blob: d9c323765124f4e897202f3600f5dd98fb1484ba (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
# Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
namespace=jdisc.http
# The TCP port to listen to for this connector.
listenPort int default=0
# The connector name
name string default="default"
# The header field cache size.
headerCacheSize int default=512
# The size of the buffer into which response content is aggregated before being sent to the client.
outputBufferSize int default=65536
# The maximum size of a request header.
requestHeaderSize int default=65536
# The maximum size of a response header.
responseHeaderSize int default=65536
# The accept queue size (also known as accept backlog).
acceptQueueSize int default=0
# Max content size allowed for requests. Set to -1 to disable.
maxContentSize long default=-1
# Whether the server socket reuses addresses.
reuseAddress bool default=true
# The maximum idle time for a connection, which roughly translates to the Socket.setSoTimeout(int).
idleTimeout double default=180.0
# TODO Vespa 9 Remove
# Has no effect since Jetty 11 upgrade
tcpKeepAliveEnabled bool default=false
# Enable/disable TCP_NODELAY (disable/enable Nagle's algorithm).
tcpNoDelay bool default=true
# Whether to enable connection throttling. New connections will be dropped when a threshold is exceeded.
throttling.enabled bool default=false
# Max number of connections.
throttling.maxConnections int default=-1
# Max memory utilization as a value between 0 and 1.
throttling.maxHeapUtilization double default=-1.0
# Max connection accept rate per second.
throttling.maxAcceptRate int default=-1
# Idle timeout in seconds applied to endpoints when a threshold is exceeded.
throttling.idleTimeout double default=-1.0
# Whether to enable TLS on connector when Vespa is configured with TLS.
# The connector will implicitly enable TLS if set to 'true' and Vespa TLS is enabled.
implicitTlsEnabled bool default=true
# Whether to enable SSL for this connector.
ssl.enabled bool default=false
# File with private key in PEM format. Specify either this or privateKey, but not both
ssl.privateKeyFile string default=""
# Private key in PEM format. Specify either this or privateKeyFile, but not both
ssl.privateKey string default=""
# File with certificate in PEM format. Specify either this or certificate, but not both
ssl.certificateFile string default=""
# Certificate in PEM format. Specify either this or certificateFile, but not both
ssl.certificate string default=""
# with trusted CA certificates in PEM format. Used to verify clients
# - this is the name of a file on the local container file system
# - only one of caCertificateFile and caCertificate
ssl.caCertificateFile string default=""
# with trusted CA certificates in PEM format. Used to verify clients
# - this is the actual certificates instead of a pointer to the file
# - only one of caCertificateFile and caCertificate
ssl.caCertificate string default=""
# Client authentication mode. See SSLEngine.getNeedClientAuth()/getWantClientAuth() for details.
ssl.clientAuth enum { DISABLED, WANT_AUTH, NEED_AUTH } default=DISABLED
# List of enabled cipher suites. JDisc will use Vespa default if empty.
ssl.enabledCipherSuites[] string
# List of enabled TLS protocol versions. JDisc will use Vespa default if empty.
ssl.enabledProtocols[] string
# Enforce TLS client authentication for https requests at the http layer.
# Intended to be used with connectors with optional client authentication enabled.
# 401 status code is returned for requests from non-authenticated clients.
tlsClientAuthEnforcer.enable bool default=false
# Paths where client authentication should not be enforced. To be used in combination with WANT_AUTH. Typically used for health checks.
tlsClientAuthEnforcer.pathWhitelist[] string
# Use connector only for proxying '/status.html' health checks. Any ssl configuration will be ignored if this option is enabled.
healthCheckProxy.enable bool default=false
# Which port to proxy
healthCheckProxy.port int default=8080
# Low-level timeout for proxy client (socket connect, socket read, connection pool).
healthCheckProxy.clientTimeout double default=1.0
# Servlet async request timeout. Must be larger than 'clientTimeout' to cover cost of queueing and response handling.
healthCheckProxy.handlerTimeout double default=1.5
# Expiry for cached health response
healthCheckProxy.cacheExpiry double default=1.0
# Enable PROXY protocol V1/V2 support (only for https connectors).
proxyProtocol.enabled bool default=false
# Allow https in parallel with proxy protocol
proxyProtocol.mixedMode bool default=false
# Maximum number of request per connection before server marks connections as non-persistent. Set to '0' to disable.
maxRequestsPerConnection int default=0
# Maximum number of seconds a connection can live before it's marked as non-persistent. Set to '0' to disable.
maxConnectionLife double default=0.0
# Enable HTTP/2 (in addition to HTTP/1.1 using ALPN)
http2Enabled bool default=true
http2.streamIdleTimeout double default=600
http2.maxConcurrentStreams int default=4096
# Override the default server name when authority is missing from request.
serverName.fallback string default=""
# The list of accepted server names. Empty list to accept any. Elements follows format of 'serverName.default'.
serverName.allowed[] string
# HTTP request headers that contain remote address
accessLog.remoteAddressHeaders[] string
# HTTP request headers that contain remote port
accessLog.remotePortHeaders[] string
|