- KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://kafka-1:9092,EXTERNAL://172.25.114.2:9095 - KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP=CONTROLLER:PLAINTEXT,EXTERNAL:PLAINTEXT,PLAINTEXT:PLAINTEXT volumes: - kafka_1_d
--env KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP=INTERNAL:SASL_PLAINTEXT,CLIENT:SASL_PLAINTEXT,CONTROLLER:PLAINTEXT,EXTERNAL:SASL_PLAINTEXT \ #监听器的协议 这里sasl_plain表示 仅认证加密 传输不加密 --env KAFKA_CFG_INTER_BROKER_LISTENER_NAME=INTERNAL \ #内部broker名称 --env KAFKA_CFG_SASL_MECHANISM...
-KAFKA_NUM_PARTITIONS=3-KAFKA_DEFAULT_REPLICATION_FACTOR=2-KAFKA_CFG_ZOOKEEPER_CONNECT=zookeeper:2181# Listeners-KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP=INTERNAL:PLAINTEXT,EXTERNAL:PLAINTEXT-KAFKA_CFG_INTER_BROKER_LISTENER_NAME=INTERNAL-KAFKA_CFG_LISTENERS=INTERNAL://:9092,EXTERNAL://0.0.0.0:9094-KAF...
#advertised.listeners=PLAINTEXT://your.:9092 # Maps listener names to security protocols, the default is for them to be the same. See the config documentation for more details #listener.security.protocol.map=PLAINTEXT:PLAINTEXT,SSL:SSL,SASL_PLAINTEXT:SASL_PLAINTEXT,SASL_SSL:SASL_SSL # The n...
[root@node01 conf]# vim zoo.cfg tickTime=2000 initLimit=10 syncLimit=5 dataDir=/Data/zookeeper clientPort=2181 server.1=172.16.150.154:2888:3888 server.2=172.16.150.155:2888:3888 server.3=172.16.150.156:2888:3888 #配置参数说明: tickTime:客户端与服务器或者服务器与服务器之间每个tickTime时间就会...
SECURITY_PROTOCOL_CONFIG, "SASL_SSL"); // SASL 采用 Plain 方式。 props.put(SaslConfigs.SASL_MECHANISM, "PLAIN"); // SSL 加密。 props.put(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, kafkaProperties.getProperty(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG)); props.put(SslConfigs.SSL_TRUSTSTORE_...
'security.protocol':'SASL_PLAINTEXT', 'sasl.mechanisms':'PLAIN', 'message.max.bytes':32000, 'fetch.message.max.bytes':32000, 'max.partition.fetch.bytes':32000, 'sasl.username':config['sasl_plain_username'], 'sasl.password':config['sasl_plain_password'], ...
security.protocol配置证书协议类型,开启SSL双向认证时,必须设置为SSL。 ssl.truststore.location配置为client.truststore.jks证书的存放路径。 ssl.truststore.password为client.truststore.jks的密码。 ssl.endpoint.identification.algorithm为证书域名校验开关,为空则表示关闭。这里需要保持关闭状态,必须设置为空。 ssl.keysto...
客户端连接忽略信任证书,可以通过实现org.apache.kafka.common.security.auth.SslEngineFactory接口,在该实现类的createClientSslEngine方法中返回忽略证书的SSLEngine,然后将该类配置到ssl.engine.factory.class配置项,此实现类参考TrustAllCertsSslEngineFactory样例: import org.apache.kafka.common.security.auth.SslEngine...