diff options
Diffstat (limited to 'jdisc_http_service')
-rw-r--r-- | jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HealthCheckProxyHandler.java | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HealthCheckProxyHandler.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HealthCheckProxyHandler.java index ec2b1342649..2d54c716f8d 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HealthCheckProxyHandler.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HealthCheckProxyHandler.java @@ -57,6 +57,9 @@ class HealthCheckProxyHandler extends HandlerWrapper { ConnectorConfig.HealthCheckProxy proxyConfig = connector.connectorConfig().healthCheckProxy(); if (proxyConfig.enable()) { mapping.put(connector.listenPort(), createProxyTarget(proxyConfig.port(), connectors)); + log.info(String.format("Port %1$d is configured as a health check proxy for port %2$d. " + + "HTTP requests to '%3$s' on %1$d are proxied as HTTPS to %2$d.", + connector.listenPort(), proxyConfig.port(), HEALTH_CHECK_PATH)); } } return mapping; @@ -148,13 +151,16 @@ class HealthCheckProxyHandler extends HandlerWrapper { return client; } - private static SSLContext getSslContext(SslContextFactory.Server sslContextFactory) { + private SSLContext getSslContext(SslContextFactory.Server sslContextFactory) { if (sslContextFactory.getNeedClientAuth()) { + log.info(String.format("Port %d requires client certificate. HTTPS client will use the target server connector's ssl context.", port)); // A client certificate is only required if the server connector's ssl context factory is configured with "need-auth". // We use the server's ssl context (truststore + keystore) if a client certificate is required. // This will only work if the server certificate's CA is in the truststore. return sslContextFactory.getSslContext(); } else { + log.info(String.format( + "Port %d does not require a client certificate. HTTPS client will use a custom ssl context accepting all certificates.", port)); // No client certificate required. The client is configured with a trust manager that accepts all certificates. try { return SSLContexts.custom().loadTrustMaterial(new TrustAllStrategy()).build(); |