Hello Vin, I am afraid we cannot configure TCP KeepAlive property for websockets. You could try to send a ping from the client to keep the connection active but I am guessing you have already tried that :)
Best, Sandeep On Sat, Sep 9, 2017 at 3:40 AM, Vin J <[email protected]> wrote: > Hi Sandeep, > > The situation is like this: > > client <--> internet gateway/firewall <--> knox gateway <--> backend > service > > Setting websocket timeouts in knox doesn't help (it is already set to a > larger value) as it doesn't do anything to keep connection between client > and knox gateway "active". If there is no client activity for a few mins, > the internet gateway/firewall in the middle times out the TCP connection. > So knox is not the one shutting down the connection here. > > One easy solution to prevent this is to turn on TCP keepalive on the > connection. That way the internet gateway/firewalls know the connection is > active and should be kept alive. So I was looking to see if we could > potentially do that from the knox side. > > > On Fri, Sep 8, 2017 at 11:25 PM, Sandeep More <[email protected]> > wrote: > >> Hello Vin, >> >> If you specifically need to set the ability to control the timeouts for >> websocket Knox has couple of options >> >> 1. gateway..websocket.async.write.timeout - default value 60000 ms >> 2. gateway.websocket.idle.timeout - default value 300000 ms >> >> You can set these values in gateway-site.xml config. >> Let me know if that works. >> >> Best, >> Sandeep >> >> >> >> On Fri, Sep 8, 2017 at 1:27 PM, Vin J <[email protected]> wrote: >> >>> Hi, >>> >>> Is there a way to control TCP/IP settings applied on connections that >>> Knox accepts? So Knox would ensure something like custom socketOptions >>> <https://docs.oracle.com/javase/7/docs/api/java/nio/channels/SocketChannel.html#setOption(java.net.SocketOption,%20T)> >>> are applied by Jetty on an inbound connection. >>> >>> The specific need I have is to enable TCP keepAlive on WebSocket >>> connections that Knox is accepting for a backend service. We see >>> gateways/firewalls timing out TCP connections under these WebSockets if >>> they are idle for 2-3 mins unless there's TCP keepAlive probes flowing >>> during the idle period. And since there's usually a user interface on the >>> other side of a WebSocket it is not unusual for it to be idle for a few >>> mins between user activity. Ability to enable TCP keepAlive on the Knox >>> side has the benefit of not requiring clients to manage the situation. >>> >>> Regards, >>> Vin. >>> >>> >>> >>> >>> >> >
