ApsaraDB for ClickHouse:Connect to an ApsaraDB for ClickHouse cluster over HTTPS

Prerequisites

• Only ApsaraDB for ClickHouse clusters of version 20.8 or later can be connected over HTTPS.

• HTTPS is enabled, and the required SSL certificate authority (CA) certificate is downloaded. For more information, see Enable HTTPS.

• The IP address of the connection source is added to the whitelist of the ApsaraDB for ClickHouse cluster. For more information, see Configure a whitelist.

• When the connection source and the ApsaraDB for ClickHouse cluster are deployed in different virtual private clouds (VPCs), a public endpoint is available for the ApsaraDB for ClickHouse cluster.

Precautions

• The response time for network connectivity increases when ApsaraDB for ClickHouse clusters are connected over HTTPS.

• The CPU utilization increases when ApsaraDB for ClickHouse clusters are connected over HTTPS. If you use the Internet and your business requires data encryption, we recommend that you use HTTPS to connect to ApsaraDB for ClickHouse. A VPC is secure. In most cases, you do not need to use HTTPS to connect to ApsaraDB for ClickHouse if a VPC is used.

Use Java JDBC for connectivity

1. Use an integrated development environment (IDE) tool such as Eclipse to create a Maven project and install the dependency that is provided by ApsaraDB for ClickHouse for JDBC drivers.

   <dependency>
     <groupId>ru.yandex.clickhouse</groupId>
     <artifactId>clickhouse-jdbc</artifactId>
     <version>0.3.1</version>
   </dependency>

2. Write code for your application. Obtain the connection object of ApsaraDB for ClickHouse.

   Syntax:

   public void run()
           throws InterruptedException {
   
       final ClickHouseProperties clickHouseProperties = new ClickHouseProperties();
       clickHouseProperties.setSslRootCertificate("<Path of the certificate>");
       clickHouseProperties.setSsl(true);
       clickHouseProperties.setSslMode("<SSL Mode. Valid values: strict and none>");
       clickHouseProperties.setUser("<Database account>");
       clickHouseProperties.setPassword("<Password of the database account>");
       clickHouseProperties.setSocketTimeout(<Timeout period. Unit: milliseconds>);
     	ClickHouseDataSource dataSource = new ClickHouseDataSource("jdbc:clickhouse://<Public endpoint, VPC endpoint, or IP address>:<HTTPS port number>/<Name of the database>?ssl=true", clickHouseProperties);
       try {
           final ClickHouseConnection conn = dataSource.getConnection();
           conn.createStatement().executeQuery("select now()");
       } catch (Throwable e) {
           e.printStackTrace();
       }
   }

   Note

   If you connect to an ApsaraDB for ClickHouse cluster by using an IP address, the connection source and the ApsaraDB for ClickHouse cluster must be deployed in the same VPC and the value of SSL Mode must be set to none.

   Example:

   public void run()
           throws InterruptedException {
   
       final ClickHouseProperties clickHouseProperties = new ClickHouseProperties();
       clickHouseProperties.setSslRootCertificate("/user/ck-root-ClickHouse-CA-Chain.pem");
       clickHouseProperties.setSsl(true);
       clickHouseProperties.setSslMode("strict");
       clickHouseProperties.setUser("test");
       clickHouseProperties.setPassword("123456Aa");
       clickHouseProperties.setSocketTimeout(2 * 3600 * 1000);
      	ClickHouseDataSource dataSource = new ClickHouseDataSource("jdbc:clickhouse://cc-****.public.clickhouse.ads.aliyuncs.com:8443/test01?ssl=true", clickHouseProperties);
       try {
           final ClickHouseConnection conn = dataSource.getConnection();
           conn.createStatement().executeQuery("select now()");
       } catch (Throwable e) {
           e.printStackTrace();
       }
   }

Use curl for connectivity

curl --cacert <Path of the certificate> https://<Public endpoint or VPC endpoint>:<HTTPS port number>/ping

curl --cacert ./ck-root-ClickHouse-CA-Chain.pem https://cc-bp163l724nkf****.clickhouse.ads.aliyuncs.com:8443/ping