kafka内外网分流访问的配置项

我们kafka由公网的许多设备上报信息，服务端的服务来处理，所以要求能通过公网访问，而且内网间不走公网访问来节省流量。下面是一个可用的server.properties:



broker.id=0

num.network.threads=3

num.io.threads=8

socket.send.buffer.bytes=102400

socket.receive.buffer.bytes=102400

socket.request.max.bytes=104857600

log.dirs=/data/kafka

num.partitions=1

num.recovery.threads.per.data.dir=1

offsets.topic.replication.factor=1

transaction.state.log.replication.factor=1

transaction.state.log.min.isr=1

log.retention.hours=360

log.retention.check.interval.ms=300000

zookeeper.connect=localhost:2181

zookeeper.connection.timeout.ms=18000

group.initial.rebalance.delay.ms=0

listener.security.protocol.map=INTERNAL:PLAINTEXT,EXTERNAL:PLAINTEXT

listeners=INTERNAL://192.168.1.210:19092,EXTERNAL://192.168.1.210:9092

advertised.listeners=INTERNAL://192.168.1.210:19092,EXTERNAL://48.140.52.103:9092

inter.broker.listener.name=INTERNAL

#super.users=User:admin

#security.inter.broker.protocol=SASL_PLAINTEXT

#sasl.enabled.mechanisms=PLAIN

#sasl.mechanism.inter.broker.protocol=PLAIN

#allow.everyone.if.no.acl.found=true

#authorizer.class.name=kafka.security.authorizer.AclAuthorizer

端口直接暴露在公网，但是不加密，这是非常不安全的，所以我们会给它加上密码：

root@robox-middleware:/opt/kafka_2.12-3.5.1/config# cat server.properties

auto.create.topics.enable=false

broker.id=0

num.network.threads=3

num.io.threads=8

socket.send.buffer.bytes=102400

socket.receive.buffer.bytes=102400

socket.request.max.bytes=104857600

log.dirs=/data/kafka

heartbeat.interval.ms=1000

num.partitions=1

num.recovery.threads.per.data.dir=1

offsets.topic.replication.factor=1

transaction.state.log.replication.factor=1

transaction.state.log.min.isr=1

log.retention.hours=360

log.retention.check.interval.ms=300000

zookeeper.connect=localhost:2181

zookeeper.connection.timeout.ms=18000

group.initial.rebalance.delay.ms=0

listener.security.protocol.map=INTERNAL:SASL_PLAINTEXT,EXTERNAL:SASL_PLAINTEXT

listeners=INTERNAL://192.168.100.63:19092,EXTERNAL://192.168.100.63:9092

advertised.listeners=INTERNAL://192.168.100.63:19092,EXTERNAL://47.174.123.125:9092

inter.broker.listener.name=INTERNAL

super.users=User:admin

#security.inter.broker.protocol=SASL_PLAINTEXT   #这行一定要注释掉

sasl.enabled.mechanisms=PLAIN

sasl.mechanism.inter.broker.protocol=PLAIN

allow.everyone.if.no.acl.found=true

authorizer.class.name=kafka.security.authorizer.AclAuthorizer

加上密码的话，需要在config目录写入下面两个配置文件：

#kafka_server_jaas.conf

KafkaServer {

        org.apache.kafka.common.security.plain.PlainLoginModule required

        username="admin"

        password="admin"

        user_admin="admin";

};

####

#kafka_client_jaas.conf

KafkaClient {

        org.apache.kafka.common.security.plain.PlainLoginModule required

        username="admin"

        password="admin";

};

以上。

Menu

Share

kafka内外网分流访问的配置项

kafka内外网分流访问的配置项

metabase数据从内建数据库迁移到mysql

Kubernetes-1.30.1安装istio-1.22.3流程记录

H3C F1030防火墙配置局域网通过svc的IP来访问k8s里面的服务

containerd配置拉取带鉴权的镜像

微信小程序使用CI/CD自动打包时对私钥的管理

记录一下H3C F1030怎样安全暴露端口给指定IP