContainerRequestFilter.class);
jaxrsBinder(binder).bind(ProxyRequestHandler.class);
# trust all
binder.bind(SslContextFactory.Client.class).toInstance(new SslContextFactory.Client(true));
httpClientBinder(binder).bindHttpClient("proxy", ForProxy.class);
httpClientBinder(binder).bindHttpClient("monitor", ForMonitor.class);
}
It worked, but looks like ugly.
We have some self-signed HTTPS servers and are using it in an insecure mode, but we cannot proxy it for two reasons:
ClusterStatsJdbcMonitor.java
does not supportinsecure
properties(use JDBC cause we got 404 for REST check) However, this could be easily added and we can quickly implement it and let the backend workProxyRequestHandler.java
also missinginsecure
properties Unfortunately, we cannot add an insecure handler because it appears that Airlift requires a certificate configurationIn our enviromnet, there are many
insecure
usage, Is there any way to simply skip SSL verification, or is there a plan to add this configuration?