From 10d13b194bca5bb67db734a904eaa6fe1da6087f Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Mon, 24 Jan 2022 19:49:14 +0100
Subject: [PATCH] Kill connections lasting more than 24h

---
 src/https.rs | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/https.rs b/src/https.rs
index 6709d43..7aa61d5 100644
--- a/src/https.rs
+++ b/src/https.rs
@@ -25,6 +25,9 @@ use crate::cert_store::{CertStore, StoreResolver};
 use crate::proxy_config::ProxyConfig;
 use crate::reverse_proxy;
 
+const PROXY_TIMEOUT: Duration = Duration::from_secs(60);
+const MAX_CONNECTION_LIFETIME: Duration = Duration::from_secs(24 * 3600);
+
 pub struct HttpsConfig {
 	pub bind_addr: SocketAddr,
 	pub enable_compression: bool,
@@ -76,10 +79,12 @@ pub async fn serve_https(
 							handle_outer(remote_addr, req, https_config, proxy_config)
 						}),
 					);
-					tokio::pin!(http_conn);
+					let timeout = tokio::time::sleep(MAX_CONNECTION_LIFETIME);
+					tokio::pin!(http_conn, timeout);
 					let http_result = loop {
 						select! (
-							r = &mut http_conn => break r,
+							r = &mut http_conn => break r.map_err(Into::into),
+							_ = &mut timeout => break Err(anyhow!("Connection lived more than 24h, killing it.")),
 							_ = must_exit_2.changed() => {
 								if *must_exit_2.borrow() {
 									http_conn.as_mut().graceful_shutdown();
@@ -97,6 +102,8 @@ pub async fn serve_https(
 		connections.push(conn);
 	}
 
+	drop(tcp);
+
 	info!("HTTPS server shutting down, draining remaining connections...");
 	while !connections.is_empty() {
 		let _ = connections.next().await;
@@ -227,7 +234,7 @@ async fn handle_timeout_and_error(
 						.unwrap(),
 			}
 		}
-		_ = tokio::time::sleep(Duration::from_secs(60)) => {
+		_ = tokio::time::sleep(PROXY_TIMEOUT) => {
 			Response::builder()
 				.status(StatusCode::BAD_GATEWAY)
 				.body(Body::from("Proxy timeout"))