diff options
Diffstat (limited to 'config-model/src/main/java')
3 files changed, 18 insertions, 10 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ConnectorFactory.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ConnectorFactory.java index 697cfc95039..4929c09d561 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ConnectorFactory.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ConnectorFactory.java @@ -8,6 +8,7 @@ import com.yahoo.vespa.model.container.component.SimpleComponent; import com.yahoo.vespa.model.container.http.ssl.DefaultSslProvider; import com.yahoo.vespa.model.container.http.ssl.SslProvider; +import java.util.List; import java.util.Optional; /** @@ -40,6 +41,9 @@ public class ConnectorFactory extends SimpleComponent implements ConnectorConfig public void getConfig(ConnectorConfig.Builder connectorBuilder) { connectorBuilder.listenPort(listenPort); connectorBuilder.name(name); + connectorBuilder.accessLog(new ConnectorConfig.AccessLog.Builder() + .remoteAddressHeaders(List.of("x-forwarded-for")) + .remotePortHeaders(List.of("X-Forwarded-Port"))); sslProviderComponent.amendConnectorConfig(connectorBuilder); } diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/JettyHttpServer.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/JettyHttpServer.java index 6a2d9685a33..0388230fa6a 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/JettyHttpServer.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/JettyHttpServer.java @@ -63,17 +63,8 @@ public class JettyHttpServer extends SimpleComponent implements ServerConfig.Pro .searchHandlerPaths(List.of("/search")) ); if (isHostedVespa) { - // Proxy-protocol v1/v2 is used in hosted Vespa for remote address/port - builder.accessLog(new ServerConfig.AccessLog.Builder() - .remoteAddressHeaders(List.of()) - .remotePortHeaders(List.of())); - // Enable connection log hosted Vespa builder.connectionLog(new ServerConfig.ConnectionLog.Builder().enabled(true)); - } else { - builder.accessLog(new ServerConfig.AccessLog.Builder() - .remoteAddressHeaders(List.of("x-forwarded-for")) - .remotePortHeaders(List.of("X-Forwarded-Port"))); } configureJettyThreadpool(builder); builder.stopTimeout(300); diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java index 2b13cd21e99..243d14a006f 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java @@ -7,6 +7,7 @@ import com.yahoo.security.tls.TlsContext; import com.yahoo.vespa.model.container.http.ConnectorFactory; import java.time.Duration; +import java.util.ArrayList; import java.util.Collection; import java.util.List; @@ -22,6 +23,8 @@ public class HostedSslConnectorFactory extends ConnectorFactory { private final boolean proxyProtocolEnabled; private final boolean proxyProtocolMixedMode; private final Duration endpointConnectionTtl; + private final List<String> remoteAddressHeaders; + private final List<String> remotePortHeaders; public static Builder builder(String name, int listenPort) { return new Builder(name, listenPort); } @@ -32,6 +35,8 @@ public class HostedSslConnectorFactory extends ConnectorFactory { this.proxyProtocolEnabled = builder.proxyProtocolEnabled; this.proxyProtocolMixedMode = builder.proxyProtocolMixedMode; this.endpointConnectionTtl = builder.endpointConnectionTtl; + this.remoteAddressHeaders = List.copyOf(builder.remoteAddressHeaders); + this.remotePortHeaders = List.copyOf(builder.remotePortHeaders); } private static SslProvider createSslProvider(Builder builder) { @@ -62,13 +67,19 @@ public class HostedSslConnectorFactory extends ConnectorFactory { .proxyProtocol(new ConnectorConfig.ProxyProtocol.Builder() .enabled(proxyProtocolEnabled).mixedMode(proxyProtocolMixedMode)) .idleTimeout(Duration.ofSeconds(30).toSeconds()) - .maxConnectionLife(endpointConnectionTtl != null ? endpointConnectionTtl.toSeconds() : 0); + .maxConnectionLife(endpointConnectionTtl != null ? endpointConnectionTtl.toSeconds() : 0) + .accessLog(new ConnectorConfig.AccessLog.Builder() + .remoteAddressHeaders(remoteAddressHeaders) + .remotePortHeaders(remotePortHeaders)); + } public enum SslClientAuth { WANT, NEED, WANT_WITH_ENFORCER } public static class Builder { final String name; final int port; + final List<String> remoteAddressHeaders = new ArrayList<>(); + final List<String> remotePortHeaders = new ArrayList<>(); SslClientAuth clientAuth; List<String> tlsCiphersOverride; boolean proxyProtocolEnabled; @@ -88,6 +99,8 @@ public class HostedSslConnectorFactory extends ConnectorFactory { public Builder tlsCaCertificatesPath(String path) { this.tlsCaCertificatesPath = path; return this; } public Builder tlsCaCertificatesPem(String pem) { this.tlsCaCertificatesPem = pem; return this; } public Builder tokenEndpoint(boolean enable) { this.tokenEndpoint = enable; return this; } + public Builder remoteAddressHeader(String header) { this.remoteAddressHeaders.add(header); return this; } + public Builder remotePortHeader(String header) { this.remotePortHeaders.add(header); return this; } public HostedSslConnectorFactory build() { return new HostedSslConnectorFactory(this); } } |