From 730b389e029ba2599a10efdbc5b153ee2c3c97eb Mon Sep 17 00:00:00 2001 From: Abel Ferreira Date: Mon, 26 Apr 2021 18:05:18 -0300 Subject: [PATCH] Add proxy timeout settings --- README.md | 13 ++++++++++++- nginx.tmpl | 13 +++++++++++-- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 3f5a0d5..cff75a0 100644 --- a/README.md +++ b/README.md @@ -150,6 +150,12 @@ When `HTTPS_METHOD=redirect` defined in container, the default https redirect po $ docker run -d -p 80:80 -e DEFAULT_HTTPS_REDIRECT_PORT=8443 -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy +### Default proxy timeout + +The default proxy timeout time will be 60s for all conteiners, set the env var `DEFAULT_PROXY_TIMEOUT=2m` in nginx container to change this behavior, for example: + + $ docker run -d -p 80:80 -e DEFAULT_PROXY_TIMEOUT=300s -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy + ### Separate Containers @@ -300,7 +306,12 @@ window / different browser. ### HTTPS External redirect port per container config -By default when `HTTPS_METHOD=redirect` nginx will redirect connections on port HTPP 80 to 443 port or value defined in `DEFAULT_HTTPS_REDIRECT_PORT`, with `HTTPS_REDIRECT_PORT=port` you can change this behavior to another port, for example `HTTPS_REDIRECT_PORT=8443` +By default when `HTTPS_METHOD=redirect` nginx will redirect connections on port HTPP 80 to 443 port or value defined in `DEFAULT_HTTPS_REDIRECT_PORT`, with `HTTPS_REDIRECT_PORT=port` you can change this behavior by container to another port, for example `HTTPS_REDIRECT_PORT=8443` + +### PROXY Timeout + +By default nginx will drop a connection after 60s or value defined in `DEFAULT_PROXY_TIMEOUT`, with `PROXY_TIMEOUT=time` you can change this behavior by container to another time, for example `PROXY_TIMEOUT=180s` + ### HSTS diff --git a/nginx.tmpl b/nginx.tmpl index c78d6d5..99c7a3d 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -207,6 +207,7 @@ upstream {{ $upstream_name }} { {{ $default_host := or ($.Env.DEFAULT_HOST) "" }} {{ $default_server := index (dict $host "" $default_host "default_server") $host }} {{ $default_https_redirect_port := or ($.Env.DEFAULT_HTTPS_REDIRECT_PORT) "443" }} +{{ $default_proxy_timeout := or ($.Env.DEFAULT_PROXY_TIMEOUT) "60s" }} {{/* Get the VIRTUAL_PROTO defined by containers w/ the same vhost, falling back to "http" */}} {{ $proto := trim (or (first (groupByKeys $containers "Env.VIRTUAL_PROTO")) "http") }} @@ -220,6 +221,9 @@ upstream {{ $upstream_name }} { {{/* Get the HTTPS_REDIRECT_PORT defined by containers w/ the same vhost, falling back to "443" */}} {{ $https_redirect_port := or (first (groupByKeys $containers "Env.HTTPS_REDIRECT_PORT")) (or $.Env.HTTPS_REDIRECT_PORT $default_https_redirect_port) }} +{{/* Get the PROXY_TIMEOUT defined by containers w/ the same vhost, falling back to "60s" */}} +{{ $proxy_timeout := or (first (groupByKeys $containers "Env.PROXY_TIMEOUT")) (or $.Env.PROXY_TIMEOUT $default_proxy_timeout)) }} + {{/* Get the SSL_POLICY defined by containers w/ the same vhost, falling back to empty string (use default) */}} {{ $ssl_policy := or (first (groupByKeys $containers "Env.SSL_POLICY")) "" }} @@ -255,7 +259,7 @@ server { listen [::]:{{ $external_http_port }} {{ $default_server }}; {{ end }} {{ $access_log }} - + # Do not HTTPS redirect Let'sEncrypt ACME challenge location /.well-known/acme-challenge/ { auth_basic off; @@ -264,7 +268,7 @@ server { try_files $uri =404; break; } - + location / { return 301 https://$host:{{ $https_redirect_port }}$request_uri; } @@ -290,6 +294,11 @@ server { ssl_session_cache shared:SSL:50m; ssl_session_tickets off; + send_timeout {{ $proxy_timeout }}; + proxy_connect_timeout {{ $proxy_timeout }}; + proxy_send_timeout {{ $proxy_timeout }}; + proxy_read_timeout {{ $proxy_timeout }}; + ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }}; ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }};