From 21069124db0a7bdfb608dd9c5d020d753d8ef99d Mon Sep 17 00:00:00 2001
From: Brad Fitzpatrick <bradfitz@tailscale.com>
Date: Tue, 8 Mar 2022 08:08:36 -0800
Subject: [PATCH] control/controlclient: fix the Noise HTTP/2 timeout config

We want to close the connection after a minute of inactivity,
not heartbeat once a minute to keep it alive forever.

Updates #3488

Change-Id: I4b5275e8d1f2528e13de2d54808773c70537db91
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
---
 control/controlclient/noise.go | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/control/controlclient/noise.go b/control/controlclient/noise.go
index ca3c5ecf7..dd65dea1d 100644
--- a/control/controlclient/noise.go
+++ b/control/controlclient/noise.go
@@ -74,14 +74,23 @@ func newNoiseClient(priKey key.MachinePrivate, serverPubKey key.MachinePublic, s
 		serverHost:   host,
 	}
 
-	// Create a new http.Client which dials out using nc.Dial.
-	np.Client = &http.Client{
-		Transport: &http2.Transport{
-			ReadIdleTimeout: time.Minute,
-			DialTLS:         np.dial,
-		},
+	// Create the HTTP/2 Transport using a net/http.Transport
+	// (which only does HTTP/1) because it's the only way to
+	// configure certain properties on the http2.Transport. But we
+	// never actually use the net/http.Transport for any HTTP/1
+	// requests.
+	h2Transport, err := http2.ConfigureTransports(&http.Transport{
+		IdleConnTimeout: time.Minute,
+	})
+	if err != nil {
+		return nil, err
 	}
 
+	// Let the HTTP/2 Transport think it's dialing out using TLS,
+	// but it's actually our Noise dialer:
+	h2Transport.DialTLS = np.dial
+
+	np.Client = &http.Client{Transport: h2Transport}
 	return np, nil
 }