From 1438e4dbc83353166f30978cf471f05e6c0ecd73 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 18 Nov 2020 10:57:54 -0700 Subject: [PATCH] caddyhttp: New idle_timeout default of 5m --- modules/caddyhttp/app.go | 13 +++++++++++++ modules/caddyhttp/server.go | 4 ++-- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index f5f079c7a..43cc6f795 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -250,6 +250,13 @@ func (app *App) Provision(ctx caddy.Context) error { if err != nil { return fmt.Errorf("server %s: setting up TLS connection policies: %v", srvName, err) } + + // if there is no idle timeout, set a sane default; users have complained + // before that aggressive CDNs leave connections open until the server + // closes them, so if we don't close them it leads to resource exhaustion + if srv.IdleTimeout == 0 { + srv.IdleTimeout = defaultIdleTimeout + } } return nil @@ -458,6 +465,12 @@ func (app *App) httpsPort() int { return app.HTTPSPort } +// defaultIdleTimeout is the default HTTP server timeout +// for closing idle connections; useful to avoid resource +// exhaustion behind hungry CDNs, for example (we've had +// several complaints without this). +const defaultIdleTimeout = caddy.Duration(5 * time.Minute) + // Interface guards var ( _ caddy.App = (*App)(nil) diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index aaec711c4..d5be1e1ce 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -59,8 +59,8 @@ type Server struct { WriteTimeout caddy.Duration `json:"write_timeout,omitempty"` // IdleTimeout is the maximum time to wait for the next request - // when keep-alives are enabled. If zero, ReadTimeout is used. - // If both are zero, there is no timeout. + // when keep-alives are enabled. If zero, a default timeout of + // 5m is applied to help avoid resource exhaustion. IdleTimeout caddy.Duration `json:"idle_timeout,omitempty"` // MaxHeaderBytes is the maximum size to parse from a client's