diff options
author | Alex Auvolat <alex@adnab.me> | 2022-01-24 19:49:14 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2022-01-24 19:49:14 +0100 |
commit | 10d13b194bca5bb67db734a904eaa6fe1da6087f (patch) | |
tree | b3327520fd8d3a79e49c5131b253bf7984fe3116 | |
parent | 21ea26bbff86702b62de54392989a95b39347637 (diff) | |
download | tricot-10d13b194bca5bb67db734a904eaa6fe1da6087f.tar.gz tricot-10d13b194bca5bb67db734a904eaa6fe1da6087f.zip |
Kill connections lasting more than 24h
-rw-r--r-- | src/https.rs | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/src/https.rs b/src/https.rs index 6709d43..7aa61d5 100644 --- a/src/https.rs +++ b/src/https.rs @@ -25,6 +25,9 @@ use crate::cert_store::{CertStore, StoreResolver}; use crate::proxy_config::ProxyConfig; use crate::reverse_proxy; +const PROXY_TIMEOUT: Duration = Duration::from_secs(60); +const MAX_CONNECTION_LIFETIME: Duration = Duration::from_secs(24 * 3600); + pub struct HttpsConfig { pub bind_addr: SocketAddr, pub enable_compression: bool, @@ -76,10 +79,12 @@ pub async fn serve_https( handle_outer(remote_addr, req, https_config, proxy_config) }), ); - tokio::pin!(http_conn); + let timeout = tokio::time::sleep(MAX_CONNECTION_LIFETIME); + tokio::pin!(http_conn, timeout); let http_result = loop { select! ( - r = &mut http_conn => break r, + r = &mut http_conn => break r.map_err(Into::into), + _ = &mut timeout => break Err(anyhow!("Connection lived more than 24h, killing it.")), _ = must_exit_2.changed() => { if *must_exit_2.borrow() { http_conn.as_mut().graceful_shutdown(); @@ -97,6 +102,8 @@ pub async fn serve_https( connections.push(conn); } + drop(tcp); + info!("HTTPS server shutting down, draining remaining connections..."); while !connections.is_empty() { let _ = connections.next().await; @@ -227,7 +234,7 @@ async fn handle_timeout_and_error( .unwrap(), } } - _ = tokio::time::sleep(Duration::from_secs(60)) => { + _ = tokio::time::sleep(PROXY_TIMEOUT) => { Response::builder() .status(StatusCode::BAD_GATEWAY) .body(Body::from("Proxy timeout")) |