From b2b918637ebc0e6baed8cffa95b5e1fc90fdc39c Mon Sep 17 00:00:00 2001
From: Igor Chubin <igor@chub.in>
Date: Sun, 20 Nov 2022 14:00:37 +0100
Subject: [PATCH] Use custom servers/timeouts for HTTP/HTTPS

---
 cmd/srv.go | 31 ++++++++++++++++++++++++++++---
 1 file changed, 28 insertions(+), 3 deletions(-)

diff --git a/cmd/srv.go b/cmd/srv.go
index f85d3f2..693e1e4 100644
--- a/cmd/srv.go
+++ b/cmd/srv.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"context"
+	"crypto/tls"
 	"fmt"
 	"log"
 	"net"
@@ -72,12 +73,36 @@ func copyHeader(dst, src http.Header) {
 }
 
 func serveHTTP(mux *http.ServeMux, port int, errs chan<- error) {
-	errs <- http.ListenAndServe(fmt.Sprintf(":%d", port), mux)
+	srv := &http.Server{
+		Addr:         fmt.Sprintf(":%d", port),
+		ReadTimeout:  5 * time.Second,
+		WriteTimeout: 10 * time.Second,
+		IdleTimeout:  1 * time.Second,
+		Handler:      mux,
+	}
+	// srv.SetKeepAlivesEnabled(false)
+	errs <- srv.ListenAndServe()
 }
 
 func serveHTTPS(mux *http.ServeMux, port int, errs chan<- error) {
-	errs <- http.ListenAndServeTLS(fmt.Sprintf(":%d", port),
-		Conf.Server.TLSCertFile, Conf.Server.TLSKeyFile, mux)
+	tlsConfig := &tls.Config{
+		// CipherSuites: []uint16{
+		// 	tls.TLS_CHACHA20_POLY1305_SHA256,
+		// 	tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+		// 	tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+		// },
+		// MinVersion: tls.VersionTLS13,
+	}
+	srv := &http.Server{
+		Addr:         fmt.Sprintf(":%d", port),
+		ReadTimeout:  5 * time.Second,
+		WriteTimeout: 20 * time.Second,
+		IdleTimeout:  1 * time.Second,
+		TLSConfig:    tlsConfig,
+		Handler:      mux,
+	}
+	// srv.SetKeepAlivesEnabled(false)
+	errs <- srv.ListenAndServeTLS(Conf.Server.TLSCertFile, Conf.Server.TLSKeyFile)
 }
 
 func main() {