Configuring Hue to connect to TLS 1.2/TCPS-enabled databases
Learn how to configure an existing Hue instance to connect to TLS-enabled MySQL, MariaDB, or PostgreSQL databases or TCPS-enabled Oracle database.
If TLS 1.2 is enabled on the database servers, and the databases are restricted or enforced to use TLS 1.2, then Hue automatically uses the TLS1.2-compatible ciphers to communicate with the database securely. You do not have to configure any setting in Hue's Advanced Configuration Snippet or any other configurations. This is applicable when using MySQL, MariaDB, or PostgreSQL databases as a backend database for Hue.
To restrict the MySQL and MariaDB databases to use TLS 1.2, set the value of the
true in the
To manually enable TLS 1.2 on the Hue instance, go to Enable TLS/SSL for Hue option.and select the
The following section is specific for configuring Hue to connect to a TCPS-enabled Oracle database.
- You must have installed and configured Oracle as a backend database for Hue as described in Using Oracle database with Hue.
- You must have enabled TCPS on the Oracle database as described in Enabling TCPS for Oracle Database Server.
- You must have created database users.
- SSH in to the Hue host as an administrator.
- Copy the cwallet.sso file that is generated when you enabled SSL on the Oracle database to a desired location on the Hue host and make sure its permissions are 644.
Change directory to the following:
Create a file called sqlnet.ora and with the following
SSL_CLIENT_AUTHENTICATION = FALSE WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = /[***PATH-TO-WALLET-FILE***]) ) )
Create a file called tnsnames.ora and with the following
ORCLPDB1_SSL = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS)(HOST = [***HUE-DB-HOST***])(PORT = [***HUE-DB-PORT***])) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = [***SERVICE-NAME***])) ) (SECURITY = (MY_WALLET_DIRECTORY = /[***PATH-TO-WALLET-FILE***]) ) )
- Log in to Cloudera Manager as an Administrator.
Go to Hue
Database Name field:
and add the following connection string in the
(DESCRIPTION=(LOAD_BALANCE=off)(FAILOVER=on)(CONNECT_TIMEOUT=5)(TRANSPORT_CONNECT_TIMEOUT=3)(RETRY_COUNT=3)(ADDRESS=(PROTOCOL=TCPS)(HOST=[***HUE-DB-HOST***])(PORT=[***HUE-DB-PORT***]))(CONNECT_DATA=(SERVICE_NAME=[***SERVICE-NAME***])(SECURITY = (MY_WALLET_DIRECTORY = /[***PATH-TO-WALLET-FILE***])))Where,
[***HUE-DB-HOST***]is the FQDN of the database host
[***HUE-DB-PORT***]is the port for the Hue database
[***SERVICE-NAME***]is the Oracle service name
[***PATH-TO-WALLET-FILE***]is the location at which you have copied the wallet file (cwallet.sso) on the Hue host
- Click Save Changes.
- Restart the Hue service.