diff options
author | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2023-07-18 12:51:04 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2023-07-19 14:18:27 +0200 |
commit | 319bf126996bdee9138c083285a41aab90d91192 (patch) | |
tree | a139eace326f7f90eb0791bb456e7c04c1db846b /config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java | |
parent | 6e7d5512fe93153c19da86eae50997f273df73e2 (diff) |
Control whether proxy protocol is enabled
Diffstat (limited to 'config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java')
-rw-r--r-- | config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java index 76014181558..365d7cd1a34 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java @@ -19,7 +19,8 @@ public class HostedSslConnectorFactory extends ConnectorFactory { boolean requireTlsClientAuthDuringTlsHandshake; private final List<String> tlsCiphersOverride; - private final boolean enableProxyProtocolMixedMode; + private final boolean proxyProtocolEnabled; + private final boolean proxyProtocolMixedMode; private final Duration endpointConnectionTtl; public static Builder builder(String name, int listenPort) { return new Builder(name, listenPort); } @@ -28,7 +29,8 @@ public class HostedSslConnectorFactory extends ConnectorFactory { super(new ConnectorFactory.Builder("tls"+builder.port, builder.port).sslProvider(createSslProvider(builder))); this.requireTlsClientAuthDuringTlsHandshake = builder.requireTlsClientAuthDuringTlsHandshake; this.tlsCiphersOverride = List.copyOf(builder.tlsCiphersOverride); - this.enableProxyProtocolMixedMode = builder.enableProxyProtocolMixedMode; + this.proxyProtocolEnabled = builder.proxyProtocolEnabled; + this.proxyProtocolMixedMode = builder.proxyProtocolMixedMode; this.endpointConnectionTtl = builder.endpointConnectionTtl; } @@ -57,7 +59,8 @@ public class HostedSslConnectorFactory extends ConnectorFactory { connectorBuilder.ssl.enabledCipherSuites(TlsContext.ALLOWED_CIPHER_SUITES.stream().sorted().toList()); } connectorBuilder - .proxyProtocol(new ConnectorConfig.ProxyProtocol.Builder().enabled(true).mixedMode(enableProxyProtocolMixedMode)) + .proxyProtocol(new ConnectorConfig.ProxyProtocol.Builder() + .enabled(proxyProtocolEnabled).mixedMode(proxyProtocolMixedMode)) .idleTimeout(Duration.ofSeconds(30).toSeconds()) .maxConnectionLife(endpointConnectionTtl != null ? endpointConnectionTtl.toSeconds() : 0); } @@ -67,7 +70,8 @@ public class HostedSslConnectorFactory extends ConnectorFactory { final int port; boolean requireTlsClientAuthDuringTlsHandshake; List<String> tlsCiphersOverride; - boolean enableProxyProtocolMixedMode; + boolean proxyProtocolEnabled; + boolean proxyProtocolMixedMode; Duration endpointConnectionTtl; EndpointCertificateSecrets endpointCertificate; String tlsCaCertificatesPem; @@ -78,7 +82,7 @@ public class HostedSslConnectorFactory extends ConnectorFactory { public Builder requireTlsClientAuthDuringTlsHandshake(boolean enable) {this.requireTlsClientAuthDuringTlsHandshake = enable; return this; } public Builder endpointConnectionTtl(Duration ttl) { endpointConnectionTtl = ttl; return this; } public Builder tlsCiphersOverride(Collection<String> ciphers) { tlsCiphersOverride = List.copyOf(ciphers); return this; } - public Builder proxyProtocolMixedMode(boolean enable) { enableProxyProtocolMixedMode = enable; return this; } + public Builder proxyProtocol(boolean enabled, boolean mixedMode) { proxyProtocolEnabled = enabled; proxyProtocolMixedMode = mixedMode; return this; } public Builder endpointCertificate(EndpointCertificateSecrets cert) { this.endpointCertificate = cert; return this; } public Builder tlsCaCertificatesPath(String path) { this.tlsCaCertificatesPath = path; return this; } public Builder tlsCaCertificatesPem(String pem) { this.tlsCaCertificatesPem = pem; return this; } |