Timeouts (#185)

* _all_ the timeouts

* Missed a file

* Moved the nginx timeouts to the http context so they would apply everywhere as defaults (#188)

Co-authored-by: Nigel Banks <[email protected]:w>

Co-authored-by: Nigel Banks <[email protected]>
Co-authored-by: Nigel Banks <[email protected]:w>

.vscode/settings.json

@@ -14,17 +14,23 @@
         "composer": "shellscript"
     },
     "cSpell.words": [
-        "MODESHAPE",
-        "POSTGRESQL",
-        "SIGTERM",
         "binarystorage",
         "catchable",
         "classpath",
+        "Confd",
         "crond",
         "elif",
+        "fastcgi",
+        "filesize",
         "getenv",
+        "islandora",
+        "KEEPALIVE",
+        "MODESHAPE",
         "nativeplatform",
         "nocopy",
+        "POSTGRESQL",
+        "proxied",
+        "SIGTERM",
         "xdebug"
     ]
 }

demo/Dockerfile

@@ -58,6 +58,6 @@ RUN --mount=type=cache,id=demo-composer,sharing=locked,target=/root/.composer/ca
     mkdir -p /var/www/drupal/web/sites/default/files/library-definitions && \
     cp /var/www/drupal/web/modules/contrib/openseadragon/openseadragon.json /var/www/drupal/web/sites/default/files/library-definitions
 
-FROM ${repository}/drupal:${tag}
+FROM ${repository}/drupal:${tag} AS drupal
 
 COPY --from=composer --chown=nginx:nginx /var/www /var/www

nginx/Dockerfile

@@ -39,9 +39,18 @@ RUN --mount=type=cache,id=nginx-apk,sharing=locked,from=cache,target=/var/cache/
     cleanup.sh
 
 ENV \
+    NGINX_CLIENT_BODY_TIMEOUT=60s \
     NGINX_CLIENT_MAX_BODY_SIZE=0 \
     NGINX_ERROR_LOG_LEVEL=warn \
-    NGINX_KEEPALIVE_TIMEOUT=65 \
+    NGINX_FASTCGI_CONNECT_TIMEOUT=60s \
+    NGINX_FASTCGI_READ_TIMEOUT=60s \
+    NGINX_FASTCGI_SEND_TIMEOUT=60s \
+    NGINX_KEEPALIVE_TIMEOUT=75s \
+    NGINX_LINGERING_TIMEOUT=5s \
+    NGINX_PROXY_CONNECT_TIMEOUT=60s \
+    NGINX_PROXY_READ_TIMEOUT=60s \
+    NGINX_PROXY_SEND_TIMEOUT=60s \
+    NGINX_SEND_TIMEOUT=60s \
     NGINX_WORKER_CONNECTIONS=1024 \
     NGINX_WORKER_PROCESSES=auto \
     PHP_DEFAULT_SOCKET_TIMEOUT=60 \
@@ -53,6 +62,8 @@ ENV \
     PHP_MAX_INPUT_VARS=3000 \
     PHP_MEMORY_LIMIT=256M \
     PHP_POST_MAX_SIZE=128M \
+    PHP_PROCESS_CONTROL_TIMEOUT=60 \
+    PHP_REQUEST_TERMINATE_TIMEOUT=60 \
     PHP_UPLOAD_MAX_FILESIZE=128M
 
 COPY --from=composer /usr/bin/composer /usr/bin/composer

nginx/README.md

@@ -22,27 +22,38 @@ Requires `islandora/base` docker image to build. Please refer to the
 
