Hi Sandeep, The situation is like this:
client <--> internet gateway/firewall <--> knox gateway <--> backend service Setting websocket timeouts in knox doesn't help (it is already set to a larger value) as it doesn't do anything to keep connection between client and knox gateway "active". If there is no client activity for a few mins, the internet gateway/firewall in the middle times out the TCP connection. So knox is not the one shutting down the connection here. One easy solution to prevent this is to turn on TCP keepalive on the connection. That way the internet gateway/firewalls know the connection is active and should be kept alive. So I was looking to see if we could potentially do that from the knox side. On Fri, Sep 8, 2017 at 11:25 PM, Sandeep More <[email protected]> wrote: > Hello Vin, > > If you specifically need to set the ability to control the timeouts for > websocket Knox has couple of options > > 1. gateway..websocket.async.write.timeout - default value 60000 ms > 2. gateway.websocket.idle.timeout - default value 300000 ms > > You can set these values in gateway-site.xml config. > Let me know if that works. > > Best, > Sandeep > > > > On Fri, Sep 8, 2017 at 1:27 PM, Vin J <[email protected]> wrote: > >> Hi, >> >> Is there a way to control TCP/IP settings applied on connections that >> Knox accepts? So Knox would ensure something like custom socketOptions >> <https://docs.oracle.com/javase/7/docs/api/java/nio/channels/SocketChannel.html#setOption(java.net.SocketOption,%20T)> >> are applied by Jetty on an inbound connection. >> >> The specific need I have is to enable TCP keepAlive on WebSocket >> connections that Knox is accepting for a backend service. We see >> gateways/firewalls timing out TCP connections under these WebSockets if >> they are idle for 2-3 mins unless there's TCP keepAlive probes flowing >> during the idle period. And since there's usually a user interface on the >> other side of a WebSocket it is not unusual for it to be idle for a few >> mins between user activity. Ability to enable TCP keepAlive on the Knox >> side has the benefit of not requiring clients to manage the situation. >> >> Regards, >> Vin. >> >> >> >> >> >
