Apache Zeppelin with SSL

Apache Zeppelin is an awesome web based notebook that allows for interactive data analytics. It is architected to be language agnostic and (as of today) supports Scala (with Apache Spark), SparkSQL, Markdown and Shell.

In this post, we will describe how to configure a  Zeppelin notebook Server with SSL

Here is how to do it simply…

First Install Zeppelin

  • Install Zeppelin
    • git clone https://github.com/apache/incubator-zeppelin.git
    • mvn clean package -Pspark-1.4 -Dhadoop.version=2.2.0 -Phadoop-2.2 -DskipTests
    • Note that, eventually, binaries will be available here

 

Create and install the certificate

Zeppelin uses Jetty under the covers, thus we’ll need to work with Java keystores.

The following steps are borrowed from this StackOverflow post:

  • openssl genrsa -des3 -out jetty.key 2048
  • openssl req -new -x509 -key jetty.key -out jetty.crt
  • keytool -keystore keystore -import -alias jetty -file jetty.crt -trustcacerts
  • openssl req -new -key jetty.key -out jetty.csr
  • openssl pkcs12 -inkey jetty.key -in jetty.crt -export -out jetty.pkcs12
  • keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -destkeystore keystore

 

Configure the Zeppelin Server

  • Rename zeppelin-site.xml.tempate to zeppelin-site.xml
    e.g. cp $ZEPPLIN_HOME/conf/zeppelin-site.xml.template $ZEPPLIN_HOME/conf/>zeppelin-site.xml
  • Edit zeppelin-site.xml. Keep all settings in tact and modify following parameters as described below:
    <property>
      <name>zeppelin.ssl</name>
      <value>true</value>
      <description>Should SSL be used by the servers?</description>
    </property>
    
    <property>
      <name>zeppelin.ssl.keystore.path</name>
       <value>/path/to/your/keystore</value> <!-- destkeystore from above -->
      <description>Path to keystore relative to Zeppelin home</description>
    </property>
    
    <property>
      <name>zeppelin.ssl.keystore.password</name>
      <value>keystore-password</value>
      <description>Keystore password. Can be obfuscated by the Jetty Password tool</description>
    </property>
    
    <property>
      <name>zeppelin.ssl.truststore.path</name>
      <value>/path/to/your/keystore</value> <!-- can have a separate truststore -->
      <description>Path to truststore relative to Zeppelin home. Defaults to the keystore path</description>
    </property>
    

Start the Zeppelin Server

  • $ZEPPELIN_HOME/bin/zeppelin-daemon.sh start

Thanks!

You may also like...

2 Responses

  1. njmote says:

    Thank you for your post. I’m having trouble getting this working… I’ve ran all of your commands above and have edited the site.xml file. I’m not sure if I’m using the right path to keystore/truststore. The server starts fine, but my browser says connection refused for https and http. Any help would be appreciated.

  1. June 28, 2016

    […] and its working fine. How can I launch my zeppelin server on https. I followed the steps given on http://carminedimascio.com/2015/06/running-zeppelin-with-ssl/ but its still not working. I have checked the security groups as well. Please […]

Leave a Reply