Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Make proxy client timeout configurable | Bjørn Christian Seime | 2020-05-20 | 3 | -22/+29 |
| | | | | | Reduce default timeout to 1 second. Don't spam log with full stack trace. Don't close connection pool on timeout or other failures (when using sub-second timeout). | ||||
* | Disable jdisc debug logging for all unit tests (by default) | Bjørn Christian Seime | 2020-05-20 | 1 | -12/+0 |
| | |||||
* | Stabilize HttpServerTest | Bjørn Christian Seime | 2020-05-19 | 1 | -6/+17 |
| | | | | Retry test requests sent from Jetty client on failure | ||||
* | Disable debug logging in jdisc_http_service unit tests | Bjørn Christian Seime | 2020-05-19 | 1 | -0/+12 |
| | | | | Reduces surefire output from ~160MB to ~1MB. | ||||
* | Ignore local port reported from proxy-protocol header | Bjørn Christian Seime | 2020-04-30 | 8 | -8/+58 |
| | | | | | | Replace usage of ServletRequest.getLocalPort() with equivalent from ServerConnector. The latter will not be overridden by the proxy-protocol header if proxy-protocol is enabled for that connector. | ||||
* | Report expired client certificate as a separate metric | Bjørn Christian Seime | 2020-04-08 | 3 | -0/+46 |
| | |||||
* | 200 OK response on status.html for redirect handler | andreer | 2020-04-08 | 1 | -2/+6 |
| | |||||
* | Merge pull request #12855 from vespa-engine/bjorncs/jdisc-unknown-methods | Bjørn Christian Seime | 2020-04-07 | 2 | -6/+32 |
|\ | | | | | Return status code 405 for unknown HTTP methods | ||||
| * | Return status code 405 for unknown HTTP methods | Bjørn Christian Seime | 2020-04-06 | 2 | -6/+32 |
| | | | | | | | | JDisc previously returned 501 for unknown HTTP methods as mandated by the HTTP / Servlet specification. This caused a lot of noise in our 5xx response metrics for JDisc instances directly exposed to the internet (external actors performing vulnerability testing). This change will cause unknown methods to be handled identically to unsupported methods. | ||||
* | | make secure redirect use http (not https) | andreer | 2020-04-06 | 1 | -1/+1 |
|/ | |||||
* | Remove unused method | Bjørn Christian Seime | 2020-04-02 | 1 | -24/+0 |
| | |||||
* | Add connector config for max connection life | Bjørn Christian Seime | 2020-04-02 | 3 | -1/+15 |
| | |||||
* | Deprecate unused config parameter | Bjørn Christian Seime | 2020-04-02 | 1 | -1/+2 |
| | |||||
* | Make 'max requests per connection' config connector specific | Bjørn Christian Seime | 2020-04-02 | 6 | -14/+26 |
| | |||||
* | Add secure direct support to JDisc | Bjørn Christian Seime | 2020-04-02 | 4 | -4/+99 |
| | |||||
* | Merge pull request #12516 from ↵ | Morten Tokle | 2020-03-10 | 5 | -13/+187 |
|\ | | | | | | | | | vespa-engine/bjorncs/support-proxy-protocol-in-jdisc Support proxy protocol for https connectors | ||||
| * | Use multi-thread safe list implementation | Bjørn Christian Seime | 2020-03-09 | 1 | -1/+2 |
| | | |||||
| * | Close server before inspecting access log | Bjørn Christian Seime | 2020-03-09 | 1 | -9/+8 |
| | | |||||
| * | Update abi-spec | Bjørn Christian Seime | 2020-03-09 | 1 | -2/+36 |
| | | |||||
| * | Support proxy protocol for https connectors | Bjørn Christian Seime | 2020-03-09 | 4 | -10/+150 |
| | | |||||
* | | Remove unused variable | Bjørn Christian Seime | 2020-03-09 | 1 | -2/+0 |
| | | |||||
* | | Remove wiring for pre-bound channels in Jetty integration | Bjørn Christian Seime | 2020-03-09 | 4 | -98/+7 |
|/ | |||||
* | Handle SSLHandshakeException without message | Bjørn Christian Seime | 2020-03-06 | 1 | -0/+1 |
| | | | | We have observed in production that some SSLHandshakeException instances do not have a message. | ||||
* | Rename new jdisc http ssl handshake metrics | Bjørn Christian Seime | 2020-03-05 | 1 | -5/+5 |
| | | | | Rename new metrics to final names concluded from architect review. | ||||
