feat(config): support large uploads with read header timeout
All checks were successful
Build and Publish Docker Image / deploy (push) Successful in 1m40s
All checks were successful
Build and Publish Docker Image / deploy (push) Successful in 1m40s
Disable default read and write timeouts (set to 0s) to prevent Go from prematurely closing connections during large multi-GB uploads. Introduce `WARPBOX_READ_HEADER_TIMEOUT` (defaulting to 15s) to protect against slowloris-style attacks while still allowing long-running uploads to complete. Update documentation and example configurations accordingly.
This commit is contained in:
@@ -38,6 +38,11 @@ Upload policy defaults are also configured in megabytes and can later be changed
|
||||
Runtime data is configured with `WARPBOX_DATA_DIR` and defaults to `./data` in the dev environment.
|
||||
The dev script resolves that path from the repository root.
|
||||
|
||||
Large uploads are expected to take minutes on normal home/server connections. Keep
|
||||
`WARPBOX_READ_TIMEOUT=0s` and `WARPBOX_WRITE_TIMEOUT=0s` so Go does not close the connection
|
||||
mid-upload; `WARPBOX_READ_HEADER_TIMEOUT=15s` still protects header reads from slowloris-style
|
||||
connections.
|
||||
|
||||
Background jobs are enabled with `WARPBOX_JOBS_ENABLED=true`. Individual jobs can be toggled with
|
||||
`WARPBOX_CLEANUP_ENABLED` and `WARPBOX_THUMBNAIL_ENABLED`, and their schedules are configured with
|
||||
`WARPBOX_CLEANUP_EVERY` and `WARPBOX_THUMBNAIL_EVERY`.
|
||||
@@ -106,6 +111,9 @@ WARPBOX_DATA_DIR=/var/lib/warpbox
|
||||
WARPBOX_STATIC_DIR=/opt/warpbox-dev/backend/static
|
||||
WARPBOX_TEMPLATE_DIR=/opt/warpbox-dev/backend/templates
|
||||
WARPBOX_TRUSTED_PROXIES=127.0.0.1,::1
|
||||
WARPBOX_READ_HEADER_TIMEOUT=15s
|
||||
WARPBOX_READ_TIMEOUT=0s
|
||||
WARPBOX_WRITE_TIMEOUT=0s
|
||||
```
|
||||
|
||||
Example `/etc/systemd/system/warpbox.service`:
|
||||
|
||||
Reference in New Issue
Block a user