jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132

# Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
namespace=jdisc.http

# The TCP port to listen to for this connector.
listenPort                          int      default=0

# The connector name
name                                string   default="default"

# The header field cache size.
headerCacheSize                     int      default=512

# The size of the buffer into which response content is aggregated before being sent to the client.
outputBufferSize                    int      default=65536

# The maximum size of a request header.
requestHeaderSize                   int      default=65536

# The maximum size of a response header.
responseHeaderSize                  int      default=65536

# The accept queue size (also known as accept backlog).
acceptQueueSize                     int      default=0

# Whether the server socket reuses addresses.
reuseAddress                        bool     default=true

# TODO Vespa 7: Remove soLingerTime - Jetty no longer support it.
# DEPRECATED No longer in use
soLingerTime                        double   default=-1.0

# The maximum idle time for a connection, which roughly translates to the Socket.setSoTimeout(int).
idleTimeout                         double   default=180.0

# The stop timeout.
stopTimeout                         double   default=30.0

# Whether or not to have socket keep alive turned on.
tcpKeepAliveEnabled                 bool     default=false

# Enable/disable TCP_NODELAY (disable/enable Nagle's algorithm).
tcpNoDelay                          bool     default=true

# Whether to enable connection throttling. New connections will be dropped when a threshold is exceeded.
throttling.enabled                  bool     default=false

# Max number of connections.
throttling.maxConnections           int      default=-1

# Max memory utilization as a value between 0 and 1.
throttling.maxHeapUtilization       double   default=-1

# Max connection accept rate.
throttling.maxAcceptRate            int      default=-1

# Accept rate sample period in seconds. Used in conjunction with throttling.maxAcceptRate.
throttling.maxAcceptRatePeriod      double   default=1.0

# Idle timeout in seconds applied to endpoints when a threshold is exceeded (except accept rate threshold).
throttling.idleTimeout              double   default=1.0

# Whether to enable SSL for this connector.
ssl.enabled                         bool     default=false

# File with private key in PEM format
ssl.privateKeyFile                  string   default=""

# File with certificate in PEM format
ssl.certificateFile                 string   default=""

# with trusted CA certificates in PEM format. Used to verify clients
ssl.caCertificateFile               string default=""

# Client authentication mode. See SSLEngine.getNeedClientAuth()/getWantClientAuth() for details.
ssl.clientAuth                      enum { DISABLED, WANT_AUTH, NEED_AUTH }  default=DISABLED


#########################################################################################
# Config below is deprecated. Do not use
#########################################################################################

# The name of the key to the password to the key store if in the secret store, if JKS is used.
# Must be empty with PEM
# By default this is also used to look up the password to the trust store.
ssl.keyDbKey                        string   default=""
# TODO Rename keyDbKey to keyStorePassword after introducing custom services.xml syntax

# Names of protocols to exclude.
ssl.excludeProtocol[].name          string

# Names of protocols to include.
ssl.includeProtocol[].name          string

# Names of cipher suites to exclude.
ssl.excludeCipherSuite[].name       string

# Names of cipher suites to include.
ssl.includeCipherSuite[].name       string

# The type of the keystore.
ssl.keyStoreType                    enum { JKS, PEM }  default=JKS

# JKS only - the path to the keystore.
ssl.keyStorePath                    string   default=""

ssl.pemKeyStore.keyPath             string   default=""
ssl.pemKeyStore.certificatePath     string   default=""

ssl.trustStoreType                  enum { JKS }  default=JKS

# JKS only - the path to the truststore.
ssl.trustStorePath                  string   default=""

# TODO Add separate config for truststore password

# Whether we should use keyDbKey as password to the trust store (true, default),
# or use no password with the trust store (false)
ssl.useTrustStorePassword           bool   default=true
# TODO Fix broken semantics with truststore and keystore password in Vespa 7 / Vespa 8

# The algorithm name used by the KeyManagerFactory.
ssl.sslKeyManagerFactoryAlgorithm   string   default="SunX509"

# The SSL protocol passed to SSLContext.getInstance()
ssl.protocol                        string   default="TLS"

# The SecureRandom implementation passed to SSLEngine.init()
# Java have a default pseudo-random number generator (PRNG) for crypto operations. This default may have performance
# issues on some platform (e.g. NativePRNG in Linux utilizes a global lock). Changing the generator to SHA1PRNG may
# improve performance. Set value to empty string to use the default generator.
ssl.prng                            string   default=""