Openssl apache pulsar客户端在ubuntu服务器上进行tls身份验证握手时出错
我已经在Ubuntu 18.04.2 LTS上安装了apache pulsar standalone v2.3 从…起无需任何身份验证即可正常工作。我已尝试使用和配置tls证书。我已经按照链接中提到的修改了以下配置Openssl apache pulsar客户端在ubuntu服务器上进行tls身份验证握手时出错,openssl,apache-pulsar,Openssl,Apache Pulsar,我已经在Ubuntu 18.04.2 LTS上安装了apache pulsar standalone v2.3 从…起无需任何身份验证即可正常工作。我已尝试使用和配置tls证书。我已经按照链接中提到的修改了以下配置broker.conf、client.conf和standalone.conf。使用命令bin/pulsar standalone运行pulsar,并使用下面的命令发送消息 bin/pulsar客户端生成我的主题——消息“hello pulsar” 但它抛出了以下错误 [pulsar
broker.confclient.confstandalone.confbin/pulsar客户端生成我的主题——消息“hello pulsar” [pulsar-client-io-1-1] INFO org.apache.pulsar.client.impl.ConnectionPool -
[[id: 0x8010c4f5, L:/127.0.0.1:42840 - R:localhost/127.0.0.1:6651]]
Connected to server
09:47:17.686 [pulsar-client-io-1-1] WARN
org.apache.pulsar.client.impl.ClientCnx - Error during handshake
java.nio.channels.ClosedChannelException: null
at io.netty.handler.ssl.SslHandler.channelInactive(...)(Unknown Source)
~[io.netty-netty-all-4.1.32.Final.jar:4.1.32.Final]
09:47:17.691 [pulsar-client-io-1-1] INFO
org.apache.pulsar.client.impl.ClientCnx - [id: 0x8010c4f5,
L:/127.0.0.1:42840 ! R:localhost/127.0.0.1:6651] Disconnected
09:47:17.692 [pulsar-client-io-1-1] WARN
org.apache.pulsar.client.impl.ConnectionPool - [[id: 0x8010c4f5,
L:/127.0.0.1:42840 ! R:localhost/127.0.0.1:6651]] Connection handshake
failed: org.apache.pulsar.client.api.PulsarClientException: Connection
already closed
09:47:17.692 [pulsar-client-io-1-1] WARN
org.apache.pulsar.client.impl.PulsarClientImpl - [my-topic] Failed to get
partitioned topic metadata:
org.apache.pulsar.client.api.PulsarClientException: Connection already
closed
09:47:17.692 [main] ERROR org.apache.pulsar.client.cli.PulsarClientTool -
Error while producing messages
09:47:17.692 [main] ERROR org.apache.pulsar.client.cli.PulsarClientTool -
Connection already closed
org.apache.pulsar.client.api.PulsarClientException: Connection already
closed at
org.apache.pulsar.client.impl.ClientCnx.channelInactive(ClientCnx.java:204)
~[org.apache.pulsar-pulsar-client-original-2.3.0.jar:2.3.0]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive
(AbstractChannelHandlerContext.java:245) ~[io.netty-netty-all-
4.1.32.Final.jar:4.1.32.Final]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive
(AbstractChannelHandlerContext.java:231) ~[io.netty-netty-all-
4.1.32.Final.jar:4.1.32.Final]
at
io.netty.channel.AbstractChannelHandlerContext.fireChannelInactive
(AbstractChannelHandlerContext.java:224) ~[io.netty-netty-all-
4.1.32.Final.jar:4.1.32.Final]
at
io.netty.handler.codec.ByteToMessageDecoder.channelInputClosed
(ByteToMessageDecoder.java:390) ~[io.netty-netty-all-
4.1.32.Final.jar:4.1.32.Final]
at
io.netty.handler.codec.ByteToMessageDecoder.channelInactive
(ByteToMessageDecoder.java:355) ~[io.netty-netty-all-
4.1.32.Final.jar:4.1.32.Final]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive
(AbstractChannelHandlerContext.java:245) ~[io.netty-netty-all-
4.1.32.Final.jar:4.1.32.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive
(AbstractChannelHandlerContext.java:231) ~[io.netty-netty-all-
4.1.32.Final.jar:4.1.32.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelInactive
(AbstractChannelHandlerContext.java:224) ~[io.netty-netty-all-
4.1.32.Final.jar:4.1.32.Final]
at io.netty.handler.codec.ByteToMessageDecoder.channelInputClosed
(ByteToMessageDecoder.java:390) ~[io.netty-netty-all-
4.1.32.Final.jar:4.1.32.Final]
at io.netty.handler.codec.ByteToMessageDecoder.channelInactive
(ByteToMessageDecoder.java:355) ~[io.netty-netty-all-
4.1.32.Final.jar:4.1.32.Final]
at io.netty.handler.ssl.SslHandler.channelInactive(SslHandler.java:1054)
~[io.netty-netty-all-4.1.32.Final.jar:4.1.32.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive
(AbstractChannelHandlerContext.java:245) ~[io.netty-netty-all-
