diff options
author | Martin Polden <mpolden@mpolden.no> | 2022-02-11 09:25:42 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-02-11 09:25:42 +0100 |
commit | 1ca6892352f04c5f645f8caed076cc667973a2f0 (patch) | |
tree | 656367c8b956c7c19b3758a76b890e969f9c98b5 /node-repository/src/main | |
parent | 5e849a507070560565d4fed6646f1b49943b81bf (diff) | |
parent | 3c70f554d6385a628cd2f6f5193b417dffa36243 (diff) |
Merge pull request #21141 from vespa-engine/mpolden/update-acl
Stop trusting port 4080 on proxy nodes
Diffstat (limited to 'node-repository/src/main')
-rw-r--r-- | node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java index 88a62c94f43..ac24c83e129 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java @@ -109,10 +109,9 @@ public class NodeAcl { case proxy: // Proxy nodes trust: // - config servers - // - all connections from the world on 4080 (insecure tb removed), and 4443 + // - all connections from the world on 443 (production traffic) and 4443 (health checks) trustedNodes.addAll(allNodes.nodeType(NodeType.config).asList()); trustedPorts.add(443); - trustedPorts.add(4080); trustedPorts.add(4443); break; |