ref(server): make idle time of a http connection configurable (#4248)

With the idle time configurable we can prevent a pile up of open
connections which never see any activity.

See also on the hyper issue tracker:
```
hyperium/hyper#3743
hyperium/hyper#1628
hyperium/hyper#2355
hyperium/hyper#2827
```

Author: Dav1dde

CHANGELOG.md

@@ -18,6 +18,7 @@
 - Allow `sample_rate` to be float type when deserializing `DynamicSamplingContext`. ([#4181](https://github.com/getsentry/relay/pull/4181))
 - Support inbound filters for profiles. ([#4176](https://github.com/getsentry/relay/pull/4176))
 - Scrub lower-case redis commands. ([#4235](https://github.com/getsentry/relay/pull/4235))
+- Make the maximum idle time of a HTTP connection configurable. ([#4248](https://github.com/getsentry/relay/pull/4248))
 
 **Internal**:
 

relay-config/src/config.rs

@@ -633,10 +633,17 @@ struct Limits {
     /// The maximum number of seconds to wait for pending envelopes after receiving a shutdown
     /// signal.
     shutdown_timeout: u64,
-    /// server keep-alive timeout in seconds.
+    /// Server keep-alive timeout in seconds.
     ///
     /// By default keep-alive is set to a 5 seconds.
     keepalive_timeout: u64,
+    /// Server idle timeout in seconds.
+    ///
+    /// The idle timeout limits the amount of time a connection is kept open without activity.
+    /// Setting this too short may abort connections before Relay is able to send a response.
+    ///
+    /// By default there is no idle timeout.
+    idle_timeout: Option<u64>,
     /// The TCP listen backlog.
     ///
     /// Configures the TCP listen backlog for the listening socket of Relay.
@@ -673,6 +680,7 @@ impl Default for Limits {
             query_timeout: 30,
             shutdown_timeout: 10,
             keepalive_timeout: 5,
+            idle_timeout: None,
             tcp_listen_backlog: 1024,
         }
     }
@@ -2319,6 +2327,11 @@ impl Config {
         Duration::from_secs(self.values.limits.keepalive_timeout)
     }
 
+    /// Returns the server idle timeout in seconds.
+    pub fn idle_timeout(&self) -> Option<Duration> {
+        self.values.limits.idle_timeout.map(Duration::from_secs)
+    }
+
     /// TCP listen backlog to configure on Relay's listening socket.
     pub fn tcp_listen_backlog(&self) -> u32 {
         self.values.limits.tcp_listen_backlog

relay-server/src/services/server/acceptor.rs

@@ -0,0 +1,98 @@
+use std::io;
+use std::time::Duration;
+
+use axum_server::accept::Accept;
+use socket2::TcpKeepalive;
+use tokio::net::TcpStream;
+
+use crate::services::server::io::IdleTimeout;
+use crate::statsd::RelayCounters;
+
+#[derive(Clone, Debug, Default)]
+pub struct RelayAcceptor {
+    tcp_keepalive: Option<TcpKeepalive>,
+    idle_timeout: Option<Duration>,
+}
+
+impl RelayAcceptor {
+    /// Creates a new [`RelayAcceptor`] which only configures `TCP_NODELAY`.
+    pub fn new() -> Self {
+        Default::default()
+    }
+
+    /// Configures the acceptor to enable TCP keep-alive.
+    ///
+    /// The `timeout` is used to configure the keep-alive time as well as interval.
+    /// A zero duration timeout disables TCP keep-alive.
+    ///
+    /// `retries` configures the amount of keep-alive probes.
+    pub fn tcp_keepalive(mut self, timeout: Duration, retries: u32) -> Self {
+        if timeout.is_zero() {
+            self.tcp_keepalive = None;
+            return self;
+        }
+
+        let mut keepalive = socket2::TcpKeepalive::new().with_time(timeout);
+        #[cfg(not(any(target_os = "openbsd", target_os = "redox", target_os = "solaris")))]
+        {
+            keepalive = keepalive.with_interval(timeout);
+        }
+        #[cfg(not(any(
+            target_os = "openbsd",
+            target_os = "redox",
+            target_os = "solaris",
+            target_os = "windows"
+        )))]
+        {
+            keepalive = keepalive.with_retries(retries);
+        }
+        self.tcp_keepalive = Some(keepalive);
+
+        self
+    }
+
+    /// Configures an idle timeout for the connection.
+    ///
+    /// Whenever there is no activity on a connection for the specified timeout,
+    /// the connection is closed.
+    ///
+    /// Note: This limits the total idle time of a duration and unlike read and write timeouts
+    /// also limits the time a connection is kept alive without requests.
+    pub fn idle_timeout(mut self, idle_timeout: Option<Duration>) -> Self {
+        self.idle_timeout = idle_timeout;
+        self
+    }
+}
+
+impl<S> Accept<TcpStream, S> for RelayAcceptor {
+    type Stream = IdleTimeout<TcpStream>;
+    type Service = S;
+    type Future = std::future::Ready<io::Result<(Self::Stream, Self::Service)>>;
+
+    fn accept(&self, stream: TcpStream, service: S) -> Self::Future {
+        let mut keepalive = "ok";
+        let mut nodelay = "ok";
+
+        if let Some(tcp_keepalive) = &self.tcp_keepalive {
+            let sock_ref = socket2::SockRef::from(&stream);
+            if let Err(e) = sock_ref.set_tcp_keepalive(tcp_keepalive) {
+                relay_log::trace!("error trying to set TCP keepalive: {e}");
+                keepalive = "error";
+            }
+        }
+
+        if let Err(e) = stream.set_nodelay(true) {
+            relay_log::trace!("failed to set TCP_NODELAY: {e}");
+            nodelay = "error";
+        }
+
+        relay_statsd::metric!(
+            counter(RelayCounters::ServerSocketAccept) += 1,
+            keepalive = keepalive,
+            nodelay = nodelay
+        );
+
+        let stream = IdleTimeout::new(stream, self.idle_timeout);
+        std::future::ready(Ok((stream, service)))
+    }
+}