fix(classes.portproxy.ts): Adjust TLS keep-alive timeout to refresh certificate context.
This commit is contained in:
parent
51fe935f1f
commit
8d3b07b1e6
@ -1,5 +1,11 @@
|
|||||||
# Changelog
|
# Changelog
|
||||||
|
|
||||||
|
## 2025-03-10 - 3.30.2 - fix(classes.portproxy.ts)
|
||||||
|
Adjust TLS keep-alive timeout to refresh certificate context.
|
||||||
|
|
||||||
|
- Modified TLS keep-alive timeout for connections to 8 hours to refresh certificate context.
|
||||||
|
- Updated timeout log messages for clarity on TLS certificate refresh.
|
||||||
|
|
||||||
## 2025-03-10 - 3.30.1 - fix(PortProxy)
|
## 2025-03-10 - 3.30.1 - fix(PortProxy)
|
||||||
Improve TLS keep-alive management and fix whitespace formatting
|
Improve TLS keep-alive management and fix whitespace formatting
|
||||||
|
|
||||||
|
@ -3,6 +3,6 @@
|
|||||||
*/
|
*/
|
||||||
export const commitinfo = {
|
export const commitinfo = {
|
||||||
name: '@push.rocks/smartproxy',
|
name: '@push.rocks/smartproxy',
|
||||||
version: '3.30.1',
|
version: '3.30.2',
|
||||||
description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, and dynamic routing with authentication options.'
|
description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, and dynamic routing with authentication options.'
|
||||||
}
|
}
|
||||||
|
@ -878,22 +878,23 @@ export class PortProxy {
|
|||||||
}
|
}
|
||||||
// No cleanup timer for immortal connections
|
// No cleanup timer for immortal connections
|
||||||
}
|
}
|
||||||
// For TLS keep-alive connections, use a very extended timeout
|
// For TLS keep-alive connections, use a moderately extended timeout
|
||||||
|
// but not too long to prevent certificate issues
|
||||||
else if (record.hasKeepAlive && record.isTLS) {
|
else if (record.hasKeepAlive && record.isTLS) {
|
||||||
// For TLS keep-alive connections, use a very extended timeout
|
// Use a shorter timeout for TLS connections to ensure certificate contexts are refreshed periodically
|
||||||
// This helps prevent certificate errors after sleep/wake cycles
|
// This prevents issues with stale certificates in browser tabs that have been idle for a long time
|
||||||
const tlsKeepAliveTimeout = 14 * 24 * 60 * 60 * 1000; // 14 days for TLS keep-alive
|
const tlsKeepAliveTimeout = 8 * 60 * 60 * 1000; // 8 hours for TLS keep-alive - reduced from 14 days
|
||||||
const safeTimeout = ensureSafeTimeout(tlsKeepAliveTimeout);
|
const safeTimeout = ensureSafeTimeout(tlsKeepAliveTimeout);
|
||||||
|
|
||||||
record.cleanupTimer = setTimeout(() => {
|
record.cleanupTimer = setTimeout(() => {
|
||||||
console.log(
|
console.log(
|
||||||
`[${connectionId}] TLS keep-alive connection from ${
|
`[${connectionId}] TLS keep-alive connection from ${
|
||||||
record.remoteIP
|
record.remoteIP
|
||||||
} exceeded extended lifetime (${plugins.prettyMs(
|
} exceeded max lifetime (${plugins.prettyMs(
|
||||||
tlsKeepAliveTimeout
|
tlsKeepAliveTimeout
|
||||||
)}), forcing cleanup.`
|
)}), forcing cleanup to refresh certificate context.`
|
||||||
);
|
);
|
||||||
this.initiateCleanupOnce(record, 'tls_extended_lifetime');
|
this.initiateCleanupOnce(record, 'tls_certificate_refresh');
|
||||||
}, safeTimeout);
|
}, safeTimeout);
|
||||||
|
|
||||||
// Make sure timeout doesn't keep the process alive
|
// Make sure timeout doesn't keep the process alive
|
||||||
@ -903,7 +904,7 @@ export class PortProxy {
|
|||||||
|
|
||||||
if (this.settings.enableDetailedLogging) {
|
if (this.settings.enableDetailedLogging) {
|
||||||
console.log(
|
console.log(
|
||||||
`[${connectionId}] TLS keep-alive connection with enhanced protection, lifetime: ${plugins.prettyMs(
|
`[${connectionId}] TLS keep-alive connection with certificate refresh protection, lifetime: ${plugins.prettyMs(
|
||||||
tlsKeepAliveTimeout
|
tlsKeepAliveTimeout
|
||||||
)}`
|
)}`
|
||||||
);
|
);
|
||||||
|
Loading…
x
Reference in New Issue
Block a user