diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-01-28 16:23:31 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-01-28 16:23:31 +0100 |
commit | 9c586fe2e00195f8c347a525b1fc8cdb9f5ba4a5 (patch) | |
tree | f5690c09e762b6b01a1f065ead3fbfc700af8722 /jdisc_http_service | |
parent | 816031cb45164bb6231339b89c6a6a0028eb514f (diff) |
State the configuration and purpose of health check proxy in the log
Diffstat (limited to 'jdisc_http_service')
-rw-r--r-- | jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HealthCheckProxyHandler.java | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HealthCheckProxyHandler.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HealthCheckProxyHandler.java index ec2b1342649..2d54c716f8d 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HealthCheckProxyHandler.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HealthCheckProxyHandler.java @@ -57,6 +57,9 @@ class HealthCheckProxyHandler extends HandlerWrapper { ConnectorConfig.HealthCheckProxy proxyConfig = connector.connectorConfig().healthCheckProxy(); if (proxyConfig.enable()) { mapping.put(connector.listenPort(), createProxyTarget(proxyConfig.port(), connectors)); + log.info(String.format("Port %1$d is configured as a health check proxy for port %2$d. " + + "HTTP requests to '%3$s' on %1$d are proxied as HTTPS to %2$d.", + connector.listenPort(), proxyConfig.port(), HEALTH_CHECK_PATH)); } } return mapping; @@ -148,13 +151,16 @@ class HealthCheckProxyHandler extends HandlerWrapper { return client; } - private static SSLContext getSslContext(SslContextFactory.Server sslContextFactory) { + private SSLContext getSslContext(SslContextFactory.Server sslContextFactory) { if (sslContextFactory.getNeedClientAuth()) { + log.info(String.format("Port %d requires client certificate. HTTPS client will use the target server connector's ssl context.", port)); // A client certificate is only required if the server connector's ssl context factory is configured with "need-auth". // We use the server's ssl context (truststore + keystore) if a client certificate is required. // This will only work if the server certificate's CA is in the truststore. return sslContextFactory.getSslContext(); } else { + log.info(String.format( + "Port %d does not require a client certificate. HTTPS client will use a custom ssl context accepting all certificates.", port)); // No client certificate required. The client is configured with a trust manager that accepts all certificates. try { return SSLContexts.custom().loadTrustMaterial(new TrustAllStrategy()).build(); |