Opened 3 years ago

Closed 15 months ago

#1170 closed enhancement (fixed)

implement keepalive timeout for upstream

Reported by: gadall@… Owned by:
Priority: minor Milestone:
Component: nginx-module Version: 1.10.x
Keywords: Cc:
uname -a:
nginx -V: nginx version: nginx/1.10.2 built with OpenSSL 1.1.0c 10 Nov 2016 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_gzip_static_module --without-http_browser_module --without-http_geo_module --without-http_limit_req_module --without-http_limit_conn_module --without-http_memcached_module --without-http_referer_module --without-http_split_clients_module --without-http_userid_module --add-dynamic-module=/build/nginx-1.10.2/debian/modules/nginx-echo

Description

Microsoft's IIS, when its keepalive idle timeout expires (by default 120 seconds), usually closes the connection with a RST. Sometimes, for reasons unknown, it does not do so. In such cases, the client continues to see the connection as open. Any packets it subsequently sends on that connection go unreplied, TCP retransmissions are sent, and eventually we get the error:
"upstream timed out (110: Connection timed out) while reading response header from upstream".

This strange behavior can play well with typical browsers provided that they have their own keepalive idle timeout, which is shorter than the server's.

As this issue is known since at least 2009, affects IIS 8.5 on Windows 2012 R2 and remains unfixed by Microsoft, it would be useful if nginx had the ability to set an idle timeout for keepalive connections to upstreams, after which it would close the connection. I reckon it could be useful in other scenarios as well, such as upstreams in remote networks with weird firewalls in between (see also https://github.com/nviennot/nginx-tcp-keepalive).

References:

https://bugzilla.mozilla.org/show_bug.cgi?id=491541

https://forums.iis.net/t/1155755.aspx

Change History (2)

comment:1 Changed 15 months ago by mdounin

See also #1484.

comment:2 Changed 15 months ago by mdounin

  • Resolution set to fixed
  • Status changed from new to closed

Keepalive timeout was introduced in d9029e113a05.

Note: See TracTickets for help on using tickets.