Merge pull request #21141 from vespa-engine/mpolden/update-acl

Stop trusting port 4080 on proxy nodes
author: Martin Polden <mpolden@mpolden.no> 2022-02-11 09:25:42 +0100
committer: GitHub <noreply@github.com> 2022-02-11 09:25:42 +0100
commit: 1ca6892352f04c5f645f8caed076cc667973a2f0 (patch)
tree: 656367c8b956c7c19b3758a76b890e969f9c98b5 /node-repository/src/main
parent: 5e849a507070560565d4fed6646f1b49943b81bf (diff)
parent: 3c70f554d6385a628cd2f6f5193b417dffa36243 (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java
index 88a62c94f43..ac24c83e129 100644
--- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java
+++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java
@@ -109,10 +109,9 @@ public class NodeAcl {
             case proxy:
                 // Proxy nodes trust:
                 // - config servers
-                // - all connections from the world on 4080 (insecure tb removed), and 4443
+                // - all connections from the world on 443 (production traffic) and 4443 (health checks)
                 trustedNodes.addAll(allNodes.nodeType(NodeType.config).asList());
                 trustedPorts.add(443);
-                trustedPorts.add(4080);
                 trustedPorts.add(4443);
                 break;
author	Martin Polden <mpolden@mpolden.no>	2022-02-11 09:25:42 +0100
committer	GitHub <noreply@github.com>	2022-02-11 09:25:42 +0100
commit	1ca6892352f04c5f645f8caed076cc667973a2f0 (patch)
tree	656367c8b956c7c19b3758a76b890e969f9c98b5 /node-repository/src/main
parent	5e849a507070560565d4fed6646f1b49943b81bf (diff)
parent	3c70f554d6385a628cd2f6f5193b417dffa36243 (diff)