Revert "Temporarily disable proxy-protocol for port 4443 in jdisc"

This reverts commit a9e5c8b38d4b37862e38a43239720ccdf56470d2.
author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2020-07-22 14:21:06 +0200
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2020-07-22 14:21:06 +0200
commit: d7fa2988c4fc34998e4e974dae3e3b9678023a80 (patch)
tree: 5311ec8d6f547ae864c086d339250b881f6d754b /config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
parent: 64257fe90d37048dbdd38f8ae4fe775696548de4 (diff)
1 files changed, 8 insertions, 10 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
index 2fd88e112da..bcc2c9a3d6a 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
@@ -20,7 +20,6 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
     private static final List<String> INSECURE_WHITELISTED_PATHS = List.of("/status.html");
     private static final String DEFAULT_HOSTED_TRUSTSTORE = "/opt/yahoo/share/ssl/certs/athenz_certificate_bundle.pem";
 
-    private final boolean enableProxyProtocol;
     private final boolean enforceClientAuth;
 
     /**
@@ -28,29 +27,28 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
      */
     // TODO Enforce client authentication
     public static HostedSslConnectorFactory withProvidedCertificate(
-            String serverName, EndpointCertificateSecrets endpointCertificateSecrets, boolean enableProxyProtocol) {
-        return new HostedSslConnectorFactory(createConfiguredDirectSslProvider(serverName, endpointCertificateSecrets, DEFAULT_HOSTED_TRUSTSTORE, /*tlsCaCertificates*/null), false, enableProxyProtocol);
+            String serverName, EndpointCertificateSecrets endpointCertificateSecrets) {
+        return new HostedSslConnectorFactory(createConfiguredDirectSslProvider(serverName, endpointCertificateSecrets, DEFAULT_HOSTED_TRUSTSTORE, /*tlsCaCertificates*/null), false);
     }
 
     /**
      * Create connector factory that uses a certificate provided by the config-model / configserver and a truststore configured by the application.
      */
     public static HostedSslConnectorFactory withProvidedCertificateAndTruststore(
-            String serverName, EndpointCertificateSecrets endpointCertificateSecrets, String tlsCaCertificates, boolean enableProxyProtocol) {
-        return new HostedSslConnectorFactory(createConfiguredDirectSslProvider(serverName, endpointCertificateSecrets, /*tlsCaCertificatesPath*/null, tlsCaCertificates), true, enableProxyProtocol);
+            String serverName, EndpointCertificateSecrets endpointCertificateSecrets, String tlsCaCertificates) {
+        return new HostedSslConnectorFactory(createConfiguredDirectSslProvider(serverName, endpointCertificateSecrets, /*tlsCaCertificatesPath*/null, tlsCaCertificates), true);
     }
 
     /**
      * Create connector factory that uses the default certificate and truststore provided by Vespa (through Vespa-global TLS configuration).
      */
-    public static HostedSslConnectorFactory withDefaultCertificateAndTruststore(String serverName, boolean enableProxyProtocol) {
-        return new HostedSslConnectorFactory(new DefaultSslProvider(serverName), true, enableProxyProtocol);
+    public static HostedSslConnectorFactory withDefaultCertificateAndTruststore(String serverName) {
+        return new HostedSslConnectorFactory(new DefaultSslProvider(serverName), true);
     }
 
-    private HostedSslConnectorFactory(SimpleComponent sslProviderComponent, boolean enforceClientAuth, boolean enableProxyProtocol) {
+    private HostedSslConnectorFactory(SimpleComponent sslProviderComponent, boolean enforceClientAuth) {
         super("tls4443", 4443, sslProviderComponent);
         this.enforceClientAuth = enforceClientAuth;
-        this.enableProxyProtocol = enableProxyProtocol;
     }
 
     private static ConfiguredDirectSslProvider createConfiguredDirectSslProvider(
@@ -71,7 +69,7 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
                 .tlsClientAuthEnforcer(new ConnectorConfig.TlsClientAuthEnforcer.Builder()
                         .pathWhitelist(INSECURE_WHITELISTED_PATHS)
                         .enable(enforceClientAuth))
-                .proxyProtocol(new ConnectorConfig.ProxyProtocol.Builder().enabled(enableProxyProtocol).mixedMode(true))
+                .proxyProtocol(new ConnectorConfig.ProxyProtocol.Builder().enabled(true).mixedMode(true))
                 .idleTimeout(Duration.ofMinutes(3).toSeconds())
                 .maxConnectionLife(Duration.ofMinutes(10).toSeconds());
     }
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2020-07-22 14:21:06 +0200
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2020-07-22 14:21:06 +0200
commit	d7fa2988c4fc34998e4e974dae3e3b9678023a80 (patch)
tree	5311ec8d6f547ae864c086d339250b881f6d754b /config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
parent	64257fe90d37048dbdd38f8ae4fe775696548de4 (diff)