Add IdleConnTimeout to Traefik's http.server settings #1340
Conversation
Without such a timeout there is a risk of resource leakage from piling up connections, particularly when exposing Traefik to the Internet. Set the default to be 180 seconds
Without enforcing a timeout Traefik is susceptible to resource leakage, particularly when deployed as a public facing proxy exposed to the Internet. Set the default to be 180 seconds
|
Also, I think this should address #1322 |
timoreimann
added
kind/enhancement
|
I'm also pretty confident this PR will fix #1322 |
|
@timoreimann IMO this isn't blocked by #1342; that was just an issue I noticed when testing this. This setting will be much easier for folks to configure after that issue is fixed though. |
IIUC, configuring is still possible because users may specify (nanoseconds) integers. One thing we have to take into consideration though is that if we use a WDYT? |
|
Thats a fair point, @timoreimann. My thinking was its already broke for the ProvidersThrottleDuration setting anyway, but you're right, better and cleaner to fix #1342 first. And it looks like you've already picked that one up. |
|
LGTM, but waiting for #1342 does make sense ... |
|
Sure thing @timoreimann, added some content to toml.md and examples.md. I also put ProvidersThrottleDuration in the examples.md for good measure. |
docs/toml.md
Outdated
| @@ -67,6 +67,14 @@ | |||
| # | |||
| # ProvidersThrottleDuration = "2s" | |||
|
|
|||
| # IdleTimeout: maximum amount of time an idle (keep-alive) connection will remain idle before closing itself. | |||
| # This is set to enforce closing of stale client connections. | |||
| # | |||
There was a problem hiding this comment.
Could you please copy the description of the valid input values from here?
|
Np, good catch to match the ProvidersThrottleDuration language |
|
Ah sorry, can't merge right away, we need one more pair of maintainer eyes. @emilevauge could you have a look please? |
There was a problem hiding this comment.
LGTM!
Thanks a lot @bparli :)
Squashing your commits and merging
* Add IdleTimeout setting to http.server Without such a timeout there is a risk of resource leakage from piling up connections, particularly when exposing Traefik to the Internet. Set the default to be 180 seconds * Add IdleConnTimeout to Traefik's http.server settings Without enforcing a timeout Traefik is susceptible to resource leakage, particularly when deployed as a public facing proxy exposed to the Internet. Set the default to be 180 seconds * tweak * Update configuration.go * add some documentation for the idletimeout setting * need to cast idletimeout * update doc to refect format specifics
|
🥇 Thanks for reporting and fixing this @bparli. This issue led to some production downtime for us until we understood what was happening. We've resorted to restarting Traefik twice a week as a workaround. I'll be soooo happy when this is released. |
|
My pleasure, happy to contribute |
|
Would it be possible to mention this fix in the Changelog for 1.3.0? I couldn't find it in the RC's and I think it's worth a mention to inform those impacted by the leak. Below's a sweet example of the difference this fix has made for us on one of our public facing webservers. On this server you can see memory usage climbing from the increasing number of open sockets, until Traefik's restarted. On May 16th around midnight we deployed v1.3.0-rc1, after which memory usage has been stable around 30MB. 😍
|
|
@Yggdrasil the changelog is fixed. 😃 See #1642. |
Without enforcing a timeout Traefik is susceptible to resource leakage, particularly when deployed as a public facing proxy exposed to the Internet.
Make sure IdleTimeout is configurable via the traefik.toml file
Set the default to be 180 seconds