1. The problem I’m having:
I want to modify the keep-alive timeout that limits the time a persistent connection may remain open.
Setting a keep-alive timeout on the server side helps mitigate denial of service attacks that establish too many persistent connections, exhausting server resources.
To achive my goal, should i used
-
keepalive is either
off
or a duration value that specifies how long to keep connections open (timeout). Default:2m
.
FROM
The http
transport
transport http {
read_buffer <size>
write_buffer <size>
max_response_header <size>
dial_timeout <duration>
dial_fallback_delay <duration>
response_header_timeout <duration>
expect_continue_timeout <duration>
resolvers <ip...>
tls
tls_client_auth <automate_name> | <cert_file> <key_file>
tls_insecure_skip_verify
tls_timeout <duration>
tls_trusted_ca_certs <pem_files...>
tls_server_name <server_name>
tls_renegotiation <level>
tls_except_ports <ports...>
keepalive [off|<duration>]
keepalive_interval <interval>
keepalive_idle_conns <max_count>
keepalive_idle_conns_per_host <count>
versions <versions...>
compression off
max_conns_per_host <count>
}
OR should i use:
- idle is a duration value that sets the maximum time to wait for the next request when keep-alives are enabled. Defaults to 5 minutes to help avoid resource exhaustion.
FROM
# Server Options
servers [<listener_address>] {
name <name>
listener_wrappers {
<listener_wrappers...>
}
timeouts {
read_body <duration>
read_header <duration>
write <duration>
idle <duration>
}
trusted_proxies <module> ...
metrics
max_header_size <size>
log_credentials
protocols [h1|h2|h2c|h3]
strict_sni_host [on|insecure_off]
}
2. Caddy version:
v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=
3. How I installed and ran Caddy:
I use a docker compose file.
a. System environment:
The hardware is a RPi 4 Model B
The OS that i’m using :
Linux srvone4all 5.4.0-1080-raspi #91-Ubuntu SMP PREEMPT Thu Jan 19 09:35:03 UTC 2023 aarch64 aarch64 aarch64 GNU/Linux
I run caddy as a container with docker:
Docker version 23.0.1, build a5ee5b1