 ### Nginx Settings
 
-| Environment Variable       | Confd Key                   | Default | Description                                                                           |
-| :------------------------- | :-------------------------- | :------ | :------------------------------------------------------------------------------------ |
-| NGINX_CLIENT_MAX_BODY_SIZE | /nginx/client/max/body/size | 1m      | Specifies the maximum accepted body size of a client request                          |
-| NGINX_ERROR_LOG_LEVEL      | /nginx/error/log/level      | warn    | Log Level of Error log                                                                |
-| NGINX_KEEPALIVE_TIMEOUT    | /nginx/keepalive/timeout    | 65      | Timeout for keep-alive connections                                                    |
-| NGINX_WORKER_CONNECTIONS   | /nginx/worker/connections   | 1024    | The maximum number of simultaneous connections that can be opened by a worker process |
-| NGINX_WORKER_PROCESSES     | /nginx/worker/processes     | auto    | Set number of worker processes automatically based on number of CPU cores             |
+| Environment Variable          | Confd Key                      | Default | Description                                                                           |
+| :---------------------------- | :----------------------------- | :------ | :------------------------------------------------------------------------------------ |
+| NGINX_CLIENT_BODY_TIMEOUT     | /nginx/client/body/timeout     | 60s     | Timeout for reading client request body                                               |
+| NGINX_CLIENT_MAX_BODY_SIZE    | /nginx/client/max/body/size    | 1m      | Specifies the maximum accepted body size of a client request                          |
+| NGINX_ERROR_LOG_LEVEL         | /nginx/error/log/level         | warn    | Log Level of Error log                                                                |
+| NGINX_FASTCGI_CONNECT_TIMEOUT | /nginx/fastcgi/connect/timeout | 60s     | Timeout for establishing a connection with a FastCGI server                           |
+| NGINX_FASTCGI_READ_TIMEOUT    | /nginx/fastcgi/read/timeout    | 60s     | Timeout for reading a response from the FastCGI server                                |
+| NGINX_FASTCGI_SEND_TIMEOUT    | /nginx/fastcgi/send/timeout    | 60s     | Timeout for transmitting a request to the FastCGI server.                             |
+| NGINX_KEEPALIVE_TIMEOUT       | /nginx/keepalive/timeout       | 75s     | Timeout for keep-alive connections                                                    |
+| NGINX_LINGERING_TIMEOUT       | /nginx/lingering/timeout       | 5s      | The maximum waiting time for more client data to arrive                               |
+| NGINX_PROXY_CONNECT_TIMEOUT   | /nginx/proxy/connect/timeout   | 60s     | Timeout for establishing a connection with a proxied server                           |
+| NGINX_PROXY_READ_TIMEOUT      | /nginx/proxy/read/timeout      | 60s     | Timeout for reading a response from the proxied server                                |
+| NGINX_PROXY_SEND_TIMEOUT      | /nginx/proxy/send/timeout      | 60s     | Timeout for transmitting a request to the proxied server                              |
+| NGINX_SEND_TIMEOUT            | /nginx/send/timeout            | 60s     | Timeout for transmitting a response to the client                                     |
+| NGINX_WORKER_CONNECTIONS      | /nginx/worker/connections      | 1024    | The maximum number of simultaneous connections that can be opened by a worker process |
+| NGINX_WORKER_PROCESSES        | /nginx/worker/processes        | auto    | Set number of worker processes automatically based on number of CPU cores             |
 
 ### PHP Settings
 
-| Environment Variable       | Confd Key                   | Default | Description                                                       |
-| :------------------------- | :-------------------------- | :------ | :---------------------------------------------------------------- |
-| PHP_DEFAULT_SOCKET_TIMEOUT | /php/default/socket/timeout | 60      | Default timeout for socket based streams (seconds)                |
-| PHP_LOG_LEVEL              | /php/log/level              | notice  | Log level. Possible Values: alert, error, warning, notice, debug  |
-| PHP_LOG_LIMIT              | /php/log/limit              | 16384   | Log limit on number of characters in the single line              |
-| PHP_MAX_EXECUTION_TIME     | /php/max/execution/time     | 30      | Maximum execution time of each script, in seconds                 |
-| PHP_MAX_FILE_UPLOADS       | /php/max/file/uploads       | 20      | Maximum number of files that can be uploaded via a single request |
-| PHP_MAX_INPUT_TIME         | /php/max/input/time         | 60      | Maximum amount of time each script may spend parsing request data |
-| PHP_MEMORY_LIMIT           | /php/memory/limit           | 128M    | Maximum amount of memory a script may consume                     |
-| PHP_POST_MAX_SIZE          | /php/post/max/size          | 128M    | Maximum size of POST data that PHP will accept                    |
-| PHP_UPLOAD_MAX_FILESIZE    | /php/upload/max/filesize    | 128M    | Maximum allowed size for uploaded files                           |
+| Environment Variable          | Confd Key                      | Default | Description                                                                        |
+| :---------------------------- | :----------------------------- | :------ | :--------------------------------------------------------------------------------- |
+| PHP_DEFAULT_SOCKET_TIMEOUT    | /php/default/socket/timeout    | 60      | Default timeout for socket based streams (seconds)                                 |
+| PHP_LOG_LEVEL                 | /php/log/level                 | notice  | Log level. Possible Values: alert, error, warning, notice, debug                   |
+| PHP_LOG_LIMIT                 | /php/log/limit                 | 16384   | Log limit on number of characters in the single line                               |
+| PHP_MAX_EXECUTION_TIME        | /php/max/execution/time        | 30      | Maximum execution time of each script, in seconds                                  |
+| PHP_MAX_FILE_UPLOADS          | /php/max/file/uploads          | 20      | Maximum number of files that can be uploaded via a single request                  |
+| PHP_MAX_INPUT_TIME            | /php/max/input/time            | 60      | Maximum amount of time each script may spend parsing request data                  |
+| PHP_MEMORY_LIMIT              | /php/memory/limit              | 128M    | Maximum amount of memory a script may consume                                      |
+| PHP_POST_MAX_SIZE             | /php/post/max/size             | 128M    | Maximum size of POST data that PHP will accept                                     |
+| PHP_PROCESS_CONTROL_TIMEOUT   | /php/process/control/timeout   | 60      | Timeout for child processes to wait for a reaction on signals from master          |
+| PHP_REQUEST_TERMINATE_TIMEOUT | /php/request/terminate/timeout | 60      | Timeout for serving a single request after which the worker process will be killed |
+| PHP_UPLOAD_MAX_FILESIZE       | /php/upload/max/filesize       | 128M    | Maximum allowed size for uploaded files                                            |
 
 [FPM Documentation]: https://www.php.net/manual/en/install.fpm.configuration.php
 [FPM Logging]: https://www.php.net/manual/en/install.fpm.configuration.php

nginx/rootfs/etc/confd/templates/nginx.conf.tmpl

@@ -40,6 +40,33 @@ http {
         # error code 413. Set to 0 to disable. Default is '1m'.
         client_max_body_size {{ getenv "NGINX_CLIENT_MAX_BODY_SIZE" }};
 
+        # Defines a timeout for reading client request body. The timeout is
+        # set only for a period between two successive read operations, not for
+        # the transmission of the whole request body. If a client does not
+        # transmit anything within this time, the request is terminated with the
+        # 408 (Request Time-out) error.
+        client_body_timeout {{ getenv "NGINX_CLIENT_BODY_TIMEOUT" }};
+
+        # Sets a timeout for transmitting a response to the client. The timeout
+        # is set only between two successive write operations, not for the
+        # transmission of the whole response. If the client does not receive
+        # anything within this time, the connection is closed.
+        send_timeout {{ getenv "NGINX_SEND_TIMEOUT" }};
+
+        # The first parameter sets a timeout during which a keep-alive client
+        # connection will stay open on the server side. The zero value disables
+        # keep-alive client connections. The optional second parameter sets a
+        # value in the “Keep-Alive: timeout=time” response header field. Two
+        # parameters may differ.
+        keepalive_timeout {{ getenv "NGINX_KEEPALIVE_TIMEOUT" }};
+
+        # When lingering_close is in effect, this directive specifies the maximum
+        # waiting time for more client data to arrive. If data are not received
+        # during this time, the connection is closed. Otherwise, the data are
+        # read and ignored, and nginx starts waiting for more data again. The
+        # “wait-read-ignore” cycle is repeated, but no longer than specified by
+        # the lingering_time directive.
+        lingering_timeout {{ getenv "NGINX_LINGERING_TIMEOUT" }};
 
         # Sendfile copies data between one FD and other from within the kernel,
         # which is more efficient than read() + write(). Default is off.
@@ -49,7 +76,6 @@ http {
         # instead of using partial frames. Default is 'off'.
         tcp_nopush on;
 
