Make ProxyHeaderTimeout configurable

Issue: https://gitlab.com/gitlab-org/gitlab-shell/-/issues/576 ProxyHeaderTimeout must be small to avoid DoS risk Let's make the value configurable and 500ms by default
author: Igor Drozdov <idrozdov@gitlab.com> 2022-05-19 13:10:14 +0400
committer: Igor Drozdov <idrozdov@gitlab.com> 2022-05-19 18:53:08 +0400
commit: 5b94726b822b52ffe256820df1a24307b2e2072f (patch)
tree: c069f3096f02b441b4a7802bf4998cd98ae4c9c0 /internal/sshd
parent: cbce19dac2b5033e6b969b3e82ec6aad2e247757 (diff)
download: gitlab-shell-5b94726b822b52ffe256820df1a24307b2e2072f.tar.gz
1 files changed, 1 insertions, 2 deletions
diff --git a/internal/sshd/sshd.go b/internal/sshd/sshd.go
index a9cd302..4d4d6d5 100644
--- a/internal/sshd/sshd.go
+++ b/internal/sshd/sshd.go
@@ -26,7 +26,6 @@ const (
 	StatusReady
 	StatusOnShutdown
 	StatusClosed
-	ProxyHeaderTimeout = 90 * time.Second
 )
 
 type Server struct {
@@ -97,7 +96,7 @@ func (s *Server) listen(ctx context.Context) error {
 		sshListener = &proxyproto.Listener{
 			Listener:          sshListener,
 			Policy:            s.requirePolicy,
-			ReadHeaderTimeout: ProxyHeaderTimeout,
+			ReadHeaderTimeout: time.Duration(s.Config.Server.ProxyHeaderTimeout),
 		}
 
 		log.ContextLogger(ctx).Info("Proxy protocol is enabled")
author	Igor Drozdov <idrozdov@gitlab.com>	2022-05-19 13:10:14 +0400
committer	Igor Drozdov <idrozdov@gitlab.com>	2022-05-19 18:53:08 +0400
commit	5b94726b822b52ffe256820df1a24307b2e2072f (patch)
tree	c069f3096f02b441b4a7802bf4998cd98ae4c9c0 /internal/sshd
parent	cbce19dac2b5033e6b969b3e82ec6aad2e247757 (diff)
download	gitlab-shell-5b94726b822b52ffe256820df1a24307b2e2072f.tar.gz