Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to configure Spark Standalone's web UI for HTTPS?

Tags:

https

ssl

apache-spark

I'd like to set up Spark Standalone's Web UI so it can be accessed through HTTPS.

Spark is being run on a cluster external to the computer I'm using to access the browser.

Here's what I've done so far, and it's not working:

  • Used OpenSSL to make a self-signed certificate and key and then keytool to make a keystore
  • Packaged the certificate and key as a .p12 file
  • In Chrome's settings under Manage Certificates, imported said p12 file

  • In spark-defaults.conf, added options

    spark.ui.https.enabled                   true
spark.ui.ssl.server.keystore.location    /path/to/spark.keystore
spark.ui.ssl.server.keystore.keypassword password
spark.ui.ssl.server.keystore.password    password

  • In spark-env.sh, added

    export SPARK_MASTER_OPTS="-Dspark.ui.https.enabled=true \
  -Dspark.ui.ssl.server.keystore.location=/path/to/spark.keystore \
  -Dspark.ui.ssl.server.keystore.keypassword=password \
  -Dspark.ui.ssl.server.keystore.password=password"

export SPARK_WORKER_OPTS="-Dspark.ui.https.enabled=true \
  -Dspark.ui.ssl.server.keystore.location=/path/to/spark.keystore \
  -Dspark.ui.ssl.server.keystore.keypassword=password \
  -Dspark.ui.ssl.server.keystore.password=password"

I've tried to connect to the server before, after, and in between each of these steps, and I keep getting the error "This site can’t provide a secure connection". What am I missing here?

like image 580
K. Brown Avatar asked Oct 20 '25 03:10

K. Brown

2 Answers

According to this line I think that it's not possible to set up the Spark Standalone's web UI with HTTPS.

masterWebUiUrl = "http://" + masterPublicAddress + ":" + webUi.boundPort

My recommendation is to file an issue in Spark's JIRA and find a Spark developer to fix it.

like image 168
Jacek Laskowski Avatar answered Oct 22 '25 07:10

Jacek Laskowski

Below config worked for me, try putting this in "spark-defaults.conf" and restart the Spark service. Also check logs for which port Spark UI is listening on, as "spark.ssl.ui.port" is set to "0". In my case, it was running on port 8480.

spark.ssl.enabled true
spark.ssl.ui.port 0
spark.ssl.keyStore <path_to_keystore>
spark.ssl.keyStorePassword <keystore_password>
spark.ssl.keyPassword <key_password>
spark.ssl.trustStore <path_to_truststore>
spark.ssl.trustStorePassword <truststore_password>
spark.ssl.enabledAlgorithms ECDHE-RSA-AES256-SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
spark.ssl.protocol TLSv1.2
spark.ssl.trustStoreType JKS

See the screenshot for reference.

Spark Master running on HTTPS

like image 36
Krishna Pandey Avatar answered Oct 22 '25 07:10

Krishna Pandey
Sign in to Comment

Related questions

curl and openssl see different issuers
NGINX Redirect to HTTPS only works after refresh
keytool error: java.lang.Exception: Certificate reply and certificate in keystore are identical
Redirect HTTPS to HTTP on localhost only
Java exception client authentication TLS: password must not be null
Why does >16KB payload size result in huge decrease in throughput (TCP + TLS)?
How to get a certificate for Azure Application Gateway HTTPS listener
Certbot Error: "Error getting validation data", Nginx Ubuntu Node server
R CMD check fails with ubuntu when trying to download file, but function works within R
how to request ACM using AWS default DNS for ELB
Does Azure App Service for Linux support http2?
ELB to backend server using HTTPS with self-signed certificate
SSL wrap socket: AttributeError: 'module' object has no attribute 'wrap_socket'
Error creating CSR in openSSL using SubjectAltName 'OtherName"
How can I configure Charles proxy for SSL tracing of Google ad requests?
CondaHTTPError: HTTP 000 CONNECTION FAILED for url - Anaconda
Jenkins SSLHandshakeException while publishing to confluence
fockopen: Failed to enable crypto

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!