4.1.32.Final.jar:4.1.32.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive
(AbstractChannelHandlerContext.java:231) ~[io.netty-netty-all-
4.1.32.Final.jar:4.1.32.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelInactive
(AbstractChannelHandlerContext.java:224) ~[io.netty-netty-all-
4.1.32.Final.jar:4.1.32.Final]
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelInactive
(DefaultChannelPipeline.java:1429) ~[io.netty-netty-all-
4.1.32.Final.jar:4.1.32.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive
(AbstractChannelHandlerContext.java:245) ~[io.netty-netty-all-
4.1.32.Final.jar:4.1.32.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive
(AbstractChannelHandlerContext.java:231) ~[io.netty-netty-all-
4.1.32.Final.jar:4.1.32.Final]
at io.netty.channel.DefaultChannelPipeline.fireChannelInactive
(DefaultChannelPipeline.java:947) ~[io.netty-netty-all-
4.1.32.Final.jar:4.1.32.Final]
at io.netty.channel.AbstractChannel$AbstractUnsafe$8.run
(AbstractChannel.java:826) ~[io.netty-netty-all-
4.1.32.Final.jar:4.1.32.Final]
at io.netty.util.concurrent.AbstractEventExecutor.safeExecute
(AbstractEventExecutor.java:163) ~[io.netty-netty-all-
4.1.32.Final.jar:4.1.32.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks
(SingleThreadEventExecutor.java:404) ~[io.netty-netty-all-
4.1.32.Final.jar:4.1.32.Final]
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:335) ~
[io.netty-netty-all-4.1.32.Final.jar:4.1.32.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run
(SingleThreadEventExecutor.java:909) ~[io.netty-netty-all-
4.1.32.Final.jar:4.1.32.Final]
at io.netty.util.concurrent.FastThreadLocalRunnable.run
(FastThreadLocalRunnable.java:30) ~[io.netty-netty-all-
4.1.32.Final.jar:4.1.32.Final]
at java.lang.Thread.run(Thread.java:748) ~[?:1.8.0_201]
09:47:17.694 [main] INFO org.apache.pulsar.client.cli.PulsarClientTool - 0
messages successfully produced
是否有人可以帮助解决此问题?启用TLS传输加密后,需要将客户端配置为对web服务URL使用https://和端口8443,对代理服务URL使用pulsar+ssl://和端口6651 看起来您使用的客户端CLI工具bin/pulsar client生成我的主题消息“hello pulsar”没有使用https+ssl://前缀。因此,您的客户机正在尝试建立非安全连接,并且在TLS协商步骤上失败,因为它是安全的
您是否可以尝试使用简单的Java或Python客户端进行连接,该客户端确实指定了pulsar+ssl://前缀?启用TLS传输加密后,您需要将客户端配置为对web服务URL使用https://和端口8443,对代理服务URL使用pulsar+ssl://和端口6651 看起来您使用的客户端CLI工具bin/pulsar client生成我的主题消息“hello pulsar”没有使用https+ssl://前缀。因此,您的客户机正在尝试建立非安全连接,并且在TLS协商步骤上失败,因为它是安全的
如果在
broker.confclient.confstandalone.confbin/pulsar-client --url pulsar+ssl://127.0.0.1:6651 produce my-topic --messages "hello-pulsar"
standalone.conftlsEnabled=true
tlsCertificateFilePath=/path/to/broker.cert.pem
tlsKeyFilePath=/path/to/broker.key-pk8.pem
tlsTrustCertsFilePath=/path/to/ca.cert.pem
brokerServicePortTls=6651
client.confbrokerServiceUrl=pulsar+ssl://127.0.0.1:6651
webServiceUrl=https://127.0.0.1:8443
tlsTrustCertsFilePath=/path/to/ca.cert.pem
这应该可以工作。如果您已经在
broker.confclient.confstandalone.confbin/pulsar-client --url pulsar+ssl://127.0.0.1:6651 produce my-topic --messages "hello-pulsar"
standalone.conftlsEnabled=true
tlsCertificateFilePath=/path/to/broker.cert.pem
tlsKeyFilePath=/path/to/broker.key-pk8.pem
tlsTrustCertsFilePath=/path/to/ca.cert.pem
brokerServicePortTls=6651
client.confbrokerServiceUrl=pulsar+ssl://127.0.0.1:6651
webServiceUrl=https://127.0.0.1:8443
tlsTrustCertsFilePath=/path/to/ca.cert.pem
这应该是可行的。Hi,我有一个类似的问题,创建单元测试,给了我一个异常:org.apache.pulsar.client.api.PulsarClientException$InvalidServiceURL:java.lang.IllegalArgumentException:authority组件在服务uri:public/default中丢失。如果我还不想使用ssl,如何解决这个问题?@FelixAballi authority是URI的一部分。您的错误表明您没有提供。请参阅:。您好,我有一个类似的问题,创建单元测试时,给了我一个异常:org.apache.pulsar.client.api.PulsarClientException$InvalidServiceURL:java.lang.IllegalArgumentException:authority组件在服务uri中丢失:public/default。如果我还不想使用ssl,如何解决这个问题?@FelixAballi authority是URI的一部分。您的错误表明您没有提供。请参阅:。