-
Notifications
You must be signed in to change notification settings - Fork 80
SSL with Manage and Admin servers
In version 3.0.0, you can setup a simple SSL context while connecting to the Manage and/or Admin app servers by setting the appropriate properties:
mlManageSimpleSsl=true
mlManageScheme=https
mlAdminSimpleSsl=true
mlAdminScheme=https
Under the hood, this uses the SSLContextBuilder class in HttpClient to construct an SSLContext that trusts every request. That SSLContext is then used by the RestTemplate object that is used to connect to either the Manage or Admin app server.
Starting in 3.17.0, you can set mlAdminUseDefaultKeystore=true and mlManageUseDefaultKeystore=true so that your JVM's default keystore is used for trusting certificates (as opposed to the "trust everything" approach employed by mlAdminSimpleSsl and mlManageSimpleSsl). Note that you'll still need to set mlAdminScheme and mlManageScheme. See the Property Reference for additional properties that you can configure when using this approach.
If you need to setup an SSL connection in a differ manner, please see this ticket for an example of doing so within the build.gradle file. This article may help as well.
Starting in 3.4.0, you can define your own javax.net.ssl.SSLContext and org.apache.http.conn.ssl.X509HostnameVerifier on the mlManageConfig and mlAdminConfig objects that ml-gradle instantiates (each being an instance of RestConfig.
After doing so, you'll need to setManageConfig on mlManageClient and/or setAdminConfig on mlAdminManager to reinitialize the RestTemplate objects that these objects use to talk to ports 8002 and 8001 respectively.
Examples:
mlManageConfig.setSslContext(myCustomSslContext)
mlManageConfig.setHostnamerVerifier(myCustomHostnamerVerifier)
mlManageClient.setManageConfig(mlManageConfig)
And for the admin/8001 connection:
mlAdminConfig.setSslContext(myCustomSslContext)
mlAdminConfig.setHostnamerVerifier(myCustomHostnamerVerifier)
mlAdminManager.setAdminConfig(mlAdminConfig)