当前位置：首页 > news >正文

Kafka配置公网或NLB访问(TCP代理)

news 2025/8/3 18:03:41

这套配置适用于TCP代理和公网访问

分几种场景，正常来说我们直接使用kafka IP地址访问就行，考虑到网络架构和环境安全，需要使用公网或代理访问kafka时就需要对kafka进行一些额外配置

EXTERNAL这个地址需要监听本地地址，之后kafka会监听这个端口，此端口不能和INTERNAL端口一致，必须是不同的
advertised.listeners已经测试了NLB的连接，这里需要获取到NLB IP，DNS我没有测试，DNS域名太长
EXTERNAL可以配置多个，但一般很少这么用的
如果只是调试，暴露一个节点就行，如果需要暴露整个集群，那就在其他节点上也进行一样的配置

broker.id=15
delete.topic.enable=true
#inter.broker.listener.name=SASL_PLAINTEXT
#listeners=SASL_PLAINTEXT://10.198.170.15:9092
# 监听器和安全配置
listeners=INTERNAL://0.0.0.0:9092,EXTERNAL://0.0.0.0:9093
advertised.listeners=INTERNAL://10.198.170.15:9092,EXTERNAL://公网或者NLB地址:9093
listener.security.protocol.map=INTERNAL:SASL_PLAINTEXT,EXTERNAL:SASL_PLAINTEXT
inter.broker.listener.name=INTERNAL# 认证相关配置
security.protocol=SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=SCRAM-SHA-256
sasl.enabled.mechanisms=SCRAM-SHA-256,PLAIN
allow.everyone.if.no.acl.found=true
super.users=User:admin
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer

如果只配置一个节点，其他节点也需要按照如下进行配置

1、监听器名称需要统一：
SASL_PLAINTEXT 需要是INTERNAL
inter.broker.listener.name 也要对应修改
2、需要添加的配置：
listener.security.protocol.map
advertised.listeners
3、格式统一：
listeners 使用 0.0.0.0 而不是具体 IP
advertised.listeners 使用具体 IP

不需要外部访问以后注释四行配置，启用那两行就行
其他节点配置参考

broker.id=16
delete.topic.enable=true
#inter.broker.listener.name=SASL_PLAINTEXT
#listeners=SASL_PLAINTEXT://10.198.170.16:9092
# 监听器配置
listeners=INTERNAL://0.0.0.0:9092
advertised.listeners=INTERNAL://10.198.170.16:9092
listener.security.protocol.map=INTERNAL:SASL_PLAINTEXT
inter.broker.listener.name=INTERNAL# 认证配置
sasl.mechanism.inter.broker.protocol=SCRAM-SHA-256
sasl.enabled.mechanisms=SCRAM-SHA-256,PLAIN
allow.everyone.if.no.acl.found=true
super.users=User:admin
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer

完整配置

broker.id=15
delete.topic.enable=true
#inter.broker.listener.name=SASL_PLAINTEXT
#listeners=SASL_PLAINTEXT://10.198.170.15:9092
# 监听器和安全配置
listeners=INTERNAL://0.0.0.0:9092,EXTERNAL://0.0.0.0:9093
advertised.listeners=INTERNAL://10.198.170.15:9092,EXTERNAL://NLBIP或者公网IP:9093
listener.security.protocol.map=INTERNAL:SASL_PLAINTEXT,EXTERNAL:SASL_PLAINTEXT
inter.broker.listener.name=INTERNAL# 认证相关配置
security.protocol=SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=SCRAM-SHA-256
sasl.enabled.mechanisms=SCRAM-SHA-256,PLAIN
allow.everyone.if.no.acl.found=true
super.users=User:admin
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer# Kafka Basic Settings
num.network.threads=5
num.io.threads=8
socket.send.buffer.bytes=10240000
socket.receive.buffer.bytes=10240000
socket.request.max.bytes=1048576000
log.dirs=/data/kafka/data
num.partitions=1
default.replication.factor=3
num.recovery.threads.per.data.dir=1
offsets.topic.replication.factor=3
transaction.state.log.replication.factor=3
transaction.state.log.min.isr=2
log.retention.hours=168
log.segment.bytes=1073741824
log.retention.check.interval.ms=300000
zookeeper.connect=10.198.170.16:2181,10.198.170.17:2181,10.198.170.15:2181
zookeeper.connection.timeout.ms=12000
zookeeper.session.timeout.ms=12000
group.initial.rebalance.delay.ms=500
log.flush.interval.messages=10000
log.flush.interval.ms=1000
num.replica.fetchers=3
replica.fetch.min.bytes=1
replica.fetch.max.bytes=104857600
unclean.leader.election.enable=false
auto.create.topics.enable=true
min.isync.replicas=2
replica.socket.receive.buffer.bytes=65536
replica.socket.timeout.ms=30000
replica.lag.time.max.ms=5000
replica.fetch.wait.max.ms=1000
log.message.timestam..type=LogAppendTime
log.cleanup.policyo.elete
log.roll.hours=168
broker.rack=kafka-rac15
message.max.bytes=10000000
request.timeout.ms=30000