Opened 3 years ago

Closed 19 months ago

#1170 closed enhancement (fixed)

implement keepalive timeout for upstream

Reported by: gadall@… Owned by:
Priority: minor Milestone:
Component: nginx-module Version: 1.10.x
Keywords: Cc:
uname -a:
nginx -V: nginx version: nginx/1.10.2
built with OpenSSL 1.1.0c 10 Nov 2016
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_gzip_static_module --without-http_browser_module --without-http_geo_module --without-http_limit_req_module --without-http_limit_conn_module --without-http_memcached_module --without-http_referer_module --without-http_split_clients_module --without-http_userid_module --add-dynamic-module=/build/nginx-1.10.2/debian/modules/nginx-echo

Description

Microsoft's IIS, when its keepalive idle timeout expires (by default 120 seconds), usually closes the connection with a RST. Sometimes, for reasons unknown, it does not do so. In such cases, the client continues to see the connection as open. Any packets it subsequently sends on that connection go unreplied, TCP retransmissions are sent, and eventually we get the error:
"upstream timed out (110: Connection timed out) while reading response header from upstream".

This strange behavior can play well with typical browsers provided that they have their own keepalive idle timeout, which is shorter than the server's.

As this issue is known since at least 2009, affects IIS 8.5 on Windows 2012 R2 and remains unfixed by Microsoft, it would be useful if nginx had the ability to set an idle timeout for keepalive connections to upstreams, after which it would close the connection. I reckon it could be useful in other scenarios as well, such as upstreams in remote networks with weird firewalls in between (see also https://github.com/nviennot/nginx-tcp-keepalive).

References:

https://bugzilla.mozilla.org/show_bug.cgi?id=491541

https://forums.iis.net/t/1155755.aspx

Change History (2)

comment:1 by Maxim Dounin, 19 months ago

See also #1484.

comment:2 by Maxim Dounin, 19 months ago

Resolution: fixed
Status: newclosed

Keepalive timeout was introduced in d9029e113a05.

Note: See TracTickets for help on using tickets.