-
Notifications
You must be signed in to change notification settings - Fork 77
Loading modules via SSL
ml-gradle and its underlying libraries - ml-javaclient-util and ml-app-deployer - provide support for creating an app server with a certificate template and then, in the case of a REST API server, loading modules via an SSL connection with that server.
sample-project shows an example of how this works - here are the moving parts:
- A certificate template config file defines the template configuration.
- The REST API server file includes a reference to the SSL certificate template (see Referring to a resource by its ID for how this ID reference works).
- The build.gradle file adds an instance of GenerateTemporaryCertificateCommand to the mlDeploy task. This temporary certificate is then used by the REST API server (the management API offers other options for generating real certificates). Without generating this certificate, the REST API server won't be able to accept HTTP or HTTPS connections.
- gradle.properties includes mlSimpleSsl=true. This tells ml-gradle to use a very basic SSLContext and SSLHostnameVerifier (basic in that they do no validation) when loading modules into a REST API server.
Instead of using mlSimpleSsl, you can always configure your own SSLContext and SSLHostnameVerifier. The AppConfig instance that is stored under the key "mlAppConfig" by ml-gradle has properties named "restSslContext" and "restSslHostnameVerifier" for these objects. You can set these to anything in your build.gradle file - here's a pseudocode example:
ext {
def mySSLContext = write any Groovy code you want to create your own SSLContext
def mySSLHostnameVerifier = write any Groovy code you want to create your own SSLHostnameVerifier
def myTrustManager = write any Groovy code you want to create your own X509TrustManager
mlAppConfig.restSslContext = mySSLContext
mlAppConfig.restSslHostnameVerifier = mySSLHostnameVerifier
mlAppConfig.restTrustManager = myTrustManager // Only supported starting in ml-gradle 3.8.3
}
Note that SSLHostnameVerifier is a MarkLogic Java Client class. It includes a few built-in implementations that may suffice for you.
As of version 3.0.0, you can also manually configure the SSL components for a connection to the App-Services server:
ext {
mlAppConfig.appServicesSslContext = mySSLContext
mlAppConfig.appServicesSslHostnameVerifier = mlSSLHostnameVerifier
mlAppConfig.appServicesTrustManager = myTrustManager // Only supported starting in ml-gradle 3.8.3
}