[
https://issues.apache.org/jira/browse/AURORA-343?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15824305#comment-15824305
]
Stephan Erb commented on AURORA-343:
------------------------------------
Would anyone mind if we go down the route of requiring an reverse proxy such as
nginx or apache to perform the SSL offloading for Aurora?
We have that requirement internally (including authentication). Unfortunately
adding this upstream in Aurora is out of scope at the moment. However, I could
at least document that a reverse proxy is the way to go, and add a few pointers
how this can be done.
> HTTP thrift service is not over SSL
> -----------------------------------
>
> Key: AURORA-343
> URL: https://issues.apache.org/jira/browse/AURORA-343
> Project: Aurora
> Issue Type: Bug
> Components: Scheduler
> Reporter: Bill Farner
> Priority: Minor
> Labels: newbie
>
> {{SchedulerAPIServlet}} is bound against the default debug HTTP server, which
> is non-encrypted. This leaves the door open to snooping.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
