Configuring Web Console and REST API Security

HTTPS Support

Drill 1.2 uses code-level support for transport layer security (TLS) to secure the Web Console and REST API. By default, the Web Console and REST API support the HTTP protocol. You set the following start-up option to TRUE to enable HTTPS support:

drill.exec.http.ssl_enabled

By default this start-up option is set to FALSE.

Drill generates a self-signed certificate that works with SSL for HTTPS access to the Web Console. Because Drill uses a self-signed certificate, you see a warning in the browser when you go to https://<node IP address>:8047. The Chrome browser, for example, requires you to click Advanced, and then Proceed to <address> (unsafe). If you have a signed certificate by an authority, you can set up a custom SSL to avoid this warning. You can set up SSL to specify the keystore or truststore, or both, for your organization, as described in the next section.

Setting Up a Custom SSL Configuration

As cluster administrator, you can set the following SSL configuration parameters in the conf/drill-override.conf file, as described in the Java product documentation:

javax.net.ssl.keyStore
Path to the application's certificate and private key in the Java keystore file.
javax.net.ssl.keyStorePassword
Password for accessing the private key from the keystore file.
javax.net.ssl.trustStore
Path to the trusted CA certificates in a keystore file.
javax.net.ssl.trustStorePassword
Password for accessing the trusted keystore file.

← Configuring User Impersonation with Hive AuthorizationConfiguration Options →