aboutsummaryrefslogtreecommitdiffstats
path: root/config-model/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'config-model/src/main/java')
-rw-r--r--config-model/src/main/java/com/yahoo/vespa/model/container/http/ConnectorFactory.java4
-rw-r--r--config-model/src/main/java/com/yahoo/vespa/model/container/http/JettyHttpServer.java9
-rw-r--r--config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java15
3 files changed, 18 insertions, 10 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ConnectorFactory.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ConnectorFactory.java
index 697cfc95039..4929c09d561 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ConnectorFactory.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ConnectorFactory.java
@@ -8,6 +8,7 @@ import com.yahoo.vespa.model.container.component.SimpleComponent;
import com.yahoo.vespa.model.container.http.ssl.DefaultSslProvider;
import com.yahoo.vespa.model.container.http.ssl.SslProvider;
+import java.util.List;
import java.util.Optional;
/**
@@ -40,6 +41,9 @@ public class ConnectorFactory extends SimpleComponent implements ConnectorConfig
public void getConfig(ConnectorConfig.Builder connectorBuilder) {
connectorBuilder.listenPort(listenPort);
connectorBuilder.name(name);
+ connectorBuilder.accessLog(new ConnectorConfig.AccessLog.Builder()
+ .remoteAddressHeaders(List.of("x-forwarded-for"))
+ .remotePortHeaders(List.of("X-Forwarded-Port")));
sslProviderComponent.amendConnectorConfig(connectorBuilder);
}
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/JettyHttpServer.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/JettyHttpServer.java
index 6a2d9685a33..0388230fa6a 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/JettyHttpServer.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/JettyHttpServer.java
@@ -63,17 +63,8 @@ public class JettyHttpServer extends SimpleComponent implements ServerConfig.Pro
.searchHandlerPaths(List.of("/search"))
);
if (isHostedVespa) {
- // Proxy-protocol v1/v2 is used in hosted Vespa for remote address/port
- builder.accessLog(new ServerConfig.AccessLog.Builder()
- .remoteAddressHeaders(List.of())
- .remotePortHeaders(List.of()));
-
// Enable connection log hosted Vespa
builder.connectionLog(new ServerConfig.ConnectionLog.Builder().enabled(true));
- } else {
- builder.accessLog(new ServerConfig.AccessLog.Builder()
- .remoteAddressHeaders(List.of("x-forwarded-for"))
- .remotePortHeaders(List.of("X-Forwarded-Port")));
}
configureJettyThreadpool(builder);
builder.stopTimeout(300);
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
index 2b13cd21e99..243d14a006f 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
@@ -7,6 +7,7 @@ import com.yahoo.security.tls.TlsContext;
import com.yahoo.vespa.model.container.http.ConnectorFactory;
import java.time.Duration;
+import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
@@ -22,6 +23,8 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
private final boolean proxyProtocolEnabled;
private final boolean proxyProtocolMixedMode;
private final Duration endpointConnectionTtl;
+ private final List<String> remoteAddressHeaders;
+ private final List<String> remotePortHeaders;
public static Builder builder(String name, int listenPort) { return new Builder(name, listenPort); }
@@ -32,6 +35,8 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
this.proxyProtocolEnabled = builder.proxyProtocolEnabled;
this.proxyProtocolMixedMode = builder.proxyProtocolMixedMode;
this.endpointConnectionTtl = builder.endpointConnectionTtl;
+ this.remoteAddressHeaders = List.copyOf(builder.remoteAddressHeaders);
+ this.remotePortHeaders = List.copyOf(builder.remotePortHeaders);
}
private static SslProvider createSslProvider(Builder builder) {
@@ -62,13 +67,19 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
.proxyProtocol(new ConnectorConfig.ProxyProtocol.Builder()
.enabled(proxyProtocolEnabled).mixedMode(proxyProtocolMixedMode))
.idleTimeout(Duration.ofSeconds(30).toSeconds())
- .maxConnectionLife(endpointConnectionTtl != null ? endpointConnectionTtl.toSeconds() : 0);
+ .maxConnectionLife(endpointConnectionTtl != null ? endpointConnectionTtl.toSeconds() : 0)
+ .accessLog(new ConnectorConfig.AccessLog.Builder()
+ .remoteAddressHeaders(remoteAddressHeaders)
+ .remotePortHeaders(remotePortHeaders));
+
}
public enum SslClientAuth { WANT, NEED, WANT_WITH_ENFORCER }
public static class Builder {
final String name;
final int port;
+ final List<String> remoteAddressHeaders = new ArrayList<>();
+ final List<String> remotePortHeaders = new ArrayList<>();
SslClientAuth clientAuth;
List<String> tlsCiphersOverride;
boolean proxyProtocolEnabled;
@@ -88,6 +99,8 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
public Builder tlsCaCertificatesPath(String path) { this.tlsCaCertificatesPath = path; return this; }
public Builder tlsCaCertificatesPem(String pem) { this.tlsCaCertificatesPem = pem; return this; }
public Builder tokenEndpoint(boolean enable) { this.tokenEndpoint = enable; return this; }
+ public Builder remoteAddressHeader(String header) { this.remoteAddressHeaders.add(header); return this; }
+ public Builder remotePortHeader(String header) { this.remotePortHeaders.add(header); return this; }
public HostedSslConnectorFactory build() { return new HostedSslConnectorFactory(this); }
}