Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

Valid from Datafari 5.1 (Datafari CE and EE)

Info

Use this only for specific use cases. This option is not recommended.

Datafari is launched by default in HTTPS: to access to Datafari the url is : https://IP_DATAFARI/Datafari

The certificate is autosigned. You can easily replace it by a “real” one. In some situations, you might want to launch Datafari into HTTP rather than HTTPS (for instance in case you already have a reverse proxy in front of your Datafari 4.4+ installation, you do not have real certificates and you do not want that your users see the warning in their browser about autosigned certificate).

The process is :

  1. Backup the configuration in place for Apache proxy :

    Code Block
    cp /opt/datafari/apache/sites-available/tomcat.conf /opt/datafari/apache/sites-available/tomcat.bkp
  2. Edit the configuration of Apache :

    Code Block
    nano /opt/datafari/apache/sites-available/tomcat.conf
  • Delete the lines related to the VirtualHost 80

Code Block
<VirtualHost *:80>
   ServerName $YOURSERVERNAME
   Redirect / https://YOURSERVER
   CustomLog /dev/null common
   Header set X-Frame-Options SAMEORIGIN

</VirtualHost>
  • Change the line :

Code Block
<VirtualHost *:443>

to :

Code Block
<VirtualHost *:80>
  • Finally remove the lines :

Code Block
SSLEngine on
  SSLCertificateFile /opt/datafari/ssl-keystore/apache/datafari.crt
  SSLCertificateKeyFile /opt/datafari/ssl-keystore/apache/datafari.key

You can save and close the file.

3. Apply the new configuration :

Code Block
apachectl restart

...

Expand
titleValid from Datafari 4.4 up to Datafari 5 for Enterprise Edition
Info

Valid from Datafari 4.4 up to Datafari 5 for Enterprise Edition

Info

Use this only for specific use cases. This option is not recommended.

Datafari is launched by default in HTTPS ie to access to Datafari the url is : https://IP_DATAFARI:443/Datafari

The certificate is autosigned and you can easily replace it by a “real” one. For rare cases, you might want to launch Datafari into HTTP and not HTTPS (you already have a reverse proxy in front of your Datafari installation, you do not have real certificates and you do not want that your users see the warning in their browser about autosigned certificate).

The process is :

  1. Backup the configuration in place for Apache proxy :

    Code Block
    mv /opt/datafari/apache/sites-available/tomcat.conf

...

  1.  /opt/datafari/apache/sites-available/tomcat.bkp
  2. Copy the configuration for HTTP :

    Code Block
    cp /opt/datafari/bin/deployUtils/docker/tomcat.conf /opt/datafari/apache/sites-available/
  3. Apply the new configuration :

    Code Block
    apachectl restart

...

Expand
titleValid from 4.0 to 4.2 for Enterprise Edition
Info

Valid from 4.0 to 4.2 for Enterprise Edition

The documentation below is valid from Datafari v4.0.0 to 4.2

To disable the SSL protocol in Datafari, follow these steps:

  1. Execute the following command:

    Code Block
    /opt/datafari/solr/server/scripts/cloud-scripts/zkcli.sh -zkhost localhost:2181 -cmd clusterprop -name urlScheme -val http
  2. Stop Datafari

  3. Edit the file /opt/datafari/tomcat/webapps/Datafari/WEB-INF/web.xml and comment these lines:

    Code Block
    <!-- Force HTTPS on All Datafari -->
       <security-constraint>
         <web-resource-collection>
             <web-resource-name>Datafari</web-resource-name>
             <url-pattern>/*</url-pattern>
         </web-resource-collection>
         <user-data-constraint>
             <transport-guarantee>CONFIDENTIAL</transport-guarantee>
         </user-data-constraint>
       </security-constraint>


  4. Edit the file /opt/datafari/solr/bin/solr.in.sh and comment these lines (put a '#' in front of them):

    Code Block
    SOLR_SSL_KEY_STORE=${DATAFARI_HOME}/ssl-keystore/datafari-keystore.jks
    SOLR_SSL_KEY_STORE_PASSWORD=DataFariAdmin
    SOLR_SSL_TRUST_STORE=${DATAFARI_HOME}/ssl-keystore/datafari-keystore.jks
    SOLR_SSL_TRUST_STORE_PASSWORD=DataFariAdmin
    SOLR_SSL_NEED_CLIENT_AUTH=false
    SOLR_SSL_WANT_CLIENT_AUTH=false
  5. Edit the file /opt/datafari/tomcat/conf/solr.properties and set the parameter SOLRPROTOCOL to 'http':

    Code Block
    SOLRPROTOCOL=http


  6. Edit the file /opt/datafari/tomcat/conf/datafari.properties and set the parameter SOLRHOSTS to 'localhost:2181':

    Code Block
    SOLRHOSTS=localhost:2181
  7. Edit the file /opt/datafari/elk/kibana/config/kibana.yml and comment the following lines:

    Code Block
    server.ssl.enabled: true
    server.ssl.certificate: /opt/datafari/ssl-keystore/datafari-cert.pem
    server.ssl.key: /opt/datafari/ssl-keystore/datafari-key.pem
  8. Start Datafari

  9. Go to the admin interface, Statistics/ELK configuration and change the Kibana URI parameter to use http instead of https: http://127.0.0.1:5601/app/kibana