You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@druid.apache.org by cw...@apache.org on 2019/12/13 20:04:10 UTC
[incubator-druid] branch 0.17.0-incubating updated: optionally
enable Jetty ForwardedRequestCustomizer (#9010) (#9026)
This is an automated email from the ASF dual-hosted git repository.
cwylie pushed a commit to branch 0.17.0-incubating
in repository https://gitbox.apache.org/repos/asf/incubator-druid.git
The following commit(s) were added to refs/heads/0.17.0-incubating by this push:
new 8541d62 optionally enable Jetty ForwardedRequestCustomizer (#9010) (#9026)
8541d62 is described below
commit 8541d62326c05a31a38590691d2eb82616ea1318
Author: Himanshu <g....@gmail.com>
AuthorDate: Fri Dec 13 12:03:58 2019 -0800
optionally enable Jetty ForwardedRequestCustomizer (#9010) (#9026)
* optionally enable Jetty ForwardedRequestCustomizer
* fix doc build
---
docs/configuration/index.md | 1 +
.../druid/server/initialization/ServerConfig.java | 23 ++++++++++++++++------
.../jetty/CliIndexerServerModule.java | 3 ++-
.../initialization/jetty/JettyServerModule.java | 8 ++++++++
.../initialization/ServerConfigSerdeTest.java | 5 ++++-
website/.spelling | 2 ++
6 files changed, 34 insertions(+), 8 deletions(-)
diff --git a/docs/configuration/index.md b/docs/configuration/index.md
index 179fbb4..f01fa76 100644
--- a/docs/configuration/index.md
+++ b/docs/configuration/index.md
@@ -1286,6 +1286,7 @@ Druid uses Jetty to serve HTTP requests.
|`druid.server.http.unannouncePropagationDelay`|How long to wait for zookeeper unannouncements to propagate before shutting down Jetty. This is a minimum and `druid.server.http.gracefulShutdownTimeout` does not start counting down until after this period elapses.|`PT0S` (do not wait)|
|`druid.server.http.maxQueryTimeout`|Maximum allowed value (in milliseconds) for `timeout` parameter. See [query-context](../querying/query-context.html) to know more about `timeout`. Query is rejected if the query context `timeout` is greater than this value. |Long.MAX_VALUE|
|`druid.server.http.maxRequestHeaderSize`|Maximum size of a request header in bytes. Larger headers consume more memory and can make a server more vulnerable to denial of service attacks.|8 * 1024|
+|`druid.server.http.enableForwardedRequestCustomizer`|If enabled, adds Jetty ForwardedRequestCustomizer which reads X-Forwarded-* request headers to manipulate servlet request object when Druid is used behind a proxy.|false|
#### Indexer Processing Resources
diff --git a/server/src/main/java/org/apache/druid/server/initialization/ServerConfig.java b/server/src/main/java/org/apache/druid/server/initialization/ServerConfig.java
index fcd2ccf..0e8deca 100644
--- a/server/src/main/java/org/apache/druid/server/initialization/ServerConfig.java
+++ b/server/src/main/java/org/apache/druid/server/initialization/ServerConfig.java
@@ -53,7 +53,8 @@ public class ServerConfig
@NotNull Period gracefulShutdownTimeout,
@NotNull Period unannouncePropagationDelay,
int inflateBufferSize,
- int compressionLevel
+ int compressionLevel,
+ boolean enableForwardedRequestCustomizer
)
{
this.numThreads = numThreads;
@@ -68,6 +69,7 @@ public class ServerConfig
this.unannouncePropagationDelay = unannouncePropagationDelay;
this.inflateBufferSize = inflateBufferSize;
this.compressionLevel = compressionLevel;
+ this.enableForwardedRequestCustomizer = enableForwardedRequestCustomizer;
}
public ServerConfig()
@@ -122,6 +124,9 @@ public class ServerConfig
@Max(9)
private int compressionLevel = Deflater.DEFAULT_COMPRESSION;
+ @JsonProperty
+ private boolean enableForwardedRequestCustomizer = false;
+
public int getNumThreads()
{
return numThreads;
@@ -182,6 +187,10 @@ public class ServerConfig
return compressionLevel;
}
+ public boolean isEnableForwardedRequestCustomizer()
+ {
+ return enableForwardedRequestCustomizer;
+ }
@Override
public boolean equals(Object o)
@@ -202,15 +211,15 @@ public class ServerConfig
maxRequestHeaderSize == that.maxRequestHeaderSize &&
inflateBufferSize == that.inflateBufferSize &&
compressionLevel == that.compressionLevel &&
- Objects.equals(maxIdleTime, that.maxIdleTime) &&
- Objects.equals(gracefulShutdownTimeout, that.gracefulShutdownTimeout) &&
- Objects.equals(unannouncePropagationDelay, that.unannouncePropagationDelay);
+ enableForwardedRequestCustomizer == that.enableForwardedRequestCustomizer &&
+ maxIdleTime.equals(that.maxIdleTime) &&
+ gracefulShutdownTimeout.equals(that.gracefulShutdownTimeout) &&
+ unannouncePropagationDelay.equals(that.unannouncePropagationDelay);
}
@Override
public int hashCode()
{
-
return Objects.hash(
numThreads,
queueSize,
@@ -223,7 +232,8 @@ public class ServerConfig
gracefulShutdownTimeout,
unannouncePropagationDelay,
inflateBufferSize,
- compressionLevel
+ compressionLevel,
+ enableForwardedRequestCustomizer
);
}
@@ -243,6 +253,7 @@ public class ServerConfig
", unannouncePropagationDelay=" + unannouncePropagationDelay +
", inflateBufferSize=" + inflateBufferSize +
", compressionLevel=" + compressionLevel +
+ ", enableForwardedRequestCustomizer=" + enableForwardedRequestCustomizer +
'}';
}
diff --git a/server/src/main/java/org/apache/druid/server/initialization/jetty/CliIndexerServerModule.java b/server/src/main/java/org/apache/druid/server/initialization/jetty/CliIndexerServerModule.java
index a3a456b..d9147e2 100644
--- a/server/src/main/java/org/apache/druid/server/initialization/jetty/CliIndexerServerModule.java
+++ b/server/src/main/java/org/apache/druid/server/initialization/jetty/CliIndexerServerModule.java
@@ -157,7 +157,8 @@ public class CliIndexerServerModule implements Module
oldConfig.getGracefulShutdownTimeout(),
oldConfig.getUnannouncePropagationDelay(),
oldConfig.getInflateBufferSize(),
- oldConfig.getCompressionLevel()
+ oldConfig.getCompressionLevel(),
+ oldConfig.isEnableForwardedRequestCustomizer()
);
}
}
diff --git a/server/src/main/java/org/apache/druid/server/initialization/jetty/JettyServerModule.java b/server/src/main/java/org/apache/druid/server/initialization/jetty/JettyServerModule.java
index 8fc998b..4e07142 100644
--- a/server/src/main/java/org/apache/druid/server/initialization/jetty/JettyServerModule.java
+++ b/server/src/main/java/org/apache/druid/server/initialization/jetty/JettyServerModule.java
@@ -63,6 +63,7 @@ import org.apache.druid.server.metrics.MonitorsConfig;
import org.apache.druid.server.security.CustomCheckX509TrustManager;
import org.apache.druid.server.security.TLSCertificateChecker;
import org.eclipse.jetty.server.ConnectionFactory;
+import org.eclipse.jetty.server.ForwardedRequestCustomizer;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
@@ -230,6 +231,10 @@ public class JettyServerModule extends JerseyServletModule
if (node.isEnablePlaintextPort()) {
log.info("Creating http connector with port [%d]", node.getPlaintextPort());
HttpConfiguration httpConfiguration = new HttpConfiguration();
+ if (config.isEnableForwardedRequestCustomizer()) {
+ httpConfiguration.addCustomizer(new ForwardedRequestCustomizer());
+ }
+
httpConfiguration.setRequestHeaderSize(config.getMaxRequestHeaderSize());
final ServerConnector connector = new ServerConnector(server, new HttpConnectionFactory(httpConfiguration));
if (node.isBindOnHost()) {
@@ -308,6 +313,9 @@ public class JettyServerModule extends JerseyServletModule
}
final HttpConfiguration httpsConfiguration = new HttpConfiguration();
+ if (config.isEnableForwardedRequestCustomizer()) {
+ httpsConfiguration.addCustomizer(new ForwardedRequestCustomizer());
+ }
httpsConfiguration.setSecureScheme("https");
httpsConfiguration.setSecurePort(node.getTlsPort());
httpsConfiguration.addCustomizer(new SecureRequestCustomizer());
diff --git a/server/src/test/java/org/apache/druid/initialization/ServerConfigSerdeTest.java b/server/src/test/java/org/apache/druid/initialization/ServerConfigSerdeTest.java
index f9cbe02..c893681 100644
--- a/server/src/test/java/org/apache/druid/initialization/ServerConfigSerdeTest.java
+++ b/server/src/test/java/org/apache/druid/initialization/ServerConfigSerdeTest.java
@@ -35,6 +35,7 @@ public class ServerConfigSerdeTest
String defaultConfigJson = OBJECT_MAPPER.writeValueAsString(defaultConfig);
ServerConfig defaultConfig2 = OBJECT_MAPPER.readValue(defaultConfigJson, ServerConfig.class);
Assert.assertEquals(defaultConfig, defaultConfig2);
+ Assert.assertFalse(defaultConfig2.isEnableForwardedRequestCustomizer());
ServerConfig modifiedConfig = new ServerConfig(
999,
@@ -48,12 +49,14 @@ public class ServerConfigSerdeTest
defaultConfig.getGracefulShutdownTimeout(),
defaultConfig.getUnannouncePropagationDelay(),
defaultConfig.getInflateBufferSize(),
- defaultConfig.getCompressionLevel()
+ defaultConfig.getCompressionLevel(),
+ true
);
String modifiedConfigJson = OBJECT_MAPPER.writeValueAsString(modifiedConfig);
ServerConfig modifiedConfig2 = OBJECT_MAPPER.readValue(modifiedConfigJson, ServerConfig.class);
Assert.assertEquals(modifiedConfig, modifiedConfig2);
Assert.assertEquals(999, modifiedConfig2.getNumThreads());
Assert.assertEquals(888, modifiedConfig2.getQueueSize());
+ Assert.assertTrue(modifiedConfig2.isEnableForwardedRequestCustomizer());
}
}
diff --git a/website/.spelling b/website/.spelling
index b527452..cdf9afd 100644
--- a/website/.spelling
+++ b/website/.spelling
@@ -69,6 +69,7 @@ Elasticsearch
FirehoseFactory
Float.NEGATIVE_INFINITY
Float.POSITIVE_INFINITY
+ForwardedRequestCustomizer
GC
GPG
GSSAPI
@@ -325,6 +326,7 @@ rsync
runtime
schemas
searchable
+servlet
sharded
sharding
smooshed
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org