jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

# Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
namespace=jdisc.http

# The TCP port to listen to for this connector.
listenPort                          int      default=0

# The connector name
name                                string   default="default"

# The header field cache size.
headerCacheSize                     int      default=512

# The size of the buffer into which response content is aggregated before being sent to the client.
outputBufferSize                    int      default=65536

# The maximum size of a request header.
requestHeaderSize                   int      default=65536

# The maximum size of a response header.
responseHeaderSize                  int      default=65536

# The accept queue size (also known as accept backlog).
acceptQueueSize                     int      default=0

# Whether the server socket reuses addresses.
reuseAddress                        bool     default=true

# TODO Vespa 7: Remove soLingerTime - Jetty no longer support it.
# DEPRECATED No longer in use
soLingerTime                        double   default=-1.0

# The maximum idle time for a connection, which roughly translates to the Socket.setSoTimeout(int).
idleTimeout                         double   default=180.0

# The stop timeout.
stopTimeout                         double   default=30.0

# Whether or not to have socket keep alive turned on.
tcpKeepAliveEnabled                 bool     default=false

# Enable/disable TCP_NODELAY (disable/enable Nagle's algorithm).
tcpNoDelay                          bool     default=true

# Whether to enable SSL for this connector.
ssl.enabled                         bool     default=false

# File with private key in PEM format
ssl.privateKeyFile                  string   default=""

# File with certificate in PEM format
ssl.certificateFile                 string   default=""

# with trusted CA certificates in PEM format. Used to verify clients
ssl.caCertificateFile               string default=""

# Client authentication mode. See SSLEngine.getNeedClientAuth()/getWantClientAuth() for details.
ssl.clientAuth                      enum { DISABLED, WANT_AUTH, NEED_AUTH }  default=DISABLED


#########################################################################################
# Config below is deprecated. Do not use
#########################################################################################

# The name of the key to the password to the key store if in the secret store, if JKS is used.
# Must be empty with PEM
# By default this is also used to look up the password to the trust store.
ssl.keyDbKey                        string   default=""
# TODO Rename keyDbKey to keyStorePassword after introducing custom services.xml syntax

# Names of protocols to exclude.
ssl.excludeProtocol[].name          string

# Names of protocols to include.
ssl.includeProtocol[].name          string

# Names of cipher suites to exclude.
ssl.excludeCipherSuite[].name       string

# Names of cipher suites to include.
ssl.includeCipherSuite[].name       string

# The type of the keystore.
ssl.keyStoreType                    enum { JKS, PEM }  default=JKS

# JKS only - the path to the keystore.
ssl.keyStorePath                    string   default=""

ssl.pemKeyStore.keyPath             string   default=""
ssl.pemKeyStore.certificatePath     string   default=""

ssl.trustStoreType                  enum { JKS }  default=JKS

# JKS only - the path to the truststore.
ssl.trustStorePath                  string   default=""

# TODO Add separate config for truststore password

# Whether we should use keyDbKey as password to the trust store (true, default),
# or use no password with the trust store (false)
ssl.useTrustStorePassword           bool   default=true
# TODO Fix broken semantics with truststore and keystore password in Vespa 7 / Vespa 8

# The algorithm name used by the KeyManagerFactory.
ssl.sslKeyManagerFactoryAlgorithm   string   default="SunX509"

# The SSL protocol passed to SSLContext.getInstance()
ssl.protocol                        string   default="TLS"

# The SecureRandom implementation passed to SSLEngine.init()
# Java have a default pseudo-random number generator (PRNG) for crypto operations. This default may have performance
# issues on some platform (e.g. NativePRNG in Linux utilizes a global lock). Changing the generator to SHA1PRNG may
# improve performance. Set value to empty string to use the default generator.
ssl.prng                            string   default=""