feat(docker-jans): add support for passing jetty.http.idleTimeout opt…

…ion (#7298)

Signed-off-by: iromli <isman.firmansyah@gmail.com>

docker-jans-all-in-one/Dockerfile

@@ -155,6 +155,7 @@ ENV JETTY_BASE=/opt/jans/jetty \
     CN_FIDO2_JAVA_OPTIONS="" \
     CN_SCIM_JAVA_OPTIONS=""  \
     CN_JETTY_REQUEST_HEADER_SIZE=8192 \
+    CN_JETTY_IDLE_TIMEOUT=30000 \
     CN_CONFIG_API_CREATE_SCOPES=true \
     CN_AUTH_JETTY_HOST=127.0.0.1 \
     CN_AUTH_JETTY_PORT=8081 \

docker-jans-auth-server/Dockerfile

@@ -220,6 +220,7 @@ ENV CN_MAX_RAM_PERCENTAGE=75.0 \
     CN_GOOGLE_SECRET_VERSION_ID=latest \
     CN_GOOGLE_SECRET_NAME_PREFIX=jans \
     CN_JETTY_REQUEST_HEADER_SIZE=8192 \
+    CN_JETTY_IDLE_TIMEOUT=30000 \
     CN_PROMETHEUS_PORT="" \
     CN_AWS_SECRETS_ENDPOINT_URL="" \
     CN_AWS_SECRETS_PREFIX=jans \

docker-jans-auth-server/README.md

@@ -79,6 +79,7 @@ The following environment variables are supported by the container:
 - `CN_GOOGLE_SPANNER_INSTANCE_ID`: Google Spanner instance ID.
 - `CN_GOOGLE_SPANNER_DATABASE_ID`: Google Spanner database ID.
 - `CN_JETTY_REQUEST_HEADER_SIZE`: Maximum size of request header accepted by Jetty (default to `8192`).
+- `CN_JETTY_IDLE_TIMEOUT`: Timeout of Jetty idle connection (default to `30000`).
 - `CN_AUTH_APP_LOGGERS`: Custom logging configuration in JSON-string format with hash type (see [Configure app loggers](#configure-app-loggers) section for details).
 - `CN_PROMETHEUS_PORT`: Port used by Prometheus JMX agent (default to empty string). To enable Prometheus JMX agent, set the value to a number. See [Exposing metrics](#exposing-metrics) for details.
 - `CN_SQL_DB_HOST`: Hostname of the SQL database (default to `localhost`).

docker-jans-auth-server/scripts/entrypoint.sh

@@ -86,6 +86,7 @@ exec java \
     -jar /opt/jetty/start.jar \
         jetty.http.host="${CN_AUTH_JETTY_HOST}" \
         jetty.http.port="${CN_AUTH_JETTY_PORT}" \
+        jetty.http.idleTimeout="${CN_JETTY_IDLE_TIMEOUT}" \
         jetty.deploy.scanInterval=0 \
         jetty.httpConfig.sendServerVersion=false \
-        jetty.httpConfig.requestHeaderSize=$CN_JETTY_REQUEST_HEADER_SIZE
+        jetty.httpConfig.requestHeaderSize="${CN_JETTY_REQUEST_HEADER_SIZE}"

docker-jans-casa/Dockerfile

@@ -200,7 +200,8 @@ ENV CN_MAX_RAM_PERCENTAGE=75.0 \
     CN_CASA_JWKS_SIZE_LIMIT=100000 \
     CN_CASA_JETTY_PORT=8080 \
     CN_CASA_JETTY_HOST=0.0.0.0 \
-    CN_SHARE_AUTH_CONF=true
+    CN_SHARE_AUTH_CONF=true \
+    CN_JETTY_IDLE_TIMEOUT=30000
 
 # ==========
 # misc stuff

docker-jans-casa/README.md

@@ -76,6 +76,7 @@ The following environment variables are supported by the container:
 - `CN_CASA_ADMIN_LOCK_FILE`: Path to lock file to enable/disable administration feature (default to `/opt/jans/jetty/jans-casa/.administrable`). If file is not exist, the feature is disabled.
 - `CN_PROMETHEUS_PORT`: Port used by Prometheus JMX agent (default to empty string). To enable Prometheus JMX agent, set the value to a number. See [Exposing metrics](#exposing-metrics) for details.
 - `CN_CASA_JWKS_SIZE_LIMIT`: Default HTTP size limit (in bytes) when retrieving remote JWKS (default to `100000`).
+- `CN_JETTY_IDLE_TIMEOUT`: Timeout of Jetty idle connection (default to `30000`).
 
