Document updated on Jan 18, 2022
Advanced HTTP Transport settings
When KrakenD communicates using http, it implements a concurrent-safe round tripper that supports HTTP, HTTPS, and HTTP proxies, and it caches connections for future re-use. This may leave many open connections when accessing many hosts. You can change the behavior of the transport layer using several settings presented below.
If you want to customize any of the settings below, they must be written at the top level of the configuration.
Fields of "false"
allow_insecure_connections
boolean- By default, KrakenD verifies every SSL connection. This option allows you to connect to backends considered insecure, for instance when you are using self-signed certificatesDefaults to
false
dialer_fallback_delay
string- Specifies the length of time to wait before spawning a RFC 6555 Fast Fallback connection. If zero, a default delay of 300ms is used.Specify units using
ns
(nanoseconds),us
orµs
(microseconds),ms
(milliseconds),s
(seconds),m
(minutes), orh
(hours).Defaults to"300ms"
dialer_keep_alive
string- The interval between keep-alive probes for an active network connection. If zero, keep-alive probes are sent with a default value (currently 15 seconds), if supported by the protocol and operating system. Network protocols or operating systems that do not support keep-alives ignore this field. If negative, keep-alive probes are disabled.Specify units using
ns
(nanoseconds),us
orµs
(microseconds),ms
(milliseconds),s
(seconds),m
(minutes), orh
(hours).Defaults to"15s"
dialer_timeout
string- The timeout of the dial function for creating connections.The default is no timeout. With or without a timeout, the operating system may impose its own earlier timeout.Specify units using
ns
(nanoseconds),us
orµs
(microseconds),ms
(milliseconds),s
(seconds),m
(minutes), orh
(hours).Defaults to"0s"
disable_compression
boolean- When true prevents requesting compression with an
Accept-Encoding: gzip
request header when the Request contains no existing Accept-Encoding value. If the Transport requests gzip on its own and gets a gzipped response, it’s transparently decoded. However, if the user explicitly requested gzip it is not automatically uncompressed.Defaults tofalse
disable_keep_alives
boolean- When true it disables HTTP keep-alives and will only use the connection to the server for a single HTTP request.Defaults to
false
disable_rest
boolean- Only RESTful URL patterns are valid to access backends. Set to true if your backends aren’t RESTful, e.g.:
/url.{some_variable}.json
Defaults tofalse
expect_continue_timeout
string- If non-zero, specifies the amount of time to wait for a server’s first response headers after fully writing the request headers if the request has an
Expect: 100-continue
header. Zero means no timeout and causes the body to be sent immediately, without waiting for the server to approve. This time does not include the time to send the request header.Specify units usingns
(nanoseconds),us
orµs
(microseconds),ms
(milliseconds),s
(seconds),m
(minutes), orh
(hours).Defaults to"0s"
idle_connection_timeout
string- The maximum number of idle (keep-alive) connections across all hosts. Zero means no limit.Specify units using
ns
(nanoseconds),us
orµs
(microseconds),ms
(milliseconds),s
(seconds),m
(minutes), orh
(hours).Defaults to"0s"
max_idle_connections
integer- The maximum number of idle (keep-alive) connections across all hosts. Zero means no limit.Defaults to
0
max_idle_connections_per_host
integer- If non-zero, controls the maximum idle (keep-alive) connections to keep per-host. If zero,
250
is used instead.Defaults to250
response_header_timeout
string- If non-zero, specifies the amount of time to wait for a server’s response headers after fully writing the request (including its body, if any). This time does not include the time to read the response body.Specify units using
ns
(nanoseconds),us
orµs
(microseconds),ms
(milliseconds),s
(seconds),m
(minutes), orh
(hours).Defaults to"0s"
Finally, the TLS Handshake Timeout is hardcoded to 10 seconds and cannot be changed.
Override settings using environment vars
When you declare in the configuration file any of the HTTP server or transport settings declared above, you can override its value through environment variables when starting the server.
All the environment variables have the same name as the settings above in uppercase and with the KRAKEND_
prefix. The following env vars are available:
KRAKEND_ALLOW_INSECURE_CONNECTIONS
KRAKEND_DIALER_TIMEOUT
KRAKEND_DIALER_KEEP_ALIVE
KRAKEND_DIALER_FALLBACK_DELAY
KRAKEND_DISABLE_COMPRESSION
KRAKEND_DISABLE_KEEP_ALIVES
KRAKEND_MAX_IDLE_CONNECTIONS
KRAKEND_MAX_IDLE_CONNECTIONS_PER_HOST
KRAKEND_IDLE_CONNECTION_TIMEOUT
KRAKEND_RESPONSE_HEADER_TIMEOUT
KRAKEND_EXPECT_CONTINUE_TIMEOUT
You can start KrakenD with the desired variables to override what you have in the configuration:
Term
$KRAKEND_MAX_IDLE_CONNECTIONS_PER_HOST=200 krakend run -c krakend.json
Or
Connect using self-signed certificates
$KRAKEND_ALLOW_INSECURE_CONNECTIONS=true krakend run -c krakend.json
Max IDLE connections
Having a high number of IDLE connections to every backend affects directly to the performance of the proxy layer. This is why you can control the number using the max_idle_connections
setting. For instance:
{
"version": 3,
"max_idle_connections": 150
}
KrakenD will close connections sitting idle in a “keep-alive” state when max_idle_connections
is reached. If no value is set in the configuration file, KrakenD will use 250
by default.
Every ecosystem needs its own setting, have this in mind:
- If you set a number very high for
max_idle_connections
you might exhaust your system’s port limit. - If you set a number very low, new connections will be frequently created and a low rate of connection reuse will take place.