You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@aurora.apache.org by "Stephan Erb (JIRA)" <ji...@apache.org> on 2017/01/16 17:10:26 UTC

[jira] [Commented] (AURORA-343) HTTP thrift service is not over SSL

    [ https://issues.apache.org/jira/browse/AURORA-343?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15824305#comment-15824305 ] 

Stephan Erb commented on AURORA-343:
------------------------------------

Would anyone mind if we go down the route of requiring an reverse proxy such as nginx or apache to perform the SSL offloading for Aurora?

We have that requirement internally (including authentication). Unfortunately adding this upstream in Aurora is out of scope at the moment. However, I could at least document that a reverse proxy is the way to go, and add a few pointers how this can be done.

> HTTP thrift service is not over SSL
> -----------------------------------
>
>                 Key: AURORA-343
>                 URL: https://issues.apache.org/jira/browse/AURORA-343
>             Project: Aurora
>          Issue Type: Bug
>          Components: Scheduler
>            Reporter: Bill Farner
>            Priority: Minor
>              Labels: newbie
>
> {{SchedulerAPIServlet}} is bound against the default debug HTTP server, which is non-encrypted.  This leaves the door open to snooping.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)