Configurable Proxy Protocol header timeout for TLS passthrough

2018-06-03 20:10:41 -05:00 · 2018-06-03 20:10:41 -05:00 · d637a9b978
commit d637a9b978
parent c8fec068d9
5 changed files with 46 additions and 1 deletions
--- a/docs/user-guide/nginx-configuration/configmap.md
+++ b/docs/user-guide/nginx-configuration/configmap.md
@ -84,6 +84,7 @@ The following table shows a configuration option's name, type, and the default v
 |[ssl-session-timeout](#ssl-session-timeout)|string|"10m"|
 |[ssl-buffer-size](#ssl-buffer-size)|string|"4k"|
 |[use-proxy-protocol](#use-proxy-protocol)|bool|"false"|
+|[proxy-protocol-header-timeout](#proxy-protocol-header-timeout)|string|"5s"|
 |[use-gzip](#use-gzip)|bool|"true"|
 |[use-geoip](#use-geoip)|bool|"true"|
 |[enable-brotli](#enable-brotli)|bool|"true"|
@ -479,6 +480,11 @@ _References:_

 Enables or disables the [PROXY protocol](https://www.nginx.com/resources/admin-guide/proxy-protocol/) to receive client connection (real IP address) information passed through proxy servers and load balancers such as HAProxy and Amazon Elastic Load Balancer (ELB).

+## proxy-protocol-header-timeout
+
+Sets the timeout value for receiving the proxy-protocol headers. The default of 5 seconds prevents the TLS passthrough handler from waiting indefinetly on a dropped connection.
+_**default:**_ 5s
+
 ## use-gzip

 Enables or disables compression of HTTP responses using the ["gzip" module](http://nginx.org/en/docs/http/ngx_http_gzip_module.html).