search

torrust / torrust-tracker

A modern and feature-rich (private) BitTorrent tracker.
https://torrust.com
GNU Affero General Public License v3.0
356 stars 40 forks source link

Keep-Alive not working for HTTP forwarded traffic (CloudFlare related) #968

Open Power2All opened 1 month ago

Power2All commented 1 month ago

Figured out with Actix (which Torrust isn't using) doesn't handle Keep-Alive when traffic from CloudFlare is coming from a pure HTTP (port 80) protocol. It seems it only works on HTTP/2 traffic, and in HTTPS (SSL). The Keep-Alive is then triggered, and lowers the amount of connections significantly. I applied a HTTP to HTTPS forward through CloudFlare, with an 301 permanent forward setting, which seems to have solved the issue.

This might come in handy for people who run this tracker behind CloudFlare.

This information might be handy to know for @josecelano

josecelano commented 1 month ago

Hi @Power2All, Thank you for sharing it. Sorry for the delay; I was on holiday :-). I wonder how you monitor the number of connections and how you realized those connections were not being used.

What is the expected behaviour from Actix? Should Actix keep the connection open to reuse it (when the client is using Http 1.1), so the total number of connections is lower?

I've been reading that HTTP2 and HTTP3 don't use this header: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Keep-Alive. These newer protocols already keep the connection open.

Power2All commented 1 month ago

Hi @Power2All, Thank you for sharing it. Sorry for the delay; I was on holiday :-). I wonder how you monitor the number of connections and how you realized those connections were not being used.

What is the expected behaviour from Actix? Should Actix keep the connection open to reuse it (when the client is using Http 1.1), so the total number of connections is lower?

I've been reading that HTTP2 and HTTP3 don't use this header: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Keep-Alive. These newer protocols already keep the connection open.

No worries, hope you had a fun vacation :)

I can monitor them through the "ss -s" command in Linux. Active connections tracked are shown there. Keep-Alive will keep it's connection with CloudFlare in this case, open for more to handle for an X amount of seconds. This works only so far I read, for HTTP/1.1 and HTTP/2 (and probably also HTTP/3) requests. And yes, the total number of connections should lower significantly.

Yes, you are right that Keep-Alive is ignored on HTTP2, is because HTTP2 already utilizes a Keep-Alive behavior. The Keep-Alive is basically only meant for HTTP/1.1

Currently Gbitt runs in UDP only mode, as the bandwidth usage exceeded my limitation (roughly 50TB per month). UDP has been optimized a lot, using more threading to alleviate the incoming packets.