State the configuration and purpose of health check proxy in the log

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2020-01-28 16:23:31 +0100
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2020-01-28 16:23:31 +0100
commit: 9c586fe2e00195f8c347a525b1fc8cdb9f5ba4a5 (patch)
tree: f5690c09e762b6b01a1f065ead3fbfc700af8722 /jdisc_http_service
parent: 816031cb45164bb6231339b89c6a6a0028eb514f (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HealthCheckProxyHandler.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HealthCheckProxyHandler.java
index ec2b1342649..2d54c716f8d 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HealthCheckProxyHandler.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HealthCheckProxyHandler.java
@@ -57,6 +57,9 @@ class HealthCheckProxyHandler extends HandlerWrapper {
             ConnectorConfig.HealthCheckProxy proxyConfig = connector.connectorConfig().healthCheckProxy();
             if (proxyConfig.enable()) {
                 mapping.put(connector.listenPort(), createProxyTarget(proxyConfig.port(), connectors));
+                log.info(String.format("Port %1$d is configured as a health check proxy for port %2$d. " +
+                                               "HTTP requests to '%3$s' on %1$d are proxied as HTTPS to %2$d.",
+                                       connector.listenPort(), proxyConfig.port(), HEALTH_CHECK_PATH));
             }
         }
         return mapping;
@@ -148,13 +151,16 @@ class HealthCheckProxyHandler extends HandlerWrapper {
             return client;
         }
 
-        private static SSLContext getSslContext(SslContextFactory.Server sslContextFactory) {
+        private SSLContext getSslContext(SslContextFactory.Server sslContextFactory) {
             if (sslContextFactory.getNeedClientAuth()) {
+                log.info(String.format("Port %d requires client certificate. HTTPS client will use the target server connector's ssl context.", port));
                 // A client certificate is only required if the server connector's ssl context factory is configured with "need-auth".
                 // We use the server's ssl context (truststore + keystore) if a client certificate is required.
                 // This will only work if the server certificate's CA is in the truststore.
                 return sslContextFactory.getSslContext();
             } else {
+                log.info(String.format(
+                        "Port %d does not require a client certificate. HTTPS client will use a custom ssl context accepting all certificates.", port));
                 // No client certificate required. The client is configured with a trust manager that accepts all certificates.
                 try {
                     return SSLContexts.custom().loadTrustMaterial(new TrustAllStrategy()).build();
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2020-01-28 16:23:31 +0100
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2020-01-28 16:23:31 +0100
commit	9c586fe2e00195f8c347a525b1fc8cdb9f5ba4a5 (patch)
tree	f5690c09e762b6b01a1f065ead3fbfc700af8722 /jdisc_http_service
parent	816031cb45164bb6231339b89c6a6a0028eb514f (diff)