diff options
Diffstat (limited to 'node-admin/basic-search-for-docker/src/main/application/services.xml')
-rw-r--r-- | node-admin/basic-search-for-docker/src/main/application/services.xml | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/node-admin/basic-search-for-docker/src/main/application/services.xml b/node-admin/basic-search-for-docker/src/main/application/services.xml new file mode 100644 index 00000000000..cea6861ca91 --- /dev/null +++ b/node-admin/basic-search-for-docker/src/main/application/services.xml @@ -0,0 +1,81 @@ +<?xml version='1.0' encoding='UTF-8'?> +<services version='1.0' xmlns:deploy="vespa" xmlns:preprocess="properties"> + + <jdisc id='default' version='1.0'> + <!-- See Vespa tutorial + <document-processing> + <chain id="default"> + <documentprocessor id="com.yahoo.example.ExampleDocumentProcessor" bundle="basic-application"/> + </chain> + </document-processing> + --> + + <!-- YCA Access Control + + Enable this to limit access to your application using YCA; we will support http://yo/athens later. + deploy:environment="prod" is needed if you want to enable easier access to other environments. You will not + be able to use YCA access control from an openhouse instance to the hosted Vespa Dev instance. + + The nonyca-request-chain is needed to allow e.g. health checks to bypass YCA + + In <yca.appid.allow> list the igor roles that includes the hosts that should be allowed to access this application + + See http://vespa.corp.yahoo.com/5/documentation/vespa-security.html + + To test this you can use curl, and add the Yahoo-App-Auth header: + -H "Yahoo-App-Auth: `yca-cert-util -show yahoo.namespace.role|cut -d" " -f2`" + + --> + <!-- + <http deploy:environment="prod"> + <filtering> + <request-chain id="yca-request-chain" excludes="com.yahoo.jdisc.http.filter.security.InputValidationFilter" inherits="standard-request-filters"> + <filter bundle="jdisc_http_filters" class="com.yahoo.jdisc.http.filter.security.YCAFilter" id="access-filter"> + <filter-config> + <yca.appid.allow>yahoo.namespace.role</yca.appid.allow> + <yca.allowAny>false</yca.allowAny> + <yca.optional>false</yca.optional> + </filter-config> + </filter> + <binding>http://*/*</binding> + <binding>https://*/*</binding> + </request-chain> + <request-chain excludes="access-filter" id="nonyca-request-chain" inherits="yca-request-chain"> + <binding>http://*/state/*</binding> + <binding>http://*/status.html</binding> + <binding>http://*/ApplicationStatus</binding> + <binding>https://*/state/*</binding> + <binding>https://*/status.html</binding> + <binding>https://*/ApplicationStatus</binding> + </request-chain> + </filtering> + <server id="main-server" port="4080" /> + </http> + --> + + <search> + <chain id='default' inherits='vespa'> + <searcher bundle='basic-application' id='com.yahoo.example.ExampleSearcher'> + <config name='example.message'> + <message>Hello, Vespa! (test build iteration 90)</message> + </config> + </searcher> + </chain> + </search> + <document-api/> + <nodes count='1' flavor='docker' docker-image='vespa-local:latest'/> + </jdisc> + + <content id='music' version='1.0'> + <redundancy>2</redundancy> + <documents> + <document mode='index' type='music'/> + </documents> + <nodes count='1' flavor='docker' docker-image='vespa-local:latest'/> + <engine> + <proton> + <searchable-copies>1</searchable-copies> + </proton> + </engine> + </content> +</services> |