diff --git a/authentik/lib/default.yml b/authentik/lib/default.yml index c7d70f548c..233645fdcc 100644 --- a/authentik/lib/default.yml +++ b/authentik/lib/default.yml @@ -141,6 +141,10 @@ web: # workers: 2 threads: 4 path: / + timeout_http_read_header: 5s + timeout_http_read: 30s + timeout_http_write: 60s + timeout_http_idle: 120s worker: processes: 1 diff --git a/internal/config/struct.go b/internal/config/struct.go index 1ac4743883..8ab9fc55d6 100644 --- a/internal/config/struct.go +++ b/internal/config/struct.go @@ -104,7 +104,11 @@ type OutpostConfig struct { } type WebConfig struct { - Path string `yaml:"path" env:"PATH, overwrite"` + Path string `yaml:"path" env:"PATH, overwrite"` + TimeoutHttpReadHeader string `yaml:"timeout_http_read_header" env:"TIMEOUT_HTTP_READ_HEADER, overwrite"` + TimeoutHttpRead string `yaml:"timeout_http_read" env:"TIMEOUT_HTTP_READ, overwrite"` + TimeoutHttpWrite string `yaml:"timeout_http_write" env:"TIMEOUT_HTTP_WRITE, overwrite"` + TimeoutHttpIdle string `yaml:"timeout_http_idle" env:"TIMEOUT_HTTP_IDLE, overwrite"` } type LogConfig struct { diff --git a/internal/utils/web/server.go b/internal/utils/web/server.go index 1d4c1bdc3a..148ee56937 100644 --- a/internal/utils/web/server.go +++ b/internal/utils/web/server.go @@ -3,15 +3,26 @@ package web import ( "net/http" "time" + + "goauthentik.io/internal/config" ) +func durationOrFallback(raw string, fallback time.Duration) time.Duration { + p, err := time.ParseDuration(raw) + if err != nil { + return fallback + } + return p +} + func Server(h http.Handler) *http.Server { + c := config.Get() return &http.Server{ Handler: h, - ReadHeaderTimeout: 5 * time.Second, - ReadTimeout: 30 * time.Second, - WriteTimeout: 60 * time.Second, - IdleTimeout: 120 * time.Second, + ReadHeaderTimeout: durationOrFallback(c.Web.TimeoutHttpReadHeader, 5*time.Second), + ReadTimeout: durationOrFallback(c.Web.TimeoutHttpRead, 30*time.Second), + WriteTimeout: durationOrFallback(c.Web.TimeoutHttpWrite, 60*time.Second), + IdleTimeout: durationOrFallback(c.Web.TimeoutHttpIdle, 120*time.Second), MaxHeaderBytes: http.DefaultMaxHeaderBytes, } } diff --git a/website/docs/install-config/configuration/configuration.mdx b/website/docs/install-config/configuration/configuration.mdx index 3695105f80..7b20f95773 100644 --- a/website/docs/install-config/configuration/configuration.mdx +++ b/website/docs/install-config/configuration/configuration.mdx @@ -633,6 +633,26 @@ Configure the path under which authentik is served. For example to access authen Defaults to `/`. +### `AUTHENTIK_WEB__TIMEOUT_HTTP` + +Configure the timeouts for the web HTTP/HTTPS Server. Accepts duration in the format of "300ms", "-1.5h" or "2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + +- `AUTHENTIK_WEB__TIMEOUT_HTTP_READ_HEADER` + +Defaults to `5s` + +- `AUTHENTIK_WEB__TIMEOUT_HTTP_READ` + +Defaults to `30s` + +- `AUTHENTIK_WEB__TIMEOUT_HTTP_WRITE` + +Defaults to `60s` + +- `AUTHENTIK_WEB__TIMEOUT_HTTP_IDLE` + +Defaults to `120s` + ## System settings Additional [system settings](../../sys-mgmt/settings.md) are configurable using the Admin interface, under **System** > **Settings** or using the API.