-
         # Enables the specified protocols. Default is TLSv1 TLSv1.1 TLSv1.2.
         # TIP: If you're not obligated to support ancient clients, remove TLSv1.1.
         ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
@@ -73,13 +99,44 @@ http {
         # Disable TLS session tickets (they are insecure). Default is 'on'.
         ssl_session_tickets off;
 
-
         # Enable gzipping of responses.
         #gzip on;
 
         # Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'.
         gzip_vary on;
 
+        # Defines a timeout for establishing a connection with a FastCGI server.
+        # It should be noted that this timeout cannot usually exceed 75 seconds.
+        fastcgi_connect_timeout {{ getenv "NGINX_FASTCGI_CONNECT_TIMEOUT" }};
+
+        # Defines a timeout for reading a response from the FastCGI server. The
+        # timeout is set only between two successive read operations, not for the
+        # transmission of the whole response. If the FastCGI server does not
+        # transmit anything within this time, the connection is closed.
+        fastcgi_read_timeout {{ getenv "NGINX_FASTCGI_READ_TIMEOUT" }};
+
+        # Sets a timeout for transmitting a request to the FastCGI server. The
+        # timeout is set only between two successive write operations, not for
+        # the transmission of the whole request. If the FastCGI server does not
+        # receive anything within this time, the connection is closed.
+        fastcgi_send_timeout {{ getenv "NGINX_FASTCGI_SEND_TIMEOUT" }};
+
+        # Defines a timeout for establishing a connection with a proxied server.
+        # It should be noted that this timeout cannot usually exceed 75 seconds.
+        proxy_connect_timeout {{ getenv "NGINX_PROXY_CONNECT_TIMEOUT" }};
+
+        # Defines a timeout for reading a response from the proxied server. The
+        # timeout is set only between two successive read operations, not for the
+        # transmission of the whole response. If the proxied server does not
+        # transmit anything within this time, the connection is closed.
+        proxy_read_timeout {{ getenv "NGINX_PROXY_READ_TIMEOUT" }};
+
+
+        # Sets a timeout for transmitting a request to the proxied server. The
+        # timeout is set only between two successive write operations, not for
+        # the transmission of the whole request. If the proxied server does not
+        # receive anything within this time, the connection is closed.
+        proxy_send_timeout {{ getenv "NGINX_PROXY_SEND_TIMEOUT" }};
 
         # Helper variable for proxying websockets.
         map $http_upgrade $connection_upgrade {
@@ -94,7 +151,7 @@ http {
                         '"$http_user_agent" "$http_x_forwarded_for"';
 
         # Sets the path, format, and configuration for a buffered log write.
-       access_log /dev/stdout main;
+        access_log /dev/stdout main;
 
 
         # Includes virtual hosts configs.
@@ -106,4 +163,4 @@ http {
 }
 
 # TIP: Uncomment if you use stream module.
-#include /etc/nginx/stream.conf;
+#include /etc/nginx/stream.conf;

nginx/rootfs/etc/confd/templates/php-fpm.conf.tmpl

@@ -77,7 +77,7 @@ log_limit = {{ getenv "PHP_LOG_LIMIT" }}
 ; Available units: s(econds), m(inutes), h(ours), or d(ays)
 ; Default Unit: seconds
 ; Default Value: 0
-;process_control_timeout = 0
+process_control_timeout = {{ getenv "PHP_PROCESS_CONTROL_TIMEOUT" }}
 
 ; The maximum number of processes FPM will fork. This has been designed to control
 ; the global number of processes when using dynamic PM within a lot of pools.

nginx/rootfs/etc/confd/templates/www.conf.tmpl

@@ -337,7 +337,7 @@ pm.max_spare_servers = 3
 ; does not stop script execution for some reason. A value of '0' means 'off'.
 ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
 ; Default Value: 0
-;request_terminate_timeout = 0
+request_terminate_timeout = {{ getenv "PHP_REQUEST_TERMINATE_TIMEOUT" }}
 
 ; The timeout set by 'request_terminate_timeout' ini option is not engaged after
 ; application calls 'fastcgi_finish_request' or when application has finished and