Add IdleConnTimeout to Traefik's http.server settings (#1340)

* Add IdleTimeout setting to http.server Without such a timeout there is a risk of resource leakage from piling up connections, particularly when exposing Traefik to the Internet. Set the default to be 180 seconds * Add IdleConnTimeout to Traefik's http.server settings Without enforcing a timeout Traefik is susceptible to resource leakage, particularly when deployed as a public facing proxy exposed to the Internet. Set the default to be 180 seconds * tweak * Update configuration.go * add some documentation for the idletimeout setting * need to cast idletimeout * update doc to refect format specifics
2017-04-04 02:36:23 -07:00 · 2017-04-04 02:36:23 -07:00 · c9d23494b9
commit c9d23494b9
parent 7d256c9bb9
4 changed files with 27 additions and 8 deletions
--- a/configuration.go
+++ b/configuration.go
@ -37,6 +37,7 @@ type GlobalConfiguration struct {
 	DefaultEntryPoints        DefaultEntryPoints      `description:"Entrypoints to be used by frontends that do not specify any entrypoint"`
 	ProvidersThrottleDuration flaeg.Duration          `description:"Backends throttle duration: minimum duration between 2 events from providers before applying a new configuration. It avoids unnecessary reloads if multiples events are sent in a short amount of time."`
 	MaxIdleConnsPerHost       int                     `description:"If non-zero, controls the maximum idle (keep-alive) to keep per-host.  If zero, DefaultMaxIdleConnsPerHost is used"`
+	IdleTimeout               flaeg.Duration          `description:"maximum amount of time an idle (keep-alive) connection will remain idle before closing itself."`
 	InsecureSkipVerify        bool                    `description:"Disable SSL certificate verification"`
 	Retry                     *Retry                  `description:"Enable retry sending request if network error"`
 	Docker                    *provider.Docker        `description:"Enable Docker backend"`
@ -467,6 +468,7 @@ func NewTraefikConfiguration() *TraefikConfiguration {
 			DefaultEntryPoints:        []string{},
 			ProvidersThrottleDuration: flaeg.Duration(2 * time.Second),
 			MaxIdleConnsPerHost:       200,
+			IdleTimeout:               flaeg.Duration(180 * time.Second),
 			CheckNewVersion:           true,
 		},
 		ConfigFile: "",
--- a/docs/toml.md
+++ b/docs/toml.md
@ -67,6 +67,16 @@
 #
 # ProvidersThrottleDuration = "2s"

+# IdleTimeout: maximum amount of time an idle (keep-alive) connection will remain idle before closing itself.
+# This is set to enforce closing of stale client connections.
+# Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw
+# values (digits). If no units are provided, the value is parsed assuming seconds.
+#
+# Optional
+# Default: "180s"
+#
+# IdleTimeout = "360s"
+
 # If non-zero, controls the maximum idle (keep-alive) to keep per-host.  If zero, DefaultMaxIdleConnsPerHost is used.
 # If you encounter 'too many open files' errors, you can either change this value, or change `ulimit` value.
 #
@ -1648,7 +1658,7 @@ RefreshSeconds = 15

 ```

-Items in the dynamodb table must have three attributes: 
+Items in the dynamodb table must have three attributes:


 - 'id' : string
@ -1656,4 +1666,4 @@ Items in the dynamodb table must have three attributes:
 - 'name' : string
    - The name is used as the name of the frontend or backend.
 - 'frontend' or 'backend' : map
-    - This attribute's structure matches exactly the structure of a Frontend or Backend type in traefik. See types/types.go for details. The presence or absence of this attribute determines its type. So an item should never have both a 'frontend' and a 'backend' attribute. 
+    - This attribute's structure matches exactly the structure of a Frontend or Backend type in traefik. See types/types.go for details. The presence or absence of this attribute determines its type. So an item should never have both a 'frontend' and a 'backend' attribute.
--- a/docs/user-guide/examples.md
+++ b/docs/user-guide/examples.md
@ -130,4 +130,11 @@ defaultEntryPoints = ["http"]
    headerField = "X-WebAuth-User"
    [entryPoints.http.auth.basic]
    users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
-```
+```
+
+## Override the Traefik HTTP server IdleTimeout and/or throttle configurations from re-loading too quickly
+
+```
+IdleTimeout = "360s"
+ProvidersThrottleDuration = "5s"
+```
--- a/server.go
+++ b/server.go
@ -17,11 +17,10 @@ import (
 	"reflect"
 	"regexp"
 	"sort"
+	"sync"
 	"syscall"
 	"time"

-	"sync"
-
 	"github.com/codegangsta/negroni"
 	"github.com/containous/mux"
 	"github.com/containous/traefik/cluster"
@ -532,9 +531,10 @@ func (server *Server) prepareServer(entryPointName string, router *middlewares.H
 	}

 	return &http.Server{
-		Addr:      entryPoint.Address,
-		Handler:   negroni,
-		TLSConfig: tlsConfig,
+		Addr:        entryPoint.Address,
+		Handler:     negroni,
+		TLSConfig:   tlsConfig,
+		IdleTimeout: time.Duration(server.globalConfiguration.IdleTimeout),
 	}, nil
 }