Hi Anuruddha, Great work in patching Marathon-lb to work with WSO2 products! Ideally this should be fixed in the upstream project otherwise maintenance will be a problem. Shall we create a issue in Marathon-lb project and send a PR?
Thanks. On Thu, Jul 21, 2016 at 5:24 PM, Anuruddha Liyanarachchi < anurudd...@wso2.com> wrote: > Hi All, > > By default marathon-lb blocks TLS 1.0 protocol [1]. > >> ssl-default-bind-options no-sslv3 no-tlsv10 no-tls-tickets >> >> Since wso2am uses TLS v1.0.0, users are unable to login to api-manager > publisher ui when sticky sessions are enabled. > > In order to sticky session to work with wso2am and jdk 1.7.*, we need to > enable TLS V1.0.0 in marathon_lb template. Also marathon-lb certificate > should be added to client-trust-store of wso2server. > > As a solution I have created a customized wso2/marathon-lb docker image > which has pre loaded with a self signed certificate [2]. This certificate > is added to client trust-store via puppet [3]. In production this > certificate can be replaced and configure with a proper certificate. > > I have pushed the customized docker image to docker hub > (wso2/marathon-lb:v1.3.1) and changed wso2-mesos-artifacts to use > customized image. > > > [1] https://github.com/mesosphere/marathon-lb/blob/master/config.py#L56 > [2] > https://github.com/wso2/mesos-artifacts/tree/master/common/marathon-lb/docker > [3] > https://github.com/wso2/puppet-modules/blob/master/modules/wso2base/manifests/import_cert.pp > -- > *Thanks and Regards,* > Anuruddha Lanka Liyanarachchi > Software Engineer - WSO2 > Mobile : +94 (0) 712762611 > Tel : +94 112 145 345 > a <thili...@wso2.com>nurudd...@wso2.com > -- Akila Ravihansa Perera WSO2 Inc.; http://wso2.com/ Blog: http://ravihansa3000.blogspot.com
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev