diff --git a/cmd/containerd-stress/main.go b/cmd/containerd-stress/main.go index da0cd0200..044563463 100644 --- a/cmd/containerd-stress/main.go +++ b/cmd/containerd-stress/main.go @@ -235,7 +235,12 @@ func (c config) newClient() (*containerd.Client, error) { func serve(c config) error { go func() { - if err := http.ListenAndServe(c.Metrics, metrics.Handler()); err != nil { + srv := &http.Server{ + Addr: c.Metrics, + Handler: metrics.Handler(), + ReadHeaderTimeout: 5 * time.Minute, // "G112: Potential Slowloris Attack (gosec)"; not a real concern for our use, so setting a long timeout. + } + if err := srv.ListenAndServe(); err != nil { logrus.WithError(err).Error("listen and serve") } }() diff --git a/services/server/server.go b/services/server/server.go index d607e39d4..74c36df0a 100644 --- a/services/server/server.go +++ b/services/server/server.go @@ -317,7 +317,11 @@ func (s *Server) ServeTTRPC(l net.Listener) error { func (s *Server) ServeMetrics(l net.Listener) error { m := http.NewServeMux() m.Handle("/v1/metrics", metrics.Handler()) - return trapClosedConnErr(http.Serve(l, m)) + srv := &http.Server{ + Handler: m, + ReadHeaderTimeout: 5 * time.Minute, // "G112: Potential Slowloris Attack (gosec)"; not a real concern for our use, so setting a long timeout. + } + return trapClosedConnErr(srv.Serve(l)) } // ServeTCP allows services to serve over tcp @@ -337,7 +341,11 @@ func (s *Server) ServeDebug(l net.Listener) error { m.Handle("/debug/pprof/profile", http.HandlerFunc(pprof.Profile)) m.Handle("/debug/pprof/symbol", http.HandlerFunc(pprof.Symbol)) m.Handle("/debug/pprof/trace", http.HandlerFunc(pprof.Trace)) - return trapClosedConnErr(http.Serve(l, m)) + srv := &http.Server{ + Handler: m, + ReadHeaderTimeout: 5 * time.Minute, // "G112: Potential Slowloris Attack (gosec)"; not a real concern for our use, so setting a long timeout. + } + return trapClosedConnErr(srv.Serve(l)) } // Stop the containerd server canceling any open connections