fix(classes.portproxy.ts): Adjust TLS keep-alive timeout to refresh certificate context.

This commit is contained in:
Philipp Kunz 2025-03-10 14:15:03 +00:00
parent 51fe935f1f
commit 8d3b07b1e6
3 changed files with 16 additions and 9 deletions

View File

@ -1,5 +1,11 @@
# Changelog # Changelog
## 2025-03-10 - 3.30.2 - fix(classes.portproxy.ts)
Adjust TLS keep-alive timeout to refresh certificate context.
- Modified TLS keep-alive timeout for connections to 8 hours to refresh certificate context.
- Updated timeout log messages for clarity on TLS certificate refresh.
## 2025-03-10 - 3.30.1 - fix(PortProxy) ## 2025-03-10 - 3.30.1 - fix(PortProxy)
Improve TLS keep-alive management and fix whitespace formatting Improve TLS keep-alive management and fix whitespace formatting

View File

@ -3,6 +3,6 @@
*/ */
export const commitinfo = { export const commitinfo = {
name: '@push.rocks/smartproxy', name: '@push.rocks/smartproxy',
version: '3.30.1', version: '3.30.2',
description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, and dynamic routing with authentication options.' description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, and dynamic routing with authentication options.'
} }

View File

@ -878,22 +878,23 @@ export class PortProxy {
} }
// No cleanup timer for immortal connections // No cleanup timer for immortal connections
} }
// For TLS keep-alive connections, use a very extended timeout // For TLS keep-alive connections, use a moderately extended timeout
// but not too long to prevent certificate issues
else if (record.hasKeepAlive && record.isTLS) { else if (record.hasKeepAlive && record.isTLS) {
// For TLS keep-alive connections, use a very extended timeout // Use a shorter timeout for TLS connections to ensure certificate contexts are refreshed periodically
// This helps prevent certificate errors after sleep/wake cycles // This prevents issues with stale certificates in browser tabs that have been idle for a long time
const tlsKeepAliveTimeout = 14 * 24 * 60 * 60 * 1000; // 14 days for TLS keep-alive const tlsKeepAliveTimeout = 8 * 60 * 60 * 1000; // 8 hours for TLS keep-alive - reduced from 14 days
const safeTimeout = ensureSafeTimeout(tlsKeepAliveTimeout); const safeTimeout = ensureSafeTimeout(tlsKeepAliveTimeout);
record.cleanupTimer = setTimeout(() => { record.cleanupTimer = setTimeout(() => {
console.log( console.log(
`[${connectionId}] TLS keep-alive connection from ${ `[${connectionId}] TLS keep-alive connection from ${
record.remoteIP record.remoteIP
} exceeded extended lifetime (${plugins.prettyMs( } exceeded max lifetime (${plugins.prettyMs(
tlsKeepAliveTimeout tlsKeepAliveTimeout
)}), forcing cleanup.` )}), forcing cleanup to refresh certificate context.`
); );
this.initiateCleanupOnce(record, 'tls_extended_lifetime'); this.initiateCleanupOnce(record, 'tls_certificate_refresh');
}, safeTimeout); }, safeTimeout);
// Make sure timeout doesn't keep the process alive // Make sure timeout doesn't keep the process alive
@ -903,7 +904,7 @@ export class PortProxy {
if (this.settings.enableDetailedLogging) { if (this.settings.enableDetailedLogging) {
console.log( console.log(
`[${connectionId}] TLS keep-alive connection with enhanced protection, lifetime: ${plugins.prettyMs( `[${connectionId}] TLS keep-alive connection with certificate refresh protection, lifetime: ${plugins.prettyMs(
tlsKeepAliveTimeout tlsKeepAliveTimeout
)}` )}`
); );