本文介绍了我们如何在防火墙/代理后面配置 kafka 生产者?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我们在 AWS 上安装了单节点 kafka.我们能够在这种环境中运行 kafka 生产者和消费者.但是,当我们的客户尝试向我们的 kafka 代理发送消息(在 AWS 环境之外)时,他们的消息被困在了他们的防火墙中.

We have a single node kafka installation on AWS. We are able to run kafka producer and consumer in this environment. But while our client tried to send messages (outside AWS environment) to our kafka broker, their messages stuck at their firewall.

因此客户端 kafka 生产者设置在防火墙/代理后面,我们的客户端如何在绕过代理后通过 kafka 发送消息.

So client kafka producer is setup behind a firewall/proxy, how can our client send messages through kafka after bypassing the proxy at their end.

推荐答案

首先检查问题是否确实是客户端防火墙问题,与不正确的代理设置(例如使用私有 AWS IP 作为广告侦听器)或 AWS 安全规则无关(不允许外部机器在端口 9092/9093 上连接).最简单的检查方法是从没有防火墙的外部主机发布自己.

First check that the problem is indeed a client firewall issue and not related to either incorrect broker settings (like using private AWS IP as advertised listener) or AWS security rules (not allowing external machines to connect on port 9092/9093). Easiest way to check is by publishing yourself from an external host without a firewall.

接下来检查他们是否允许端口 9092(或您用于 Kafka 的任何端口)上的 TCP 连接通过他们的客户端防火墙.

Next check that they have allowed TCP connections on port 9092 (or whatever you are using for Kafka) to pass through their client side firewall.

如果无法在防火墙中打开此端口,那么您可以考虑将数据发送到端口 80 或 443 上的 TCP 代理(如 haproxy),因为这些帖子通常是打开的.

If it's not possible to open this port in the firewall then you might consider either sending the data to a TCP proxy (like haproxy) on port 80 or 443 since those posts are often open.

如果这仍然不起作用,那么请考虑使用 HTTP(S) 代理(如 Confluent REST 代理)进行发布,因为它使用标准 HTTP(S) 端口和协议,可以穿越大多数客户端防火墙.

If that still doesn't work then consider publishing using an HTTP(S) proxy like the Confluent REST Proxy as it uses standard HTTP(S) ports and protocols that should traverse most client firewalls.

这篇关于我们如何在防火墙/代理后面配置 kafka 生产者?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-05 00:56