Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

HTTPS access to Ranger via Knox ?

avatar
Guru

Hi,

due to security concerns I need to provide Ranger WebUI via Https, and I thought accessing it through Knox would be a simple approach. But I can also imagine some wired conflicts while e.g. configuring Knox policies for Knox, in Ranger and thereby creating some Kind of 'deadlock'....

What do you think about that approach, is it possible at all and how would a topology in Knox look like?!?!

Thanks for any thoughts and Hints!

1 ACCEPTED SOLUTION

avatar
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login
6 REPLIES 6

avatar
Master Mentor

avatar
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login

avatar
Guru

Thanks @Kevin Minder for your explanation.

Is it possible to proxy the NN / RM Webpage through Knox?....Just to put Access to those webuis behind HTTPS

avatar

Hi Kevin Minder-

I am at a similar situation right now. Trying to enable SSL in ranger (Version 0.5). I could see some some config props in Ambari ranger, so i am guess SSL enabling is possible and changed following props,

- ranger.service.https.attrib.ssl.enabled : true

- ranger.service.https.port :6182

- HTTP enabled :false

- External URL : https://hostname:6182

After trying out above steps to enable ssl for ranger i end up getting an alert connection refused error to the url

https://hostname:6182 and the ranger UI doesn't show up. I wonder if enabling SSL is possible for ranger UI Ver 0.5 (

https://issues.apache.org/jira/browse/RANGER-795)

or is there any other configs that I missed ?

avatar
Rising Star

Right now I was able to enable SSL in Ranger 0.6.0 downloaded from the Apache Foundation but not in Ranger 0.5.0 included in HDP 2.4.0. Hope in the next release Hortonworks will upgrade Ranger to 0.6.0.

avatar

I couldn't enable ssl in ranger.