Encrypting Communication within a Presto Cluster

The nodes in a Presto cluster communicate over HTTP, and you can enable communication over HTTPS. QDS supports using SSL to encrypt communication within a Presto cluster; create a ticket with Qubole Support to enable this. Connecting to an SSL-enabled Presto Server without using Qubole describes how to connect to the Presto server from outside QDS and File-based User Authentication describes how to authenticate direct connections to Presto from outside QDS.

Important

Even when SSL is enabled, HTTP is still enabled on the coordinator node which is only open to the QDS Control Plane. Qubole uses HTTP to provide you access to the Presto UI, Query Tracker, and Presto notebooks.

You can disable HTTP on an SSL-enabled cluster by adding the following configuration to the cluster’s Presto Overrides:

config.properties:
http-server.http.enabled=false

Caution

Disabling HTTP comes at a cost of features that are using it in QDS. The Presto-UI, Live QueryTracker and Presto notebooks do not work after HTTP is disabled.