Add sidebar for "Pulasr SNI routing with ATS" content #7471
Conversation
Jennifer88huang-zz
changed the title
Jennifer88huang-zz
added
doc
|
I haven't finished refining yet, please do not review the content currently. |
| Pulsar clients support [SNI routing protocol](https://github.com/apache/pulsar/wiki/PIP-60:-Support-Proxy-server-with-SNI-routing), so you can connect to brokers through the proxy. You learn how to set up the ATS proxy and the Pulsar client to enable SNI routing, and connect Pulsar client to the broker through the ATS proxy. | ||
| Pulsar clients support [SNI routing protocol](https://github.com/apache/pulsar/wiki/PIP-60:-Support-Proxy-server-with-SNI-routing), so you can connect to brokers through the proxy. You learn how to set up the ATS proxy, enable SNI routing, and connect Pulsar client to the broker through the ATS proxy. | ||
|
|
||
| ### ATS-SNI Routing in Pulsar |
There was a problem hiding this comment.
this has to be 3rd level header and not main header.
| ``` | ||
|
|
||
| #### Pulsar geo-replication with SNI routing | ||
| ## Pulsar geo-replication with SNI routing |
There was a problem hiding this comment.
again it has to be sub-section and therefore we kept it 4-level header.
|
@rdhabalia thank you very much for your advice. I'll ping you when I finish the structure and content refining. |
|
@rdhabalia Thank you again for your advice. I've finished refining the content. PTAL again, thank you. You can also check examples on Layer 4 Routing. They use 2 or 3 level headings. It provides readers direct view on the main content. So if you agree, we can work together to refine the structure. |
Jennifer88huang-zz
changed the title
|
@Anonymitaet Thanks for your reviewing. |
Huanli-Meng
left a comment
Huanli-Meng
left a comment
There was a problem hiding this comment.
leave my comments, PTAL
| A proxy server is an intermediary server that forwards requests from multiple clients to different servers across the Internet. The proxy server acts as a "traffic cop" in both forward and reverse proxy scenarios, and benefits your system such as load balancing, performance, security, auto-scaling, and so on. | ||
|
|
||
| A proxy server is an intermediary server that forwards requests from multiple clients to different servers across the Internet. The proxy server acts as a "traffic cop" in both forward and reverse proxy scenarios, and brings various benefits to your system such as load balancing, performance, security, auto-scaling, etc. There are already many proxy servers available in the market which are fast and scalable. More importantly, these proxy servers cover various essential security aspects that are needed by large organizations to securely share their confidential data over the network. Pulsar provides a proxy implementation which acts as a reverse proxy and creates a gateway in front of brokers. However, pulsar does not supports using other proxies such as Apache Traffic Server (ATS), HAProxy, Nginx, and Envoy. These proxies are more scalable and secured. Most of these proxy-servers support **SNI routing** which is used to route traffic to a destination without terminating the SSL connection. Routing at layer 4 provides greater transparency because the outbound connection is determined by examining the destination address in the client TCP packets. | ||
| The proxy in Pulsar acts as a reverse proxy, and creates a gateway in front of brokers. Proxies such as Apache Traffic Server (ATS), HAProxy, Nginx, and Envoy are not supported in Pulsar. These proxy-servers support **SNI routing**. SNI routing is used to route traffic to a destination without terminating the SSL connection. Routing at layer 4 provides greater transparency because the outbound connection is determined by examining the destination address in the client TCP packets. |
There was a problem hiding this comment.
Change "routing at layer 4" to Layer 4 routing or Layer 4 SIN routing to make it consistent all through the document?
|
|
||
| To support SNI routing, you need to configure two files: `records.conf` and `ssl_server_name.conf`. | ||
|
|
||
| The [records.config](https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html) file is located in the `/usr/local/etc/trafficserver/` directory by default. The file lists configurable variables used by the Apache Traffic Server. |
There was a problem hiding this comment.
In the above, "Apache Traffic Server" is abbreviated to "ATS", so here should be an abbreviation.
|
|
||
| - `records.conf`: | ||
| The [records.config fil](https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html) (By default, it is located in `/usr/local/etc/trafficserver/`.) is a list of configurable variables used by the Apache Traffic Server and we have to update this file with TLS port (`http.server_ports`) on which proxy can listen and proxy certs (`ssl.client.cert.path` and `ssl.client.cert.filename`) for secure TLS tunneling. We also have to configure a range of server ports (`http.connect_ports`) that can be used for tunneling to the broker. If Pulsar brokers are listening on ports 4443 and 6651 then add the brokers’ service port in http.connect_ports configuration. | ||
| To configure the `records.config` files, complete the following steps. |
There was a problem hiding this comment.
if this is a step, there should be an ordered list instead of unordered list.
* update sidebar.json for proxy-sni * update * update * update sidebar.json * update * fix as per comments form Huanli
4 participants
Fixes #7421
Motivation
The
sidebar.jsonfile is not updated, so the content added in the .md file is not displayed on website.Modifications