blob: 7967f657affa008504f550fdc929bab5a114d03b (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
# Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
namespace=jdisc.http
# The TCP port to listen to for this connector.
listenPort int default=0
# The connector name
name string default="default"
# The header field cache size.
headerCacheSize int default=512
# The size of the buffer into which response content is aggregated before being sent to the client.
outputBufferSize int default=65536
# The maximum size of a request header.
requestHeaderSize int default=65536
# The maximum size of a response header.
responseHeaderSize int default=65536
# The accept queue size (also known as accept backlog).
acceptQueueSize int default=0
# Whether the server socket reuses addresses.
reuseAddress bool default=true
# TODO Vespa 7: Remove soLingerTime - Jetty no longer support it.
# DEPRECATED No longer in use
soLingerTime double default=-1.0
# The maximum idle time for a connection, which roughly translates to the Socket.setSoTimeout(int).
idleTimeout double default=180.0
# The stop timeout.
stopTimeout double default=30.0
# Whether or not to have socket keep alive turned on.
tcpKeepAliveEnabled bool default=false
# Enable/disable TCP_NODELAY (disable/enable Nagle's algorithm).
tcpNoDelay bool default=true
# Whether to enable connection throttling. New connections will be dropped when a threshold is exceeded.
throttling.enabled bool default=false
# Max number of connections.
throttling.maxConnections int default=-1
# Max memory utilization as a value between 0 and 1.
throttling.maxHeapUtilization double default=-1
# Max connection accept rate.
throttling.maxAcceptRate int default=-1
# Accept rate sample period in seconds. Used in conjunction with throttling.maxAcceptRate.
throttling.maxAcceptRatePeriod double default=1.0
# Idle timeout in seconds applied to endpoints when a threshold is exceeded (except accept rate threshold).
throttling.idleTimeout double default=1.0
# Whether to enable SSL for this connector.
ssl.enabled bool default=false
# File with private key in PEM format
ssl.privateKeyFile string default=""
# File with certificate in PEM format
ssl.certificateFile string default=""
# with trusted CA certificates in PEM format. Used to verify clients
ssl.caCertificateFile string default=""
# Client authentication mode. See SSLEngine.getNeedClientAuth()/getWantClientAuth() for details.
ssl.clientAuth enum { DISABLED, WANT_AUTH, NEED_AUTH } default=DISABLED
#########################################################################################
# Config below is deprecated. Do not use
#########################################################################################
# The name of the key to the password to the key store if in the secret store, if JKS is used.
# Must be empty with PEM
# By default this is also used to look up the password to the trust store.
ssl.keyDbKey string default=""
# TODO Rename keyDbKey to keyStorePassword after introducing custom services.xml syntax
# Names of protocols to exclude.
ssl.excludeProtocol[].name string
# Names of protocols to include.
ssl.includeProtocol[].name string
# Names of cipher suites to exclude.
ssl.excludeCipherSuite[].name string
# Names of cipher suites to include.
ssl.includeCipherSuite[].name string
# The type of the keystore.
ssl.keyStoreType enum { JKS, PEM } default=JKS
# JKS only - the path to the keystore.
ssl.keyStorePath string default=""
ssl.pemKeyStore.keyPath string default=""
ssl.pemKeyStore.certificatePath string default=""
ssl.trustStoreType enum { JKS } default=JKS
# JKS only - the path to the truststore.
ssl.trustStorePath string default=""
# TODO Add separate config for truststore password
# Whether we should use keyDbKey as password to the trust store (true, default),
# or use no password with the trust store (false)
ssl.useTrustStorePassword bool default=true
# TODO Fix broken semantics with truststore and keystore password in Vespa 7 / Vespa 8
# The algorithm name used by the KeyManagerFactory.
ssl.sslKeyManagerFactoryAlgorithm string default="SunX509"
# The SSL protocol passed to SSLContext.getInstance()
ssl.protocol string default="TLS"
# The SecureRandom implementation passed to SSLEngine.init()
# Java have a default pseudo-random number generator (PRNG) for crypto operations. This default may have performance
# issues on some platform (e.g. NativePRNG in Linux utilizes a global lock). Changing the generator to SHA1PRNG may
# improve performance. Set value to empty string to use the default generator.
ssl.prng string default=""
|