From a1a2e1062c0759a40c6d45b48158ff8741473ada Mon Sep 17 00:00:00 2001 From: Isman Firmansyah Date: Tue, 9 Jan 2024 03:29:44 +0700 Subject: [PATCH] feat(docker-jans): add support for passing jetty.http.idleTimeout option (#7298) Signed-off-by: iromli --- docker-jans-all-in-one/Dockerfile | 1 + docker-jans-auth-server/Dockerfile | 1 + docker-jans-auth-server/README.md | 1 + docker-jans-auth-server/scripts/entrypoint.sh | 3 ++- docker-jans-casa/Dockerfile | 3 ++- docker-jans-casa/README.md | 1 + docker-jans-casa/scripts/entrypoint.sh | 1 + docker-jans-config-api/Dockerfile | 3 ++- docker-jans-config-api/README.md | 1 + docker-jans-config-api/scripts/entrypoint.sh | 1 + docker-jans-fido2/Dockerfile | 3 ++- docker-jans-fido2/README.md | 1 + docker-jans-fido2/scripts/entrypoint.sh | 1 + docker-jans-keycloak-link/Dockerfile | 3 ++- docker-jans-keycloak-link/README.md | 1 + docker-jans-keycloak-link/scripts/entrypoint.sh | 1 + docker-jans-link/Dockerfile | 3 ++- docker-jans-link/README.md | 1 + docker-jans-link/scripts/entrypoint.sh | 1 + docker-jans-scim/Dockerfile | 3 ++- docker-jans-scim/README.md | 1 + docker-jans-scim/scripts/entrypoint.sh | 1 + 22 files changed, 29 insertions(+), 7 deletions(-) diff --git a/docker-jans-all-in-one/Dockerfile b/docker-jans-all-in-one/Dockerfile index 15439e600ef..ec4a79dd832 100644 --- a/docker-jans-all-in-one/Dockerfile +++ b/docker-jans-all-in-one/Dockerfile @@ -155,6 +155,7 @@ ENV JETTY_BASE=/opt/jans/jetty \ CN_FIDO2_JAVA_OPTIONS="" \ CN_SCIM_JAVA_OPTIONS="" \ CN_JETTY_REQUEST_HEADER_SIZE=8192 \ + CN_JETTY_IDLE_TIMEOUT=30000 \ CN_CONFIG_API_CREATE_SCOPES=true \ CN_AUTH_JETTY_HOST=127.0.0.1 \ CN_AUTH_JETTY_PORT=8081 \ diff --git a/docker-jans-auth-server/Dockerfile b/docker-jans-auth-server/Dockerfile index 81f9ca457d0..7a30a54c1b9 100644 --- a/docker-jans-auth-server/Dockerfile +++ b/docker-jans-auth-server/Dockerfile @@ -220,6 +220,7 @@ ENV CN_MAX_RAM_PERCENTAGE=75.0 \ CN_GOOGLE_SECRET_VERSION_ID=latest \ CN_GOOGLE_SECRET_NAME_PREFIX=jans \ CN_JETTY_REQUEST_HEADER_SIZE=8192 \ + CN_JETTY_IDLE_TIMEOUT=30000 \ CN_PROMETHEUS_PORT="" \ CN_AWS_SECRETS_ENDPOINT_URL="" \ CN_AWS_SECRETS_PREFIX=jans \ diff --git a/docker-jans-auth-server/README.md b/docker-jans-auth-server/README.md index f5d34549ce5..bea937943ea 100644 --- a/docker-jans-auth-server/README.md +++ b/docker-jans-auth-server/README.md @@ -79,6 +79,7 @@ The following environment variables are supported by the container: - `CN_GOOGLE_SPANNER_INSTANCE_ID`: Google Spanner instance ID. - `CN_GOOGLE_SPANNER_DATABASE_ID`: Google Spanner database ID. - `CN_JETTY_REQUEST_HEADER_SIZE`: Maximum size of request header accepted by Jetty (default to `8192`). +- `CN_JETTY_IDLE_TIMEOUT`: Timeout of Jetty idle connection (default to `30000`). - `CN_AUTH_APP_LOGGERS`: Custom logging configuration in JSON-string format with hash type (see [Configure app loggers](#configure-app-loggers) section for details). - `CN_PROMETHEUS_PORT`: Port used by Prometheus JMX agent (default to empty string). To enable Prometheus JMX agent, set the value to a number. See [Exposing metrics](#exposing-metrics) for details. - `CN_SQL_DB_HOST`: Hostname of the SQL database (default to `localhost`). diff --git a/docker-jans-auth-server/scripts/entrypoint.sh b/docker-jans-auth-server/scripts/entrypoint.sh index 254ab72715a..d933583d1e4 100644 --- a/docker-jans-auth-server/scripts/entrypoint.sh +++ b/docker-jans-auth-server/scripts/entrypoint.sh @@ -86,6 +86,7 @@ exec java \ -jar /opt/jetty/start.jar \ jetty.http.host="${CN_AUTH_JETTY_HOST}" \ jetty.http.port="${CN_AUTH_JETTY_PORT}" \ + jetty.http.idleTimeout="${CN_JETTY_IDLE_TIMEOUT}" \ jetty.deploy.scanInterval=0 \ jetty.httpConfig.sendServerVersion=false \ - jetty.httpConfig.requestHeaderSize=$CN_JETTY_REQUEST_HEADER_SIZE + jetty.httpConfig.requestHeaderSize="${CN_JETTY_REQUEST_HEADER_SIZE}" diff --git a/docker-jans-casa/Dockerfile b/docker-jans-casa/Dockerfile index 97a2caf542f..00e1075b78f 100644 --- a/docker-jans-casa/Dockerfile +++ b/docker-jans-casa/Dockerfile @@ -200,7 +200,8 @@ ENV CN_MAX_RAM_PERCENTAGE=75.0 \ CN_CASA_JWKS_SIZE_LIMIT=100000 \ CN_CASA_JETTY_PORT=8080 \ CN_CASA_JETTY_HOST=0.0.0.0 \ - CN_SHARE_AUTH_CONF=true + CN_SHARE_AUTH_CONF=true \ + CN_JETTY_IDLE_TIMEOUT=30000 # ========== # misc stuff diff --git a/docker-jans-casa/README.md b/docker-jans-casa/README.md index d28d61a9532..f8c8a21ad2a 100644 --- a/docker-jans-casa/README.md +++ b/docker-jans-casa/README.md @@ -76,6 +76,7 @@ The following environment variables are supported by the container: - `CN_CASA_ADMIN_LOCK_FILE`: Path to lock file to enable/disable administration feature (default to `/opt/jans/jetty/jans-casa/.administrable`). If file is not exist, the feature is disabled. - `CN_PROMETHEUS_PORT`: Port used by Prometheus JMX agent (default to empty string). To enable Prometheus JMX agent, set the value to a number. See [Exposing metrics](#exposing-metrics) for details. - `CN_CASA_JWKS_SIZE_LIMIT`: Default HTTP size limit (in bytes) when retrieving remote JWKS (default to `100000`). +- `CN_JETTY_IDLE_TIMEOUT`: Timeout of Jetty idle connection (default to `30000`). ### Configure app loggers diff --git a/docker-jans-casa/scripts/entrypoint.sh b/docker-jans-casa/scripts/entrypoint.sh index eb6535b0547..f66e7858ee0 100644 --- a/docker-jans-casa/scripts/entrypoint.sh +++ b/docker-jans-casa/scripts/entrypoint.sh @@ -70,5 +70,6 @@ exec java \ -jar /opt/jetty/start.jar \ jetty.http.host="${CN_CASA_JETTY_HOST}" \ jetty.http.port="${CN_CASA_JETTY_PORT}" \ + jetty.http.idleTimeout="${CN_JETTY_IDLE_TIMEOUT}" \ jetty.deploy.scanInterval=0 \ jetty.httpConfig.sendServerVersion=false diff --git a/docker-jans-config-api/Dockerfile b/docker-jans-config-api/Dockerfile index d05e261eddc..dc1dc2321ba 100644 --- a/docker-jans-config-api/Dockerfile +++ b/docker-jans-config-api/Dockerfile @@ -216,7 +216,8 @@ ENV CN_MAX_RAM_PERCENTAGE=75.0 \ CN_AWS_SECRETS_REPLICA_FILE="" \ CN_CONFIG_API_CREATE_SCOPES=true \ CN_CONFIG_API_JETTY_PORT=8074 \ - CN_CONFIG_API_JETTY_HOST=0.0.0.0 + CN_CONFIG_API_JETTY_HOST=0.0.0.0 \ + CN_JETTY_IDLE_TIMEOUT=30000 # ========== # misc stuff diff --git a/docker-jans-config-api/README.md b/docker-jans-config-api/README.md index d11f2b8a618..afaec5c5a0e 100644 --- a/docker-jans-config-api/README.md +++ b/docker-jans-config-api/README.md @@ -92,6 +92,7 @@ The following environment variables are supported by the container: - `AWS_SHARED_CREDENTIALS_FILE`: The location of the shared credentials file used by the client (see https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html). - `AWS_CONFIG_FILE`: The location of the config file used by the client (see https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html). - `AWS_PROFILE`: The default profile to use, if any. +- `CN_JETTY_IDLE_TIMEOUT`: Timeout of Jetty idle connection (default to `30000`). ### Configure app loggers diff --git a/docker-jans-config-api/scripts/entrypoint.sh b/docker-jans-config-api/scripts/entrypoint.sh index f9db1a1d10e..2552ab4dbca 100644 --- a/docker-jans-config-api/scripts/entrypoint.sh +++ b/docker-jans-config-api/scripts/entrypoint.sh @@ -74,5 +74,6 @@ exec java \ -jar /opt/jetty/start.jar \ jetty.http.host="${CN_CONFIG_API_JETTY_HOST}" \ jetty.http.port="${CN_CONFIG_API_JETTY_PORT}" \ + jetty.http.idleTimeout="${CN_JETTY_IDLE_TIMEOUT}" \ jetty.deploy.scanInterval=0 \ jetty.httpConfig.sendServerVersion=false diff --git a/docker-jans-fido2/Dockerfile b/docker-jans-fido2/Dockerfile index 7fa3281dd60..6cf1f593a59 100644 --- a/docker-jans-fido2/Dockerfile +++ b/docker-jans-fido2/Dockerfile @@ -203,7 +203,8 @@ ENV CN_MAX_RAM_PERCENTAGE=75.0 \ CN_AWS_SECRETS_PREFIX=jans \ CN_AWS_SECRETS_REPLICA_FILE="" \ CN_FIDO2_JETTY_PORT=8080 \ - CN_FIDO2_JETTY_HOST=0.0.0.0 + CN_FIDO2_JETTY_HOST=0.0.0.0 \ + CN_JETTY_IDLE_TIMEOUT=30000 # ========== # misc stuff diff --git a/docker-jans-fido2/README.md b/docker-jans-fido2/README.md index 2ef3a578f6d..ad3a229b3e3 100644 --- a/docker-jans-fido2/README.md +++ b/docker-jans-fido2/README.md @@ -84,6 +84,7 @@ The following environment variables are supported by the container: - `AWS_SHARED_CREDENTIALS_FILE`: The location of the shared credentials file used by the client (see https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html). - `AWS_CONFIG_FILE`: The location of the config file used by the client (see https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html). - `AWS_PROFILE`: The default profile to use, if any. +- `CN_JETTY_IDLE_TIMEOUT`: Timeout of Jetty idle connection (default to `30000`). ### Configure app loggers diff --git a/docker-jans-fido2/scripts/entrypoint.sh b/docker-jans-fido2/scripts/entrypoint.sh index 86768430a89..253fb204d0e 100644 --- a/docker-jans-fido2/scripts/entrypoint.sh +++ b/docker-jans-fido2/scripts/entrypoint.sh @@ -65,5 +65,6 @@ exec java \ -jar /opt/jetty/start.jar \ jetty.http.host="${CN_FIDO2_JETTY_HOST}" \ jetty.http.port="${CN_FIDO2_JETTY_PORT}" \ + jetty.http.idleTimeout="${CN_JETTY_IDLE_TIMEOUT}" \ jetty.deploy.scanInterval=0 \ jetty.httpConfig.sendServerVersion=false diff --git a/docker-jans-keycloak-link/Dockerfile b/docker-jans-keycloak-link/Dockerfile index f559c5eac38..5f1a7c9e58e 100644 --- a/docker-jans-keycloak-link/Dockerfile +++ b/docker-jans-keycloak-link/Dockerfile @@ -192,7 +192,8 @@ ENV CN_MAX_RAM_PERCENTAGE=75.0 \ CN_AWS_SECRETS_PREFIX=jans \ CN_AWS_SECRETS_REPLICA_FILE="" \ CN_KEYCLOAK_LINK_JETTY_PORT=9092 \ - CN_KEYCLOAK_LINK_JETTY_HOST=0.0.0.0 + CN_KEYCLOAK_LINK_JETTY_HOST=0.0.0.0 \ + CN_JETTY_IDLE_TIMEOUT=30000 # ========== # misc stuff diff --git a/docker-jans-keycloak-link/README.md b/docker-jans-keycloak-link/README.md index afd5d15edea..98318668dbe 100644 --- a/docker-jans-keycloak-link/README.md +++ b/docker-jans-keycloak-link/README.md @@ -84,6 +84,7 @@ The following environment variables are supported by the container: - `AWS_SHARED_CREDENTIALS_FILE`: The location of the shared credentials file used by the client (see https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html). - `AWS_CONFIG_FILE`: The location of the config file used by the client (see https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html). - `AWS_PROFILE`: The default profile to use, if any. +- `CN_JETTY_IDLE_TIMEOUT`: Timeout of Jetty idle connection (default to `30000`). ### Configure app loggers diff --git a/docker-jans-keycloak-link/scripts/entrypoint.sh b/docker-jans-keycloak-link/scripts/entrypoint.sh index 31102011c68..26012c58619 100644 --- a/docker-jans-keycloak-link/scripts/entrypoint.sh +++ b/docker-jans-keycloak-link/scripts/entrypoint.sh @@ -65,5 +65,6 @@ exec java \ -jar /opt/jetty/start.jar \ jetty.http.host="${CN_KEYCLOAK_LINK_JETTY_HOST}" \ jetty.http.port="${CN_KEYCLOAK_LINK_JETTY_PORT}" \ + jetty.http.idleTimeout="${CN_JETTY_IDLE_TIMEOUT}" \ jetty.deploy.scanInterval=0 \ jetty.httpConfig.sendServerVersion=false diff --git a/docker-jans-link/Dockerfile b/docker-jans-link/Dockerfile index 1aaf5760976..e043d64b5a9 100644 --- a/docker-jans-link/Dockerfile +++ b/docker-jans-link/Dockerfile @@ -192,7 +192,8 @@ ENV CN_MAX_RAM_PERCENTAGE=75.0 \ CN_AWS_SECRETS_PREFIX=jans \ CN_AWS_SECRETS_REPLICA_FILE="" \ CN_LINK_JETTY_PORT=9091 \ - CN_LINK_JETTY_HOST=0.0.0.0 + CN_LINK_JETTY_HOST=0.0.0.0 \ + CN_JETTY_IDLE_TIMEOUT=30000 # ========== # misc stuff diff --git a/docker-jans-link/README.md b/docker-jans-link/README.md index e671726c0a5..a107d938f1a 100644 --- a/docker-jans-link/README.md +++ b/docker-jans-link/README.md @@ -84,6 +84,7 @@ The following environment variables are supported by the container: - `AWS_SHARED_CREDENTIALS_FILE`: The location of the shared credentials file used by the client (see https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html). - `AWS_CONFIG_FILE`: The location of the config file used by the client (see https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html). - `AWS_PROFILE`: The default profile to use, if any. +- `CN_JETTY_IDLE_TIMEOUT`: Timeout of Jetty idle connection (default to `30000`). ### Configure app loggers diff --git a/docker-jans-link/scripts/entrypoint.sh b/docker-jans-link/scripts/entrypoint.sh index 4f852684941..489667ee6f7 100644 --- a/docker-jans-link/scripts/entrypoint.sh +++ b/docker-jans-link/scripts/entrypoint.sh @@ -65,5 +65,6 @@ exec java \ -jar /opt/jetty/start.jar \ jetty.http.host="${CN_LINK_JETTY_HOST}" \ jetty.http.port="${CN_LINK_JETTY_PORT}" \ + jetty.http.idleTimeout="${CN_JETTY_IDLE_TIMEOUT}" \ jetty.deploy.scanInterval=0 \ jetty.httpConfig.sendServerVersion=false diff --git a/docker-jans-scim/Dockerfile b/docker-jans-scim/Dockerfile index 3bddebebe31..3920c18263a 100644 --- a/docker-jans-scim/Dockerfile +++ b/docker-jans-scim/Dockerfile @@ -195,7 +195,8 @@ ENV CN_MAX_RAM_PERCENTAGE=75.0 \ CN_AWS_SECRETS_PREFIX=jans \ CN_AWS_SECRETS_REPLICA_FILE="" \ CN_SCIM_JETTY_PORT=8080 \ - CN_SCIM_JETTY_HOST=0.0.0.0 + CN_SCIM_JETTY_HOST=0.0.0.0 \ + CN_JETTY_IDLE_TIMEOUT=30000 # ========== # misc stuff diff --git a/docker-jans-scim/README.md b/docker-jans-scim/README.md index 5e929ded2f6..09efbead406 100644 --- a/docker-jans-scim/README.md +++ b/docker-jans-scim/README.md @@ -84,6 +84,7 @@ The following environment variables are supported by the container: - `AWS_SHARED_CREDENTIALS_FILE`: The location of the shared credentials file used by the client (see https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html). - `AWS_CONFIG_FILE`: The location of the config file used by the client (see https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html). - `AWS_PROFILE`: The default profile to use, if any. +- `CN_JETTY_IDLE_TIMEOUT`: Timeout of Jetty idle connection (default to `30000`). ### Configure app loggers diff --git a/docker-jans-scim/scripts/entrypoint.sh b/docker-jans-scim/scripts/entrypoint.sh index cd3586a4e06..0ca07990dc0 100644 --- a/docker-jans-scim/scripts/entrypoint.sh +++ b/docker-jans-scim/scripts/entrypoint.sh @@ -65,5 +65,6 @@ exec java \ -jar /opt/jetty/start.jar \ jetty.http.host="${CN_SCIM_JETTY_HOST}" \ jetty.http.port="${CN_SCIM_JETTY_PORT}" \ + jetty.http.idleTimeout="${CN_JETTY_IDLE_TIMEOUT}" \ jetty.deploy.scanInterval=0 \ jetty.httpConfig.sendServerVersion=false