* | Handle SslConnectionFactory wrapped in DetectorConnectionFactory | Bjørn Christian Seime | 2020-03-05 | 1 | -0/+3 |
| | | | | | Support TLS mixed mode after recent Jetty upgrade in health check proxy handler. SslConnectionFactory is no longer a top-level connection factory in connector if mixed mode is enabled. | ||||
* | Replace deprecated OptionalSslConnectionFactory with DetectorConnectionFactory | Bjørn Christian Seime | 2020-03-05 | 1 | -7/+2 |
| | |||||
* | Revert "Replace deprecated OptionalSslConnectionFactory with ↵ | Bjørn Christian Seime | 2020-03-05 | 1 | -2/+7 |
| | | | | | | | | | DetectorConnectionFactory" This reverts commit a7bfbb407c71e96d3a2effb34836d04ce3cd9d70. HealthCheckProxyHandler is unable to retrieve underlying SSLContext if SslConnectionFactory is wrapped in a DetectorConnectionFactory. | ||||
* | Merge pull request #12442 from ↵ | Bjørn Christian Seime | 2020-03-05 | 6 | -61/+268 |
|\ | | | | | | | | | vespa-engine/revert-12440-revert-12415-bjorncs/ssl-handshake-metric Revert "Revert "Bjorncs/ssl handshake metric"" | ||||
| * | Use TLSv1.3 in test instead of TLSv1.1 | Bjørn Christian Seime | 2020-03-05 | 1 | -2/+2 |
| | | | | | | | | TLSv1.1 seems to be disabled in JDK distribution on internal CI platform. | ||||
| * | Revert "Revert "Bjorncs/ssl handshake metric"" | Bjørn Christian Seime | 2020-03-04 | 6 | -61/+268 |
| | | |||||
* | | Merge pull request #12438 from vespa-engine/bjorncs/upgrade-jetty | Bjørn Christian Seime | 2020-03-04 | 1 | -6/+2 |
|\ \ | |/ |/| | Upgrade Jetty to 9.4.27 | ||||
| * | Replace deprecated OptionalSslConnectionFactory with DetectorConnectionFactory | Bjørn Christian Seime | 2020-03-04 | 1 | -7/+2 |
| | | |||||
| * | Upgrade Jetty to 9.4.27 | Bjørn Christian Seime | 2020-03-04 | 1 | -0/+1 |
| | | |||||
* | | Revert "Bjorncs/ssl handshake metric" | Harald Musum | 2020-03-04 | 6 | -268/+61 |
|/ | |||||
* | Replace dash with underscore in the new metric names | Bjørn Christian Seime | 2020-03-04 | 1 | -5/+5 |
| | |||||
* | Add workaround for odd behaviour with Jetty or Apache httpclient | Bjørn Christian Seime | 2020-03-03 | 1 | -0/+9 |
| | |||||
* | Report SSL handshake failures in metric | Bjørn Christian Seime | 2020-03-03 | 4 | -7/+224 |
| | |||||
* | Add constructor overload with list of enabled ciphers and protocol versions | Bjørn Christian Seime | 2020-03-03 | 1 | -1/+13 |
| | |||||
* | Make TLS client auth configurable in test driver factory | Bjørn Christian Seime | 2020-03-03 | 2 | -4/+11 |
| | |||||
* | Remove unused raw() and exceptTrailer() methods | Bjørn Christian Seime | 2020-03-03 | 1 | -47/+0 |
| | |||||
* | Close connections used by SimpleHttpClient | Bjørn Christian Seime | 2020-03-03 | 1 | -4/+13 |
| | |||||
* | Merge pull request #12230 from ↵ | Bjørn Christian Seime | 2020-02-20 | 1 | -1/+2 |
|\ | | | | | | | | | vespa-engine/bjorncs/tls-hostname-validation-jrt-wiring Bjorncs/tls hostname validation jrt wiring | ||||
| * | Specify new DefaultTlsContext constructor parameter | Bjørn Christian Seime | 2020-02-17 | 1 | -1/+2 |
| | | |||||
* | | Close all connections on ssl handshake failure | Bjørn Christian Seime | 2020-02-19 | 1 | -2/+10 |
| | | |||||
* | | Specify default request timeouts | Bjørn Christian Seime | 2020-02-19 | 1 | -0/+8 |
| | | |||||
* | | Use persisent connections | Bjørn Christian Seime | 2020-02-19 | 1 | -3/+1 |
|/ | |||||
* | Use cipher/protocol config to configure Jetty | Bjørn Christian Seime | 2020-01-31 | 1 | -21/+48 |
| | |||||
* | Add connector config for enabled cipher suites and protocol versions | Bjørn Christian Seime | 2020-01-31 | 2 | -2/+19 |
| | |||||
* | Move cipher and protocol inclusion/exclusion logic to separate class | Bjørn Christian Seime | 2020-01-31 | 2 | -18/+38 |
| | |||||
* | State the configuration and purpose of health check proxy in the log | Bjørn Christian Seime | 2020-01-28 | 1 | -1/+7 |
| |