kafka-ui icon indicating copy to clipboard operation
kafka-ui copied to clipboard

Published 20 hours ago verified publisher icon provectus

SunCertPathBuilderException when viewing topic detailed view running docker-compose

Open mvassli opened this issue 2 years ago • 10 comments

Issue submitter TODO list

  • [X] I've looked up my issue in FAQ
  • [X] I've searched for an already existing issues here
  • [X] I've tried running master-labeled docker image and the issue still persists there
  • [X] I'm running a supported version of the application which is listed here

Describe the bug (actual behavior)

When i start kafka-ui through docker-compose i have problems viewing detailed topic view. When i go to my cluster -> topics and click the topic name, the page is visible for 2-5 seconds before i am redirected to http://localhost:8080/404

In the logs i see error Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

If i instead start kafka-ui with docker run and manually add the cluster through GUI, i do not face any problems at all. docker run -it -p 8080:8080 -e DYNAMIC_CONFIG_ENABLED=true provectuslabs/kafka-ui

I have also tried adding DYNAMIC_CONFIG_ENABLED to docker-compose and validated the SASL_SSL settings in the GUI. When clicking "Validate" i am told the cluster config is valid.

I have verified that the following works as expected:

  • Viewing topics schema in schema registry.
  • Viewing all brokers at http://localhost:8080/ui/clusters/kreditt-bi/brokers
  • Seeing all avaiable topics at http://localhost:8080/ui/clusters/kreditt-bi/all-topics?perPage=25 (including correct number of messages and partitions)

Note that i have added network_mode: host to my docker-compose because i was having DNS issues and were unable to resolve the bootstrap servers. All bootstrap servers and schema registry are self-hosted in company network with private dns.

Expected behavior

No response

Your installation details

Version v0.7.1

---
version: '2'
services:

  kafka-ui:
    container_name: kafka-ui
    image: provectuslabs/kafka-ui:latest
    network_mode: host
    ports:
      - 8080:8080
    environment:
      KAFKA_CLUSTERS_0_NAME: kreditt-bi
      KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS: REDACTED:9092,REDACTED:9092,hda-REDACTED:9092,hda-REDACTED:9092
      KAFKA_CLUSTERS_0_SCHEMAREGISTRY: https://REDACTED
      KAFKA_CLUSTERS_0_PROPERTIES_SECURITY_PROTOCOL: SASL_SSL
      KAFKA_CLUSTERS_0_PROPERTIES_SASL_MECHANISM: SCRAM-SHA-512
      KAFKA_CLUSTERS_0_PROPERTIES_SASL_JAAS_CONFIG: 'org.apache.kafka.common.security.scram.ScramLoginModule required username="REDACTED" password="REDACTED";'
      KAFKA_CLUSTERS_0_SSL_TRUSTSTORE_LOCATION: /truststore.jks
      KAFKA_CLUSTERS_0_SSL_TRUSTSTORE_PASSWORD: 'REDACTED'
      KAFKA_CLUSTERS_0_PROPERTIES_SSL_KEYSTORE_TYPE: JKS
      KAFKA_CLUSTERS_0_SCHEMAREGISTRYSSL_TRUSTSTORELOCATION: /truststore.jks
      KAFKA_CLUSTERS_0_SCHEMAREGISTRYSSL_TRUSTSTOREPASSWORD:  'REDACTED'
    volumes:
      - ./truststore.jks:/truststore.jks

Steps to reproduce

  1. docker-compose -f docker-compose.yml up
  2. Open localhost:8080
  3. Click "topics" under my cluster
  4. Click the topic name

Topic detailed view is visible for 2-5 seconds before i am redirected to 404 error page.

Screenshots

No response

Logs

logs.txt

Additional context

docker on rhel 8 distro

mvassli avatar Sep 05 '23 08:09 mvassli