Valid from Datafari 5.1 (Datafari CE and EE)
Use this only for specific use cases. This option is not recommended.
Datafari is launched by default in HTTPS: to access to Datafari the url is : https://IP_DATAFARI:443/Datafari (or obviously https://IP_DATAFARI/Datafari)
The certificate is autosigned. You can easily replace it by a “real” one. In some situations, you might want to launch Datafari into HTTP rather than HTTPS (for instance in case you already have a reverse proxy in front of your Datafari installation, you do not have real certificates and you do not want that your users see the warning in their browser about autosigned certificate).
The process is :
Backup the configuration in place for Apache proxy :
cp /opt/datafari/apache/sites-available/tomcat.conf /opt/datafari/apache/sites-available/tomcat.bkp
Edit the configuration of Apache :
nano /opt/datafari/apache/sites-available/tomcat.conf
Delete the lines related to the VirtualHost 80
<VirtualHost *:80> ServerName $YOURSERVERNAME Redirect / https://YOURSERVER CustomLog /dev/null common Header set X-Frame-Options SAMEORIGIN </VirtualHost>
Change the line :
<VirtualHost *:443>
to :
<VirtualHost *:80>
Finally remove the lines :
SSLEngine on SSLCertificateFile /opt/datafari/ssl-keystore/apache/datafari.crt SSLCertificateKeyFile /opt/datafari/ssl-keystore/apache/datafari.key
You can save and close the file.
3. Apply the new configuration :
apachectl restart
Valid from Datafari 4.4 up to Datafari 5 for Enterprise Edition
Use this only for specific use cases. This option is not recommended.
Datafari is launched by default in HTTPS ie to access to Datafari the url is : https://IP_DATAFARI:443/Datafari
The certificate is autosigned and you can easily replace it by a “real” one. For rare cases, you might want to launch Datafari into HTTP and not HTTPS (you already have a reverse proxy in front of your Datafari installation, you do not have real certificates and you do not want that your users see the warning in their browser about autosigned certificate).
The process is :
Backup the configuration in place for Apache proxy :
mv /opt/datafari/apache/sites-available/tomcat.conf /opt/datafari/apache/sites-available/tomcat.bkp
Copy the configuration for HTTP :
cp /opt/datafari/bin/deployUtils/docker/tomcat.conf /opt/datafari/apache/sites-available/
Apply the new configuration :
apachectl restart
Valid from 4.0 to 4.2 for Enterprise Edition
The documentation below is valid from Datafari v4.0.0 to 4.2
To disable the SSL protocol in Datafari, follow these steps:
Execute the following command:
/opt/datafari/solr/server/scripts/cloud-scripts/zkcli.sh -zkhost localhost:2181 -cmd clusterprop -name urlScheme -val http
Stop Datafari
Edit the file /opt/datafari/tomcat/webapps/Datafari/WEB-INF/web.xml and comment these lines:
<!-- Force HTTPS on All Datafari --> <security-constraint> <web-resource-collection> <web-resource-name>Datafari</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
Edit the file /opt/datafari/solr/bin/solr.in.sh and comment these lines (put a '#' in front of them):
SOLR_SSL_KEY_STORE=${DATAFARI_HOME}/ssl-keystore/datafari-keystore.jks SOLR_SSL_KEY_STORE_PASSWORD=DataFariAdmin SOLR_SSL_TRUST_STORE=${DATAFARI_HOME}/ssl-keystore/datafari-keystore.jks SOLR_SSL_TRUST_STORE_PASSWORD=DataFariAdmin SOLR_SSL_NEED_CLIENT_AUTH=false SOLR_SSL_WANT_CLIENT_AUTH=false
Edit the file /opt/datafari/tomcat/conf/solr.properties and set the parameter SOLRPROTOCOL to 'http':
SOLRPROTOCOL=http
Edit the file /opt/datafari/tomcat/conf/datafari.properties and set the parameter SOLRHOSTS to 'localhost:2181':
SOLRHOSTS=localhost:2181
Edit the file /opt/datafari/elk/kibana/config/kibana.yml and comment the following lines:
server.ssl.enabled: true server.ssl.certificate: /opt/datafari/ssl-keystore/datafari-cert.pem server.ssl.key: /opt/datafari/ssl-keystore/datafari-key.pem
Start Datafari
Go to the admin interface, Statistics/ELK configuration and change the Kibana URI parameter to use http instead of https: http://127.0.0.1:5601/app/kibana