Hi Keith, I looked at your code/configs. So, you're running Nginx in front of Marathon while only allowing localhost connections to port 8081 (Marathon), correct?
Thanks Nikolay From: Keith Chambers (kechambe) [mailto:[email protected]] Sent: Friday, April 24, 2015 7:12 PM To: [email protected] Subject: Re: Mesosphere security We worked around this Marathon limitation with an Nginx based proxy container. The code is here: https://github.com/CiscoCloud/microservices-infrastructure/tree/master/roles/marathon Once Marathon supports disabling http in 0.8.2 we will switch to that. Hope this helps! Keith From: Dario Rexin <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Friday, April 24, 2015 at 8:36 AM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: Mesosphere security Hi Nikolay, we are close to releasing Marathon 0.8.2 which will support disabling HTTP with the flag '-disable_http'. Cheers, Dario On 24 Apr 2015, at 17:30, Nikolay Borodachev <[email protected]<mailto:[email protected]>> wrote: Hello All, I know that Marathon supports SSL but is there any way to force it to use SSL only and disable non-encrypted port 8080? Also, is there a way to hide user id and password from the command line parameters? Thanks Nikolay
