diff --git a/api/CHANGELOG.md b/api/CHANGELOG.md index 8e2130fb88..a684591651 100644 --- a/api/CHANGELOG.md +++ b/api/CHANGELOG.md @@ -18,6 +18,7 @@ All notable changes to the **Prowler API** are documented in this file. ### 🐞 Fixed - Database connections no longer leak under the ASGI worker, which previously exhausted the read replica's connection slots and caused 500s on read endpoints [(#11640)](https://github.com/prowler-cloud/prowler/pull/11640) +- Gunicorn keep-alive timeout now exceeds the load balancer idle timeout, stopping 502s from reused connections [(#11647)](https://github.com/prowler-cloud/prowler/pull/11647) ### 🔐 Security diff --git a/api/src/backend/config/guniconf.py b/api/src/backend/config/guniconf.py index 63472feec8..3b8b7dbe8c 100644 --- a/api/src/backend/config/guniconf.py +++ b/api/src/backend/config/guniconf.py @@ -56,6 +56,12 @@ preload_app = not DEBUG # that may take longer, such as complex API operations. timeout = env.int("GUNICORN_TIMEOUT", default=120) +# HTTP keep-alive idle timeout. Must exceed the idle timeout of the proxy or load +# balancer in front of gunicorn, or it reuses a connection gunicorn just closed +# and returns a 502. Default clears the common 60s; raise `GUNICORN_KEEPALIVE` to +# stay above a longer one. +keepalive = env.int("GUNICORN_KEEPALIVE", default=75) + # Logging logconfig_dict = DJANGO_LOGGERS gunicorn_logger = logging.getLogger(BackendLogger.GUNICORN)