 ### Configure app loggers
 

docker-jans-casa/scripts/entrypoint.sh

@@ -70,5 +70,6 @@ exec java \
     -jar /opt/jetty/start.jar \
         jetty.http.host="${CN_CASA_JETTY_HOST}" \
         jetty.http.port="${CN_CASA_JETTY_PORT}" \
+        jetty.http.idleTimeout="${CN_JETTY_IDLE_TIMEOUT}" \
         jetty.deploy.scanInterval=0 \
         jetty.httpConfig.sendServerVersion=false

docker-jans-config-api/Dockerfile

@@ -216,7 +216,8 @@ ENV CN_MAX_RAM_PERCENTAGE=75.0 \
     CN_AWS_SECRETS_REPLICA_FILE="" \
     CN_CONFIG_API_CREATE_SCOPES=true \
     CN_CONFIG_API_JETTY_PORT=8074 \
-    CN_CONFIG_API_JETTY_HOST=0.0.0.0
+    CN_CONFIG_API_JETTY_HOST=0.0.0.0 \
+    CN_JETTY_IDLE_TIMEOUT=30000
 
 # ==========
 # misc stuff

docker-jans-config-api/README.md

@@ -92,6 +92,7 @@ The following environment variables are supported by the container:
 - `AWS_SHARED_CREDENTIALS_FILE`: The location of the shared credentials file used by the client (see https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html).
 - `AWS_CONFIG_FILE`: The location of the config file used by the client (see https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html).
 - `AWS_PROFILE`: The default profile to use, if any.
+- `CN_JETTY_IDLE_TIMEOUT`: Timeout of Jetty idle connection (default to `30000`).
 
 ### Configure app loggers
 

docker-jans-config-api/scripts/entrypoint.sh

@@ -74,5 +74,6 @@ exec java \
     -jar /opt/jetty/start.jar \
         jetty.http.host="${CN_CONFIG_API_JETTY_HOST}" \
         jetty.http.port="${CN_CONFIG_API_JETTY_PORT}" \
+        jetty.http.idleTimeout="${CN_JETTY_IDLE_TIMEOUT}" \
         jetty.deploy.scanInterval=0 \
         jetty.httpConfig.sendServerVersion=false

docker-jans-fido2/Dockerfile

@@ -203,7 +203,8 @@ ENV CN_MAX_RAM_PERCENTAGE=75.0 \
     CN_AWS_SECRETS_PREFIX=jans \
     CN_AWS_SECRETS_REPLICA_FILE="" \
     CN_FIDO2_JETTY_PORT=8080 \
-    CN_FIDO2_JETTY_HOST=0.0.0.0
+    CN_FIDO2_JETTY_HOST=0.0.0.0 \
+    CN_JETTY_IDLE_TIMEOUT=30000
 
 # ==========
 # misc stuff

docker-jans-fido2/README.md

@@ -84,6 +84,7 @@ The following environment variables are supported by the container:
 - `AWS_SHARED_CREDENTIALS_FILE`: The location of the shared credentials file used by the client (see https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html).
 - `AWS_CONFIG_FILE`: The location of the config file used by the client (see https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html).
 - `AWS_PROFILE`: The default profile to use, if any.
+- `CN_JETTY_IDLE_TIMEOUT`: Timeout of Jetty idle connection (default to `30000`).
 
 ### Configure app loggers
 

docker-jans-fido2/scripts/entrypoint.sh

@@ -65,5 +65,6 @@ exec java \
     -jar /opt/jetty/start.jar \
         jetty.http.host="${CN_FIDO2_JETTY_HOST}" \
         jetty.http.port="${CN_FIDO2_JETTY_PORT}" \
+        jetty.http.idleTimeout="${CN_JETTY_IDLE_TIMEOUT}" \
         jetty.deploy.scanInterval=0 \
         jetty.httpConfig.sendServerVersion=false

docker-jans-keycloak-link/Dockerfile

@@ -192,7 +192,8 @@ ENV CN_MAX_RAM_PERCENTAGE=75.0 \
     CN_AWS_SECRETS_PREFIX=jans \
     CN_AWS_SECRETS_REPLICA_FILE="" \
     CN_KEYCLOAK_LINK_JETTY_PORT=9092 \
-    CN_KEYCLOAK_LINK_JETTY_HOST=0.0.0.0
+    CN_KEYCLOAK_LINK_JETTY_HOST=0.0.0.0 \
+    CN_JETTY_IDLE_TIMEOUT=30000
 
 # ==========
 # misc stuff

docker-jans-keycloak-link/README.md

@@ -84,6 +84,7 @@ The following environment variables are supported by the container:
 - `AWS_SHARED_CREDENTIALS_FILE`: The location of the shared credentials file used by the client (see https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html).
 - `AWS_CONFIG_FILE`: The location of the config file used by the client (see https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html).
 - `AWS_PROFILE`: The default profile to use, if any.
+- `CN_JETTY_IDLE_TIMEOUT`: Timeout of Jetty idle connection (default to `30000`).
 
