cmd/derper: add missing read/write timeouts

Updates tailscale/corp#2486 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
3 years ago · 00b3c1c042
parent 9b7fc2ed1f
commit 00b3c1c042
1 changed files with 10 additions and 0 deletions
--- a/cmd/derper/derper.go
+++ b/cmd/derper/derper.go
@ -187,6 +187,16 @@ func main() {
 	httpsrv := &http.Server{
 		Addr:    *addr,
 		Handler: mux,
+
+		// Set read/write timeout. For derper, this basically
+		// only affects TLS setup, as read/write deadlines are
+		// cleared on Hijack, which the DERP server does. But
+		// without this, we slowly accumulate stuck TLS
+		// handshake goroutines forever. This also affects
+		// /debug/ traffic, but 30 seconds is plenty for
+		// Prometheus/etc scraping.
+		ReadTimeout:  30 * time.Second,
+		WriteTimeout: 30 * time.Second,
 	}

 	var err error