diff --git a/pkg/fileservice/http_client.go b/pkg/fileservice/http_client.go index acefb42c2115b..a20815a73eb87 100644 --- a/pkg/fileservice/http_client.go +++ b/pkg/fileservice/http_client.go @@ -33,7 +33,7 @@ var ( maxIdleConns = 100 maxIdleConnsPerHost = 100 maxConnsPerHost = 100 - idleConnTimeout = 180 * time.Second + idleConnTimeout = 10 * time.Second ) var dnsResolver = dns.NewCachingResolver( @@ -41,35 +41,39 @@ var dnsResolver = dns.NewCachingResolver( dns.MaxCacheEntries(128), ) -func newHTTPClient(args ObjectStorageArguments) *http.Client { +var httpDialer = &net.Dialer{ + Timeout: connectTimeout, + KeepAlive: 5 * time.Second, + Resolver: dnsResolver, +} - // dialer - dialer := &net.Dialer{ - Timeout: connectTimeout, - KeepAlive: 5 * time.Second, - Resolver: dnsResolver, - } +var httpTransport = &http.Transport{ + DialContext: httpDialer.DialContext, + MaxIdleConns: maxIdleConns, + IdleConnTimeout: idleConnTimeout, + MaxIdleConnsPerHost: maxIdleConnsPerHost, + MaxConnsPerHost: maxConnsPerHost, + TLSHandshakeTimeout: connectTimeout, + ResponseHeaderTimeout: readWriteTimeout, + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: true, + RootCAs: caPool, + }, +} - // transport - transport := &http.Transport{ - DialContext: dialer.DialContext, - MaxIdleConns: maxIdleConns, - IdleConnTimeout: idleConnTimeout, - MaxIdleConnsPerHost: maxIdleConnsPerHost, - MaxConnsPerHost: maxConnsPerHost, - TLSHandshakeTimeout: connectTimeout, - ResponseHeaderTimeout: readWriteTimeout, - //Proxy: http.ProxyFromEnvironment, - //ForceAttemptHTTP2: true, +var caPool = func() *x509.CertPool { + pool, err := x509.SystemCertPool() + if err != nil { + panic(err) } + return pool +}() + +func newHTTPClient(args ObjectStorageArguments) *http.Client { // custom certs if len(args.CertFiles) > 0 { // custom certs - pool, err := x509.SystemCertPool() - if err != nil { - panic(err) - } for _, path := range args.CertFiles { content, err := os.ReadFile(path) if err != nil { @@ -82,18 +86,13 @@ func newHTTPClient(args ObjectStorageArguments) *http.Client { logutil.Info("file service: load cert file", zap.Any("path", path), ) - pool.AppendCertsFromPEM(content) - } - tlsConfig := &tls.Config{ - InsecureSkipVerify: true, - RootCAs: pool, + caPool.AppendCertsFromPEM(content) } - transport.TLSClientConfig = tlsConfig } // client client := &http.Client{ - Transport: transport, + Transport: httpTransport, } return client diff --git a/pkg/fileservice/http_client_test.go b/pkg/fileservice/http_client_test.go new file mode 100644 index 0000000000000..c8c5a4543ea74 --- /dev/null +++ b/pkg/fileservice/http_client_test.go @@ -0,0 +1,26 @@ +// Copyright 2024 Matrix Origin +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package fileservice + +import "testing" + +func TestNewHTTPClient(t *testing.T) { + client := newHTTPClient(ObjectStorageArguments{ + CertFiles: []string{ + "/file-does-not-exist", + }, + }) + _ = client +}