 ### Configure app loggers
 

docker-jans-keycloak-link/scripts/entrypoint.sh

@@ -65,5 +65,6 @@ exec java \
     -jar /opt/jetty/start.jar \
         jetty.http.host="${CN_KEYCLOAK_LINK_JETTY_HOST}" \
         jetty.http.port="${CN_KEYCLOAK_LINK_JETTY_PORT}" \
+        jetty.http.idleTimeout="${CN_JETTY_IDLE_TIMEOUT}" \
         jetty.deploy.scanInterval=0 \
         jetty.httpConfig.sendServerVersion=false

docker-jans-link/Dockerfile

@@ -192,7 +192,8 @@ ENV CN_MAX_RAM_PERCENTAGE=75.0 \
     CN_AWS_SECRETS_PREFIX=jans \
     CN_AWS_SECRETS_REPLICA_FILE="" \
     CN_LINK_JETTY_PORT=9091 \
-    CN_LINK_JETTY_HOST=0.0.0.0
+    CN_LINK_JETTY_HOST=0.0.0.0 \
+    CN_JETTY_IDLE_TIMEOUT=30000
 
 # ==========
 # misc stuff

docker-jans-link/README.md

@@ -84,6 +84,7 @@ The following environment variables are supported by the container:
 - `AWS_SHARED_CREDENTIALS_FILE`: The location of the shared credentials file used by the client (see https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html).
 - `AWS_CONFIG_FILE`: The location of the config file used by the client (see https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html).
 - `AWS_PROFILE`: The default profile to use, if any.
+- `CN_JETTY_IDLE_TIMEOUT`: Timeout of Jetty idle connection (default to `30000`).
 
 ### Configure app loggers
 

docker-jans-link/scripts/entrypoint.sh

@@ -65,5 +65,6 @@ exec java \
     -jar /opt/jetty/start.jar \
         jetty.http.host="${CN_LINK_JETTY_HOST}" \
         jetty.http.port="${CN_LINK_JETTY_PORT}" \
+        jetty.http.idleTimeout="${CN_JETTY_IDLE_TIMEOUT}" \
         jetty.deploy.scanInterval=0 \
         jetty.httpConfig.sendServerVersion=false

docker-jans-scim/Dockerfile

@@ -195,7 +195,8 @@ ENV CN_MAX_RAM_PERCENTAGE=75.0 \
     CN_AWS_SECRETS_PREFIX=jans \
     CN_AWS_SECRETS_REPLICA_FILE="" \
     CN_SCIM_JETTY_PORT=8080 \
-    CN_SCIM_JETTY_HOST=0.0.0.0
+    CN_SCIM_JETTY_HOST=0.0.0.0 \
+    CN_JETTY_IDLE_TIMEOUT=30000
 
 # ==========
 # misc stuff

docker-jans-scim/README.md

@@ -84,6 +84,7 @@ The following environment variables are supported by the container:
 - `AWS_SHARED_CREDENTIALS_FILE`: The location of the shared credentials file used by the client (see https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html).
 - `AWS_CONFIG_FILE`: The location of the config file used by the client (see https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html).
 - `AWS_PROFILE`: The default profile to use, if any.
+- `CN_JETTY_IDLE_TIMEOUT`: Timeout of Jetty idle connection (default to `30000`).
 
 ### Configure app loggers
 

docker-jans-scim/scripts/entrypoint.sh

@@ -65,5 +65,6 @@ exec java \
     -jar /opt/jetty/start.jar \
         jetty.http.host="${CN_SCIM_JETTY_HOST}" \
         jetty.http.port="${CN_SCIM_JETTY_PORT}" \
+        jetty.http.idleTimeout="${CN_JETTY_IDLE_TIMEOUT}" \
         jetty.deploy.scanInterval=0 \
         jetty.httpConfig.sendServerVersion=false