In this recipe, you will learn how to make communication secure and limit the possibility of eavesdropping by enabling SSL.
Prepare certificates for encryption. We assume they are stored in /etc/mesos/conf/ssl/key
and /etc/mesos/conf/ssl/cert.pem
.
If you don't have certificates, you can create some with the following commands. Remember certificates are prepared only for example purposes and should not be used in a production environment:
mkdir -p /etc/mesos/conf/sslopensslreq -batch -nodes -new -x509 -keyout /etc/mesos/conf/ssl/key.pem -out /etc/mesos/conf/ssl/cert.pem
If you want to build Mesos from source with SSL enabled, configure the source code with the following options before you build it:
./configure --enable-libevent --enable-ssl.
To enable SSL, add the following lines to /etc/default/mesos
:
SSL_ENABLED=1
SSL_KEY_FILE=/etc/mesos/conf/ssl/key.pem
SSL_CERT_FILE=/etc/mesos/conf/ssl/cert.pem
SSL_REQUIRE_CERT=false