aboutsummaryrefslogtreecommitdiffstats
path: root/jdisc_http_service
Commit message (Collapse)AuthorAgeFilesLines
* Make proxy client timeout configurableBjørn Christian Seime2020-05-203-22/+29
| | | | | Reduce default timeout to 1 second. Don't spam log with full stack trace. Don't close connection pool on timeout or other failures (when using sub-second timeout).
* Disable jdisc debug logging for all unit tests (by default)Bjørn Christian Seime2020-05-201-12/+0
|
* Stabilize HttpServerTestBjørn Christian Seime2020-05-191-6/+17
| | | | Retry test requests sent from Jetty client on failure
* Disable debug logging in jdisc_http_service unit testsBjørn Christian Seime2020-05-191-0/+12
| | | | Reduces surefire output from ~160MB to ~1MB.
* Ignore local port reported from proxy-protocol headerBjørn Christian Seime2020-04-308-8/+58
| | | | | | Replace usage of ServletRequest.getLocalPort() with equivalent from ServerConnector. The latter will not be overridden by the proxy-protocol header if proxy-protocol is enabled for that connector.
* Report expired client certificate as a separate metricBjørn Christian Seime2020-04-083-0/+46
|
* 200 OK response on status.html for redirect handlerandreer2020-04-081-2/+6
|
* Merge pull request #12855 from vespa-engine/bjorncs/jdisc-unknown-methodsBjørn Christian Seime2020-04-072-6/+32
|\ | | | | Return status code 405 for unknown HTTP methods
| * Return status code 405 for unknown HTTP methodsBjørn Christian Seime2020-04-062-6/+32
| | | | | | | | JDisc previously returned 501 for unknown HTTP methods as mandated by the HTTP / Servlet specification. This caused a lot of noise in our 5xx response metrics for JDisc instances directly exposed to the internet (external actors performing vulnerability testing). This change will cause unknown methods to be handled identically to unsupported methods.
* | make secure redirect use http (not https)andreer2020-04-061-1/+1
|/
* Remove unused methodBjørn Christian Seime2020-04-021-24/+0
|
* Add connector config for max connection lifeBjørn Christian Seime2020-04-023-1/+15
|
* Deprecate unused config parameterBjørn Christian Seime2020-04-021-1/+2
|
* Make 'max requests per connection' config connector specificBjørn Christian Seime2020-04-026-14/+26
|
* Add secure direct support to JDiscBjørn Christian Seime2020-04-024-4/+99
|
* Merge pull request #12516 from ↵Morten Tokle2020-03-105-13/+187
|\ | | | | | | | | vespa-engine/bjorncs/support-proxy-protocol-in-jdisc Support proxy protocol for https connectors
| * Use multi-thread safe list implementationBjørn Christian Seime2020-03-091-1/+2
| |
| * Close server before inspecting access logBjørn Christian Seime2020-03-091-9/+8
| |
| * Update abi-specBjørn Christian Seime2020-03-091-2/+36
| |
| * Support proxy protocol for https connectorsBjørn Christian Seime2020-03-094-10/+150
| |
* | Remove unused variableBjørn Christian Seime2020-03-091-2/+0
| |
* | Remove wiring for pre-bound channels in Jetty integrationBjørn Christian Seime2020-03-094-98/+7
|/
* Handle SSLHandshakeException without messageBjørn Christian Seime2020-03-061-0/+1
| | | | We have observed in production that some SSLHandshakeException instances do not have a message.
* Rename new jdisc http ssl handshake metricsBjørn Christian Seime2020-03-051-5/+5
| | | | Rename new metrics to final names concluded from architect review.
* Handle SslConnectionFactory wrapped in DetectorConnectionFactoryBjørn Christian Seime2020-03-051-0/+3
| | | | | Support TLS mixed mode after recent Jetty upgrade in health check proxy handler. SslConnectionFactory is no longer a top-level connection factory in connector if mixed mode is enabled.
* Replace deprecated OptionalSslConnectionFactory with DetectorConnectionFactoryBjørn Christian Seime2020-03-051-7/+2
|
* Revert "Replace deprecated OptionalSslConnectionFactory with ↵Bjørn Christian Seime2020-03-051-2/+7
| | | | | | | | | DetectorConnectionFactory" This reverts commit a7bfbb407c71e96d3a2effb34836d04ce3cd9d70. HealthCheckProxyHandler is unable to retrieve underlying SSLContext if SslConnectionFactory is wrapped in a DetectorConnectionFactory.
* Merge pull request #12442 from ↵Bjørn Christian Seime2020-03-056-61/+268
|\ | | | | | | | | vespa-engine/revert-12440-revert-12415-bjorncs/ssl-handshake-metric Revert "Revert "Bjorncs/ssl handshake metric""
| * Use TLSv1.3 in test instead of TLSv1.1Bjørn Christian Seime2020-03-051-2/+2
| | | | | | | | TLSv1.1 seems to be disabled in JDK distribution on internal CI platform.
| * Revert "Revert "Bjorncs/ssl handshake metric""Bjørn Christian Seime2020-03-046-61/+268
| |
* | Merge pull request #12438 from vespa-engine/bjorncs/upgrade-jettyBjørn Christian Seime2020-03-041-6/+2
|\ \ | |/ |/| Upgrade Jetty to 9.4.27
| * Replace deprecated OptionalSslConnectionFactory with DetectorConnectionFactoryBjørn Christian Seime2020-03-041-7/+2
| |
| * Upgrade Jetty to 9.4.27Bjørn Christian Seime2020-03-041-0/+1
| |
* | Revert "Bjorncs/ssl handshake metric"Harald Musum2020-03-046-268/+61
|/
* Replace dash with underscore in the new metric namesBjørn Christian Seime2020-03-041-5/+5
|
* Add workaround for odd behaviour with Jetty or Apache httpclientBjørn Christian Seime2020-03-031-0/+9
|
* Report SSL handshake failures in metricBjørn Christian Seime2020-03-034-7/+224
|
* Add constructor overload with list of enabled ciphers and protocol versionsBjørn Christian Seime2020-03-031-1/+13
|
* Make TLS client auth configurable in test driver factoryBjørn Christian Seime2020-03-032-4/+11
|
* Remove unused raw() and exceptTrailer() methodsBjørn Christian Seime2020-03-031-47/+0
|
* Close connections used by SimpleHttpClientBjørn Christian Seime2020-03-031-4/+13
|
* Merge pull request #12230 from ↵Bjørn Christian Seime2020-02-201-1/+2
|\ | | | | | | | | vespa-engine/bjorncs/tls-hostname-validation-jrt-wiring Bjorncs/tls hostname validation jrt wiring
| * Specify new DefaultTlsContext constructor parameterBjørn Christian Seime2020-02-171-1/+2
| |
* | Close all connections on ssl handshake failureBjørn Christian Seime2020-02-191-2/+10
| |
* | Specify default request timeoutsBjørn Christian Seime2020-02-191-0/+8
| |
* | Use persisent connectionsBjørn Christian Seime2020-02-191-3/+1
|/
* Use cipher/protocol config to configure JettyBjørn Christian Seime2020-01-311-21/+48
|
* Add connector config for enabled cipher suites and protocol versionsBjørn Christian Seime2020-01-312-2/+19
|
* Move cipher and protocol inclusion/exclusion logic to separate classBjørn Christian Seime2020-01-312-18/+38
|
* State the configuration and purpose of health check proxy in the logBjørn Christian Seime2020-01-281-1/+7
|