Merge pull request #829 from nats-io/gw_fix_setting_default_tls_timeout

Fixing setting of default gateway TLS Timeout
2026-04-02 11:48:43 -07:00 · 2018-12-03 19:06:27 -07:00
parent 1011339375 0ba587249a
commit 2c5ca43192
5 changed files with 40 additions and 8 deletions
--- a/server/gateway.go
+++ b/server/gateway.go
@@ -220,10 +220,6 @@ func newGateway(opts *Options) (*srvGateway, error) {
 		gateway.resolver = netResolver(net.DefaultResolver)
 	}

-	if opts.Gateway.TLSConfig != nil && opts.Gateway.TLSTimeout == 0 {
-		opts.Gateway.TLSTimeout = float64(TLS_TIMEOUT) / float64(time.Second)
-	}
-
 	// Copy default permissions (works if DefaultPermissions is nil)
 	gateway.defPerms = opts.Gateway.DefaultPermissions.clone()

--- a/server/opts.go
+++ b/server/opts.go
@@ -2190,6 +2190,12 @@ func setBaselineOptions(opts *Options) {
 		if opts.Gateway.Host == "" {
 			opts.Gateway.Host = DEFAULT_HOST
 		}
+		if opts.Gateway.TLSTimeout == 0 {
+			opts.Gateway.TLSTimeout = float64(TLS_TIMEOUT) / float64(time.Second)
+		}
+		if opts.Gateway.AuthTimeout == 0 {
+			opts.Gateway.AuthTimeout = float64(AUTH_TIMEOUT) / float64(time.Second)
+		}
 	}
 }

--- a/server/reload.go
+++ b/server/reload.go
@@ -499,6 +499,7 @@ func (s *Server) Reload() error {
 	}
 	clientOrgPort := s.clientActualPort
 	clusterOrgPort := s.clusterActualPort
+	gatewayOrgPort := s.gatewayActualPort
 	s.mu.Unlock()

 	// Apply flags over config file settings.
@@ -515,6 +516,9 @@ func (s *Server) Reload() error {
 	if newOpts.Cluster.Port == -1 {
 		newOpts.Cluster.Port = clusterOrgPort
 	}
+	if newOpts.Gateway.Port == -1 {
+		newOpts.Gateway.Port = gatewayOrgPort
+	}

 	if err := s.reloadOptions(newOpts); err != nil {
 		return err
--- a/server/reload_test.go
+++ b/server/reload_test.go
@@ -3182,3 +3182,30 @@ func TestConfigReloadAccountServicesImportExport(t *testing.T) {
 	req(t, ivan, "ivan.sub", "private")
 	req(t, derek, "derek.sub", "private")
 }
+
+// As of now, config reload does not support changes for gateways.
+// However, ensure that if a gateway is defined, one can still
+// do reload as long as we don't change the gateway spec.
+// There was an issue with the initialization of default TLS timeout
+// that caused the reload to fail.
+func TestConfigReloadNotPreventedByGateways(t *testing.T) {
+	confTemplate := `
+		listen: "127.0.0.1:-1"
+		%s
+		gateway {
+			name: "A"
+			listen: "127.0.0.1:-1"
+			tls {
+				cert_file: "configs/certs/server.pem"
+				key_file: "configs/certs/key.pem"
+			}
+		}
+	`
+	conf := createConfFile(t, []byte(fmt.Sprintf(confTemplate, "")))
+	defer os.Remove(conf)
+	s, _ := RunServerWithConfig(conf)
+	defer s.Shutdown()
+
+	// Cause reload with adding a param that is supported
+	reloadUpdateConfig(t, s, conf, fmt.Sprintf(confTemplate, "max_payload: 100000"))
+}
--- a/server/server_test.go
+++ b/server/server_test.go
@@ -63,10 +63,9 @@ func RunServer(opts *Options) *Server {
 	if opts == nil {
 		opts = DefaultOptions()
 	}
-	s := New(opts)
-
-	if s == nil {
-		panic("No NATS Server object returned.")
+	s, err := NewServer(opts)
+	if err != nil || s == nil {
+		panic(fmt.Sprintf("No NATS Server object returned: %v", err))
 	}

 	if !opts.NoLog {