diff --git a/package.json b/package.json index d5d49701d4..b42831aa17 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "umami", - "version": "2.15.0", + "version": "2.15.1", "description": "A simple, fast, privacy-focused alternative to Google Analytics.", "author": "Umami Software, Inc. ", "license": "MIT", diff --git a/scripts/check-env.js b/scripts/check-env.js index 280e7e398f..701e48c02f 100644 --- a/scripts/check-env.js +++ b/scripts/check-env.js @@ -23,5 +23,12 @@ if (!process.env.SKIP_DB_CHECK && !process.env.DATABASE_TYPE) { } if (process.env.CLOUD_MODE) { - checkMissing(['CLOUD_URL', 'KAFKA_BROKER', 'KAFKA_URL', 'REDIS_URL']); + checkMissing([ + 'CLOUD_URL', + 'KAFKA_BROKER', + 'KAFKA_URL', + 'REDIS_URL', + 'KAFKA_SASL_MECHANISM', + 'KAFKA_SSL', + ]); } diff --git a/src/lib/kafka.ts b/src/lib/kafka.ts index 38a7073e6a..1ac28a5bb7 100644 --- a/src/lib/kafka.ts +++ b/src/lib/kafka.ts @@ -1,5 +1,5 @@ import debug from 'debug'; -import { Kafka, Mechanism, Producer, RecordMetadata, SASLOptions, logLevel } from 'kafkajs'; +import { Kafka, Producer, RecordMetadata, SASLOptions, logLevel } from 'kafkajs'; import { KAFKA, KAFKA_PRODUCER } from 'lib/db'; import * as tls from 'tls'; @@ -12,13 +12,15 @@ const enabled = Boolean(process.env.KAFKA_URL && process.env.KAFKA_BROKER); function getClient() { const { username, password } = new URL(process.env.KAFKA_URL); const brokers = process.env.KAFKA_BROKER.split(','); + const sslEnabled = process.env.KAFKA_SSL.toLowerCase() === 'true'; + const mechanism = process.env.KAFKA_SASL_MECHANISM as 'plain' | 'scram-sha-256' | 'scram-sha-512'; - const ssl: { ssl?: tls.ConnectionOptions | boolean; sasl?: SASLOptions | Mechanism } = + const ssl: { ssl?: tls.ConnectionOptions | boolean; sasl?: SASLOptions } = username && password ? { - ssl: true, + ssl: sslEnabled, sasl: { - mechanism: 'scram-sha-256', + mechanism, username, password, },