Opened 7 years ago
Closed 6 years ago
#1170 closed enhancement (fixed)
implement keepalive timeout for upstream
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-module | Version: | 1.10.x |
| Keywords: | Cc: | ||
| uname -a: | |||
| nginx -V: |
nginx version: nginx/1.10.2
built with OpenSSL 1.1.0c 10 Nov 2016 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_gzip_static_module --without-http_browser_module --without-http_geo_module --without-http_limit_req_module --without-http_limit_conn_module --without-http_memcached_module --without-http_referer_module --without-http_split_clients_module --without-http_userid_module --add-dynamic-module=/build/nginx-1.10.2/debian/modules/nginx-echo |
||
Description
Microsoft's IIS, when its keepalive idle timeout expires (by default 120 seconds), usually closes the connection with a RST. Sometimes, for reasons unknown, it does not do so. In such cases, the client continues to see the connection as open. Any packets it subsequently sends on that connection go unreplied, TCP retransmissions are sent, and eventually we get the error:
"upstream timed out (110: Connection timed out) while reading response header from upstream".
This strange behavior can play well with typical browsers provided that they have their own keepalive idle timeout, which is shorter than the server's.
As this issue is known since at least 2009, affects IIS 8.5 on Windows 2012 R2 and remains unfixed by Microsoft, it would be useful if nginx had the ability to set an idle timeout for keepalive connections to upstreams, after which it would close the connection. I reckon it could be useful in other scenarios as well, such as upstreams in remote networks with weird firewalls in between (see also https://github.com/nviennot/nginx-tcp-keepalive).
References:
Change History (2)
comment:1 by , 6 years ago
comment:2 by , 6 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Keepalive timeout was introduced in d9029e113a05.
See also #1484.