Add IdleConnTimeout to Traefik's http.server settings (#1340)

* Add IdleTimeout setting to http.server

Without such a timeout there is a risk of resource leakage from piling up connections, particularly when exposing Traefik to the Internet.

Set the default to be 180 seconds

* Add IdleConnTimeout to Traefik's http.server settings

Without enforcing a timeout Traefik is susceptible to resource leakage, particularly when deployed as a public facing proxy exposed to the Internet.

Set the default to be 180 seconds

* tweak

* Update configuration.go

* add some documentation for the idletimeout setting

* need to cast idletimeout

* update doc to refect format specifics
This commit is contained in:
Ben Parli 2017-04-04 02:36:23 -07:00 committed by Emile Vauge
parent 7d256c9bb9
commit c9d23494b9
4 changed files with 27 additions and 8 deletions

View file

@ -37,6 +37,7 @@ type GlobalConfiguration struct {
DefaultEntryPoints DefaultEntryPoints `description:"Entrypoints to be used by frontends that do not specify any entrypoint"` DefaultEntryPoints DefaultEntryPoints `description:"Entrypoints to be used by frontends that do not specify any entrypoint"`
ProvidersThrottleDuration flaeg.Duration `description:"Backends throttle duration: minimum duration between 2 events from providers before applying a new configuration. It avoids unnecessary reloads if multiples events are sent in a short amount of time."` ProvidersThrottleDuration flaeg.Duration `description:"Backends throttle duration: minimum duration between 2 events from providers before applying a new configuration. It avoids unnecessary reloads if multiples events are sent in a short amount of time."`
MaxIdleConnsPerHost int `description:"If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used"` MaxIdleConnsPerHost int `description:"If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used"`
IdleTimeout flaeg.Duration `description:"maximum amount of time an idle (keep-alive) connection will remain idle before closing itself."`
InsecureSkipVerify bool `description:"Disable SSL certificate verification"` InsecureSkipVerify bool `description:"Disable SSL certificate verification"`
Retry *Retry `description:"Enable retry sending request if network error"` Retry *Retry `description:"Enable retry sending request if network error"`
Docker *provider.Docker `description:"Enable Docker backend"` Docker *provider.Docker `description:"Enable Docker backend"`
@ -467,6 +468,7 @@ func NewTraefikConfiguration() *TraefikConfiguration {
DefaultEntryPoints: []string{}, DefaultEntryPoints: []string{},
ProvidersThrottleDuration: flaeg.Duration(2 * time.Second), ProvidersThrottleDuration: flaeg.Duration(2 * time.Second),
MaxIdleConnsPerHost: 200, MaxIdleConnsPerHost: 200,
IdleTimeout: flaeg.Duration(180 * time.Second),
CheckNewVersion: true, CheckNewVersion: true,
}, },
ConfigFile: "", ConfigFile: "",

View file

@ -67,6 +67,16 @@
# #
# ProvidersThrottleDuration = "2s" # ProvidersThrottleDuration = "2s"
# IdleTimeout: maximum amount of time an idle (keep-alive) connection will remain idle before closing itself.
# This is set to enforce closing of stale client connections.
# Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw
# values (digits). If no units are provided, the value is parsed assuming seconds.
#
# Optional
# Default: "180s"
#
# IdleTimeout = "360s"
# If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used. # If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used.
# If you encounter 'too many open files' errors, you can either change this value, or change `ulimit` value. # If you encounter 'too many open files' errors, you can either change this value, or change `ulimit` value.
# #
@ -1648,7 +1658,7 @@ RefreshSeconds = 15
``` ```
Items in the dynamodb table must have three attributes: Items in the dynamodb table must have three attributes:
- 'id' : string - 'id' : string
@ -1656,4 +1666,4 @@ Items in the dynamodb table must have three attributes:
- 'name' : string - 'name' : string
- The name is used as the name of the frontend or backend. - The name is used as the name of the frontend or backend.
- 'frontend' or 'backend' : map - 'frontend' or 'backend' : map
- This attribute's structure matches exactly the structure of a Frontend or Backend type in traefik. See types/types.go for details. The presence or absence of this attribute determines its type. So an item should never have both a 'frontend' and a 'backend' attribute. - This attribute's structure matches exactly the structure of a Frontend or Backend type in traefik. See types/types.go for details. The presence or absence of this attribute determines its type. So an item should never have both a 'frontend' and a 'backend' attribute.

View file

@ -130,4 +130,11 @@ defaultEntryPoints = ["http"]
headerField = "X-WebAuth-User" headerField = "X-WebAuth-User"
[entryPoints.http.auth.basic] [entryPoints.http.auth.basic]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"] users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
``` ```
## Override the Traefik HTTP server IdleTimeout and/or throttle configurations from re-loading too quickly
```
IdleTimeout = "360s"
ProvidersThrottleDuration = "5s"
```

View file

@ -17,11 +17,10 @@ import (
"reflect" "reflect"
"regexp" "regexp"
"sort" "sort"
"sync"
"syscall" "syscall"
"time" "time"
"sync"
"github.com/codegangsta/negroni" "github.com/codegangsta/negroni"
"github.com/containous/mux" "github.com/containous/mux"
"github.com/containous/traefik/cluster" "github.com/containous/traefik/cluster"
@ -532,9 +531,10 @@ func (server *Server) prepareServer(entryPointName string, router *middlewares.H
} }
return &http.Server{ return &http.Server{
Addr: entryPoint.Address, Addr: entryPoint.Address,
Handler: negroni, Handler: negroni,
TLSConfig: tlsConfig, TLSConfig: tlsConfig,
IdleTimeout: time.Duration(server.globalConfiguration.IdleTimeout),
}, nil }, nil
} }