Add IdleConnTimeout to Traefik's http.server settings (#1340)
* Add IdleTimeout setting to http.server Without such a timeout there is a risk of resource leakage from piling up connections, particularly when exposing Traefik to the Internet. Set the default to be 180 seconds * Add IdleConnTimeout to Traefik's http.server settings Without enforcing a timeout Traefik is susceptible to resource leakage, particularly when deployed as a public facing proxy exposed to the Internet. Set the default to be 180 seconds * tweak * Update configuration.go * add some documentation for the idletimeout setting * need to cast idletimeout * update doc to refect format specifics
This commit is contained in:
parent
7d256c9bb9
commit
c9d23494b9
4 changed files with 27 additions and 8 deletions
|
@ -37,6 +37,7 @@ type GlobalConfiguration struct {
|
||||||
DefaultEntryPoints DefaultEntryPoints `description:"Entrypoints to be used by frontends that do not specify any entrypoint"`
|
DefaultEntryPoints DefaultEntryPoints `description:"Entrypoints to be used by frontends that do not specify any entrypoint"`
|
||||||
ProvidersThrottleDuration flaeg.Duration `description:"Backends throttle duration: minimum duration between 2 events from providers before applying a new configuration. It avoids unnecessary reloads if multiples events are sent in a short amount of time."`
|
ProvidersThrottleDuration flaeg.Duration `description:"Backends throttle duration: minimum duration between 2 events from providers before applying a new configuration. It avoids unnecessary reloads if multiples events are sent in a short amount of time."`
|
||||||
MaxIdleConnsPerHost int `description:"If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used"`
|
MaxIdleConnsPerHost int `description:"If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used"`
|
||||||
|
IdleTimeout flaeg.Duration `description:"maximum amount of time an idle (keep-alive) connection will remain idle before closing itself."`
|
||||||
InsecureSkipVerify bool `description:"Disable SSL certificate verification"`
|
InsecureSkipVerify bool `description:"Disable SSL certificate verification"`
|
||||||
Retry *Retry `description:"Enable retry sending request if network error"`
|
Retry *Retry `description:"Enable retry sending request if network error"`
|
||||||
Docker *provider.Docker `description:"Enable Docker backend"`
|
Docker *provider.Docker `description:"Enable Docker backend"`
|
||||||
|
@ -467,6 +468,7 @@ func NewTraefikConfiguration() *TraefikConfiguration {
|
||||||
DefaultEntryPoints: []string{},
|
DefaultEntryPoints: []string{},
|
||||||
ProvidersThrottleDuration: flaeg.Duration(2 * time.Second),
|
ProvidersThrottleDuration: flaeg.Duration(2 * time.Second),
|
||||||
MaxIdleConnsPerHost: 200,
|
MaxIdleConnsPerHost: 200,
|
||||||
|
IdleTimeout: flaeg.Duration(180 * time.Second),
|
||||||
CheckNewVersion: true,
|
CheckNewVersion: true,
|
||||||
},
|
},
|
||||||
ConfigFile: "",
|
ConfigFile: "",
|
||||||
|
|
14
docs/toml.md
14
docs/toml.md
|
@ -67,6 +67,16 @@
|
||||||
#
|
#
|
||||||
# ProvidersThrottleDuration = "2s"
|
# ProvidersThrottleDuration = "2s"
|
||||||
|
|
||||||
|
# IdleTimeout: maximum amount of time an idle (keep-alive) connection will remain idle before closing itself.
|
||||||
|
# This is set to enforce closing of stale client connections.
|
||||||
|
# Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw
|
||||||
|
# values (digits). If no units are provided, the value is parsed assuming seconds.
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
# Default: "180s"
|
||||||
|
#
|
||||||
|
# IdleTimeout = "360s"
|
||||||
|
|
||||||
# If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used.
|
# If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used.
|
||||||
# If you encounter 'too many open files' errors, you can either change this value, or change `ulimit` value.
|
# If you encounter 'too many open files' errors, you can either change this value, or change `ulimit` value.
|
||||||
#
|
#
|
||||||
|
@ -1648,7 +1658,7 @@ RefreshSeconds = 15
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
Items in the dynamodb table must have three attributes:
|
Items in the dynamodb table must have three attributes:
|
||||||
|
|
||||||
|
|
||||||
- 'id' : string
|
- 'id' : string
|
||||||
|
@ -1656,4 +1666,4 @@ Items in the dynamodb table must have three attributes:
|
||||||
- 'name' : string
|
- 'name' : string
|
||||||
- The name is used as the name of the frontend or backend.
|
- The name is used as the name of the frontend or backend.
|
||||||
- 'frontend' or 'backend' : map
|
- 'frontend' or 'backend' : map
|
||||||
- This attribute's structure matches exactly the structure of a Frontend or Backend type in traefik. See types/types.go for details. The presence or absence of this attribute determines its type. So an item should never have both a 'frontend' and a 'backend' attribute.
|
- This attribute's structure matches exactly the structure of a Frontend or Backend type in traefik. See types/types.go for details. The presence or absence of this attribute determines its type. So an item should never have both a 'frontend' and a 'backend' attribute.
|
||||||
|
|
|
@ -130,4 +130,11 @@ defaultEntryPoints = ["http"]
|
||||||
headerField = "X-WebAuth-User"
|
headerField = "X-WebAuth-User"
|
||||||
[entryPoints.http.auth.basic]
|
[entryPoints.http.auth.basic]
|
||||||
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
|
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Override the Traefik HTTP server IdleTimeout and/or throttle configurations from re-loading too quickly
|
||||||
|
|
||||||
|
```
|
||||||
|
IdleTimeout = "360s"
|
||||||
|
ProvidersThrottleDuration = "5s"
|
||||||
|
```
|
||||||
|
|
10
server.go
10
server.go
|
@ -17,11 +17,10 @@ import (
|
||||||
"reflect"
|
"reflect"
|
||||||
"regexp"
|
"regexp"
|
||||||
"sort"
|
"sort"
|
||||||
|
"sync"
|
||||||
"syscall"
|
"syscall"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"sync"
|
|
||||||
|
|
||||||
"github.com/codegangsta/negroni"
|
"github.com/codegangsta/negroni"
|
||||||
"github.com/containous/mux"
|
"github.com/containous/mux"
|
||||||
"github.com/containous/traefik/cluster"
|
"github.com/containous/traefik/cluster"
|
||||||
|
@ -532,9 +531,10 @@ func (server *Server) prepareServer(entryPointName string, router *middlewares.H
|
||||||
}
|
}
|
||||||
|
|
||||||
return &http.Server{
|
return &http.Server{
|
||||||
Addr: entryPoint.Address,
|
Addr: entryPoint.Address,
|
||||||
Handler: negroni,
|
Handler: negroni,
|
||||||
TLSConfig: tlsConfig,
|
TLSConfig: tlsConfig,
|
||||||
|
IdleTimeout: time.Duration(server.globalConfiguration.IdleTimeout),
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue