From 0232331f990fbdc113a9c1bf47d98c55598d8d97 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Fri, 8 Sep 2023 02:51:57 +0200 Subject: [PATCH] Fix reverse proxy timeout issues --- src/lib/fastcgi.h | 1 + src/lib/proxy.c | 16 +++++++++++++++- src/server.h | 5 ++++- src/worker/fastcgi_frame_handler.c | 2 +- src/worker/tcp_acceptor.c | 2 +- 5 files changed, 22 insertions(+), 4 deletions(-) diff --git a/src/lib/fastcgi.h b/src/lib/fastcgi.h index cd2fbbb..a43e0cf 100644 --- a/src/lib/fastcgi.h +++ b/src/lib/fastcgi.h @@ -13,6 +13,7 @@ #include "http.h" #include "uri.h" +#define FASTCGI_SOCKET_TIMEOUT 1 #define FASTCGI_TIMEOUT 3600 #define FASTCGI_BACKEND_PHP 1 diff --git a/src/lib/proxy.c b/src/lib/proxy.c index 74d4cc1..90306c5 100644 --- a/src/lib/proxy.c +++ b/src/lib/proxy.c @@ -314,7 +314,7 @@ static int proxy_connect(proxy_ctx_t *proxy, host_config_t *conf, http_res *res, info(BLUE_STR "Connecting to " BLD_STR "[%s]:%i" CLR_STR BLUE_STR "...", conf->proxy.hostname, conf->proxy.port); int fd; - if ((fd = sock_connect(conf->proxy.hostname, conf->proxy.port, SERVER_TIMEOUT_INIT, addr_buf, sizeof(addr_buf))) == -1) { + if ((fd = sock_connect(conf->proxy.hostname, conf->proxy.port, SERVER_SOCKET_TIMEOUT_INIT, addr_buf, sizeof(addr_buf))) == -1) { if (errno == ETIMEDOUT || errno == EINPROGRESS || errno == EHOSTDOWN || errno == EHOSTUNREACH) { res->status = http_get_status(504); ctx->origin = SERVER_REQ; @@ -471,6 +471,13 @@ int proxy_init(proxy_ctx_t **proxy_ptr, http_req *req, http_res *res, http_statu return -1; } + if (sock_set_socket_timeout(&proxy->proxy, SERVER_SOCKET_TIMEOUT_RES) != 0) { + res->status = http_get_status(500); + ctx->origin = INTERNAL; + error("Unable to set timeout for reverse proxy socket"); + return -1; + } + ret = sock_recv(&proxy->proxy, buffer, sizeof(buffer) - 1, MSG_PEEK); if (ret <= 0) { int e_sys = error_get_sys(), e_ssl = error_get_ssl(); @@ -487,6 +494,13 @@ int proxy_init(proxy_ctx_t **proxy_ptr, http_req *req, http_res *res, http_statu } buffer[ret] = 0; + if (sock_set_socket_timeout(&proxy->proxy, SOCKET_TIMEOUT) != 0) { + res->status = http_get_status(500); + ctx->origin = INTERNAL; + error("Unable to set timeout for reverse proxy socket"); + return -1; + } + char *buf = buffer; unsigned short header_len = (unsigned short) (strstr(buffer, "\r\n\r\n") - buffer + 4); diff --git a/src/server.h b/src/server.h index e9fcc80..b281697 100644 --- a/src/server.h +++ b/src/server.h @@ -14,8 +14,11 @@ #define NUM_SOCKETS 2 #define LISTEN_BACKLOG 16 #define REQ_PER_CONNECTION 200 + +#define SOCKET_TIMEOUT 1 #define CLIENT_TIMEOUT 3600 -#define SERVER_TIMEOUT_INIT 4 +#define SERVER_SOCKET_TIMEOUT_INIT 5 +#define SERVER_SOCKET_TIMEOUT_RES 60 #define SERVER_TIMEOUT 3600 #define CNX_HANDLER_WORKERS 8 diff --git a/src/worker/fastcgi_frame_handler.c b/src/worker/fastcgi_frame_handler.c index 298fd42..19351ac 100644 --- a/src/worker/fastcgi_frame_handler.c +++ b/src/worker/fastcgi_frame_handler.c @@ -37,7 +37,7 @@ void fastcgi_frame_handler_func(fastcgi_ctx_t *ctx) { int fastcgi_handle_connection(client_ctx_t *ctx, fastcgi_cnx_t **cnx) { sock_set_timeout(&(*cnx)->socket, FASTCGI_TIMEOUT); - sock_set_socket_timeout(&(*cnx)->socket, 1); + sock_set_socket_timeout(&(*cnx)->socket, FASTCGI_SOCKET_TIMEOUT); fastcgi_ctx_t *a = malloc(sizeof(fastcgi_ctx_t)); a->closed = 0; diff --git a/src/worker/tcp_acceptor.c b/src/worker/tcp_acceptor.c index 24d4449..ec4440a 100644 --- a/src/worker/tcp_acceptor.c +++ b/src/worker/tcp_acceptor.c @@ -67,7 +67,7 @@ static int tcp_acceptor(client_ctx_t *ctx) { ctx->host[0] != 0 ? ctx->host : "", ctx->host[0] != 0 ? ") " : "", ctx->cc[0] != 0 ? ctx->cc : "N/A"); - if (sock_set_socket_timeout(client, 1) != 0 || sock_set_timeout(client, CLIENT_TIMEOUT) != 0) { + if (sock_set_socket_timeout(client, SOCKET_TIMEOUT) != 0 || sock_set_timeout(client, CLIENT_TIMEOUT) != 0) { error("Unable to set timeout for socket"); return -1; }