Merge pull request #30805 from vespa-engine/revert-30804-revert-30797…

…-hakonhall/disable-proxy-protocol-on-jdisc-containers-in-azure-2

Revert "Revert "Disable proxy protocol on jdisc containers in Azure, #2""

config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java

@@ -24,7 +24,6 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
     private final SslClientAuth clientAuth;
     private final List<String> tlsCiphersOverride;
     private final boolean proxyProtocolEnabled;
-    private final boolean proxyProtocolMixedMode;
     private final Duration endpointConnectionTtl;
     private final List<String> remoteAddressHeaders;
     private final List<String> remotePortHeaders;
@@ -37,7 +36,6 @@ private HostedSslConnectorFactory(Builder builder) {
         this.clientAuth = builder.clientAuth;
         this.tlsCiphersOverride = List.copyOf(builder.tlsCiphersOverride);
         this.proxyProtocolEnabled = builder.proxyProtocolEnabled;
-        this.proxyProtocolMixedMode = builder.proxyProtocolMixedMode;
         this.endpointConnectionTtl = builder.endpointConnectionTtl;
         this.remoteAddressHeaders = List.copyOf(builder.remoteAddressHeaders);
         this.remotePortHeaders = List.copyOf(builder.remotePortHeaders);
@@ -70,7 +68,7 @@ public void getConfig(ConnectorConfig.Builder connectorBuilder) {
         }
         connectorBuilder
                 .proxyProtocol(new ConnectorConfig.ProxyProtocol.Builder()
-                                       .enabled(proxyProtocolEnabled).mixedMode(proxyProtocolMixedMode))
+                                       .enabled(proxyProtocolEnabled))
                 .idleTimeout(Duration.ofSeconds(30).toSeconds())
                 .maxConnectionLife(endpointConnectionTtl != null ? endpointConnectionTtl.toSeconds() : 0)
                 .accessLog(new ConnectorConfig.AccessLog.Builder()
@@ -89,7 +87,6 @@ public static class Builder {
         SslClientAuth clientAuth;
         List<String> tlsCiphersOverride = List.of();
         boolean proxyProtocolEnabled;
-        boolean proxyProtocolMixedMode;
         Duration endpointConnectionTtl;
         EndpointCertificateSecrets endpointCertificate;
         String tlsCaCertificatesPem;
@@ -101,7 +98,7 @@ public static class Builder {
         public Builder clientAuth(SslClientAuth auth) { clientAuth = auth; return this; }
         public Builder endpointConnectionTtl(Duration ttl) { endpointConnectionTtl = ttl; return this; }
         public Builder tlsCiphersOverride(Collection<String> ciphers) { tlsCiphersOverride = List.copyOf(ciphers); return this; }
-        public Builder proxyProtocol(boolean enabled, boolean mixedMode) { proxyProtocolEnabled = enabled; proxyProtocolMixedMode = mixedMode; return this; }
+        public Builder proxyProtocol(boolean enabled) { proxyProtocolEnabled = enabled; return this; }
         public Builder endpointCertificate(EndpointCertificateSecrets cert) { this.endpointCertificate = cert; return this; }
         public Builder tlsCaCertificatesPath(String path) { this.tlsCaCertificatesPath = path; return this; }
         public Builder tlsCaCertificatesPem(String pem) { this.tlsCaCertificatesPem = pem; return this; }

config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java

@@ -598,7 +598,7 @@ private void addCloudMtlsConnector(DeployState state, ApplicationContainerCluste
 
         // If the deployment contains certificate/private key reference, setup TLS port
         var builder = HostedSslConnectorFactory.builder(serverName, getMtlsDataplanePort(state))
-                .proxyProtocol(true, state.getProperties().featureFlags().enableProxyProtocolMixedMode())
+                .proxyProtocol(state.zone().cloud().useProxyProtocol())
                 .tlsCiphersOverride(state.getProperties().tlsCiphersOverride())
                 .endpointConnectionTtl(state.getProperties().endpointConnectionTtl());
         var endpointCert = state.endpointCertificateSecrets().orElse(null);
@@ -657,7 +657,7 @@ private void addCloudTokenSupport(DeployState state, ApplicationContainerCluster
         // Setup dedicated connector
         var connector = HostedSslConnectorFactory.builder(server.getComponentId().getName()+"-token", tokenPort)
                 .tokenEndpoint(true)
-                .proxyProtocol(false, false)
+                .proxyProtocol(false)
                 .endpointCertificate(endpointCert)
                 .remoteAddressHeader("X-Forwarded-For")
                 .remotePortHeader("X-Forwarded-Port")

config-provisioning/src/main/java/com/yahoo/config/provision/Zone.java

@@ -54,11 +54,6 @@ public Zone(Cloud cloud, SystemName systemName, Environment environment, RegionN
         this.region = region;
     }
 
-    // TODO(mpolden): For compatibility with older config models. Remove when versions < 8.76 are gone
-    public Cloud getCloud() {
-        return cloud();
-    }
-
     /** Returns the current cloud */
     public Cloud cloud() { return cloud; }
 
@@ -102,5 +97,10 @@ public int hashCode() {
         return Objects.hash(environment, region);
     }
 
+    // TODO(mpolden): For compatibility with older config models. Remove when versions < 8.327 are gone
+    @Deprecated(forRemoval = true)
+    public Cloud getCloud() {
+        return cloud();
+    }
 }
 

container-core/src/main/resources/configdefinitions/jdisc.http.jdisc.http.connector.def

@@ -123,6 +123,8 @@ healthCheckProxy.cacheExpiry double  default=1.0
 proxyProtocol.enabled          bool    default=false
 
 # Allow https in parallel with proxy protocol
+# TODO Vespa 9 Remove
+# Unused since 8.327
 proxyProtocol.mixedMode        bool    default=false
 
 # Maximum number of request per connection before server marks connections as non-persistent. Set to '0' to disable.