consul.Config() helper to generate the tlsutil.Config{} struct, 30 second keepalive, use keepalive for HTTP and HTTPS

command/agent/command.go

@@ -466,10 +466,9 @@ func (c *Command) Run(args []string) int {
 	if c.rpcServer != nil {
 		defer c.rpcServer.Shutdown()
 	}
-	if c.httpServers != nil {
+
-		for _, server := range c.httpServers {
+	for _, server := range c.httpServers {
-			defer server.Shutdown()
+		defer server.Shutdown()
-		}
 	}
 
 	// Join startup nodes if specified

command/agent/http.go

@@ -93,11 +93,13 @@ func NewHTTPServers(agent *Agent, config *Config, logOutput io.Writer) ([]*HTTPS
 		}
 
 		// Create non-TLS listener
-		list, err = net.Listen("tcp", httpAddr.String())
+		ln, err := net.Listen("tcp", httpAddr.String())
 		if err != nil {
 			return nil, fmt.Errorf("Failed to get Listen on %s: %v", httpAddr.String(), err)
 		}
 
+		list = tcpKeepAliveListener{ln.(*net.TCPListener)}
+
 		// Create the mux
 		mux := http.NewServeMux()
 
@@ -140,7 +142,7 @@ func (ln tcpKeepAliveListener) Accept() (c net.Conn, err error) {
 		return
 	}
 	tc.SetKeepAlive(true)
-	tc.SetKeepAlivePeriod(3 * time.Minute)
+	tc.SetKeepAlivePeriod(30 * time.Second)
 	return tc, nil
 }
 

command/util_test.go

@@ -98,7 +98,7 @@ func nextConfig() *agent.Config {
 	conf.Server = true
 
 	conf.Ports.HTTP = 10000 + 10*idx
-	conf.Ports.HTTPS = 10400 + 10*idx
+	conf.Ports.HTTPS = 10401 + 10*idx
 	conf.Ports.RPC = 10100 + 10*idx
 	conf.Ports.SerfLan = 10201 + 10*idx
 	conf.Ports.SerfWan = 10202 + 10*idx

consul/client.go

@@ -4,7 +4,6 @@ import (
 	"crypto/tls"
 	"fmt"
 	"github.com/hashicorp/consul/consul/structs"
-	"github.com/hashicorp/consul/tlsutil"
 	"github.com/hashicorp/serf/serf"
 	"log"
 	"math/rand"
@@ -94,16 +93,7 @@ func NewClient(config *Config) (*Client, error) {
 	// Create the tlsConfig
 	var tlsConfig *tls.Config
 	var err error
-	tlsConf := &tlsutil.Config{
+	if tlsConfig, err = config.tlsConfig().OutgoingTLSConfig(); err != nil {
-		VerifyIncoming: config.VerifyIncoming,
-		VerifyOutgoing: config.VerifyOutgoing,
-		CAFile:         config.CAFile,
-		CertFile:       config.CertFile,
-		KeyFile:        config.KeyFile,
-		NodeName:       config.NodeName,
-		ServerName:     config.ServerName}
-
-	if tlsConfig, err = tlsConf.OutgoingTLSConfig(); err != nil {
 		return nil, err
 	}
 

consul/config.go

@@ -7,6 +7,7 @@ import (
 	"os"
 	"time"
 
+	"github.com/hashicorp/consul/tlsutil"
 	"github.com/hashicorp/memberlist"
 	"github.com/hashicorp/raft"
 	"github.com/hashicorp/serf/serf"
@@ -234,3 +235,16 @@ func DefaultConfig() *Config {
 
 	return conf
 }
+
+func (c *Config) tlsConfig() *tlsutil.Config {
+	tlsConf := &tlsutil.Config{
+		VerifyIncoming: c.VerifyIncoming,
+		VerifyOutgoing: c.VerifyOutgoing,
+		CAFile:         c.CAFile,
+		CertFile:       c.CertFile,
+		KeyFile:        c.KeyFile,
+		NodeName:       c.NodeName,
+		ServerName:     c.ServerName}
+
+	return tlsConf
+}

consul/server.go

@@ -16,7 +16,6 @@ import (
 	"time"
 
 	"github.com/hashicorp/consul/acl"
-	"github.com/hashicorp/consul/tlsutil"
 	"github.com/hashicorp/golang-lru"
 	"github.com/hashicorp/raft"
 	"github.com/hashicorp/raft-mdb"
@@ -169,15 +168,7 @@ func NewServer(config *Config) (*Server, error) {
 	}
 
 	// Create the tlsConfig for outgoing connections
-	tlsConf := &tlsutil.Config{
+	tlsConf := config.tlsConfig()
-		VerifyIncoming: config.VerifyIncoming,
-		VerifyOutgoing: config.VerifyOutgoing,
-		CAFile:         config.CAFile,
-		CertFile:       config.CertFile,
-		KeyFile:        config.KeyFile,
-		NodeName:       config.NodeName,
-		ServerName:     config.ServerName}
-
 	tlsConfig, err := tlsConf.OutgoingTLSConfig()
 	if err != nil {
 		return nil, err