internal: make http timeouts configurable (#20472)

* internal: make http timeouts configurable Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Changed formatting to match the rest of the doc --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
2026-06-17 19:09:11 +03:00 · 2026-02-25 13:21:13 +00:00
parent 9f3d1c3f90
commit 849c37806d
4 changed files with 44 additions and 5 deletions
@@ -141,6 +141,10 @@ web:
  # workers: 2
  threads: 4
  path: /
+  timeout_http_read_header: 5s
+  timeout_http_read: 30s
+  timeout_http_write: 60s
+  timeout_http_idle: 120s

 worker:
  processes: 1
@@ -104,7 +104,11 @@ type OutpostConfig struct {
 }

 type WebConfig struct {
-	Path string `yaml:"path" env:"PATH, overwrite"`
+	Path                  string `yaml:"path" env:"PATH, overwrite"`
+	TimeoutHttpReadHeader string `yaml:"timeout_http_read_header" env:"TIMEOUT_HTTP_READ_HEADER, overwrite"`
+	TimeoutHttpRead       string `yaml:"timeout_http_read" env:"TIMEOUT_HTTP_READ, overwrite"`
+	TimeoutHttpWrite      string `yaml:"timeout_http_write" env:"TIMEOUT_HTTP_WRITE, overwrite"`
+	TimeoutHttpIdle       string `yaml:"timeout_http_idle" env:"TIMEOUT_HTTP_IDLE, overwrite"`
 }

 type LogConfig struct {
@@ -3,15 +3,26 @@ package web
 import (
 	"net/http"
 	"time"
+
+	"goauthentik.io/internal/config"
 )

+func durationOrFallback(raw string, fallback time.Duration) time.Duration {
+	p, err := time.ParseDuration(raw)
+	if err != nil {
+		return fallback
+	}
+	return p
+}
+
 func Server(h http.Handler) *http.Server {
+	c := config.Get()
 	return &http.Server{
 		Handler:           h,
-		ReadHeaderTimeout: 5 * time.Second,
-		ReadTimeout:       30 * time.Second,
-		WriteTimeout:      60 * time.Second,
-		IdleTimeout:       120 * time.Second,
+		ReadHeaderTimeout: durationOrFallback(c.Web.TimeoutHttpReadHeader, 5*time.Second),
+		ReadTimeout:       durationOrFallback(c.Web.TimeoutHttpRead, 30*time.Second),
+		WriteTimeout:      durationOrFallback(c.Web.TimeoutHttpWrite, 60*time.Second),
+		IdleTimeout:       durationOrFallback(c.Web.TimeoutHttpIdle, 120*time.Second),
 		MaxHeaderBytes:    http.DefaultMaxHeaderBytes,
 	}
 }
@@ -633,6 +633,26 @@ Configure the path under which authentik is served. For example to access authen

 Defaults to `/`.

+### `AUTHENTIK_WEB__TIMEOUT_HTTP`
+
+Configure the timeouts for the web HTTP/HTTPS Server. Accepts duration in the format of "300ms", "-1.5h" or "2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
+
+- `AUTHENTIK_WEB__TIMEOUT_HTTP_READ_HEADER`
+
+Defaults to `5s`
+
+- `AUTHENTIK_WEB__TIMEOUT_HTTP_READ`
+
+Defaults to `30s`
+
+- `AUTHENTIK_WEB__TIMEOUT_HTTP_WRITE`
+
+Defaults to `60s`
+
+- `AUTHENTIK_WEB__TIMEOUT_HTTP_IDLE`
+
+Defaults to `120s`
+
 ## System settings

 Additional [system settings](../../sys-mgmt/settings.md) are configurable using the Admin interface, under **System** > **Settings** or using the API.