Accepting Incoming Connections
The Curity Identity Server allows controlling various settings regarding incoming connections for each service-role.
This is especially important in case the server finds itself under a heavy load, as incorrect settings could lead the server to become unresponsive and all but stop accepting new connections.
Getting Started#
To manage Incoming Connections, navigate the Curity Admin UI menu to the service role and select the
Connections tab.
Configuration#
The following settings can be customized:
| Parameter | Default Value | Description |
|---|---|---|
max-accepts | 100_000 | The maximum number of concurrent connections that the service can accept. If this value is exceeded, the server may stop accepting new connections, which means it may seem unresponsive until some of the accepted connections complete or timeout. |
accept-backlog | 0 | The maximum number of pending connections. (enforced approximately). If 0, a system-specific default is used. This setting is provided to the Operating System, hence behaviour may differ depending on which system is used. |
idle-connection-timeout | 30 | Maximum amount of time, in seconds, a connection may remain open while idle. |
idle-connection-timeout-after-max-accepts. | 5 | Maximum amount of time, in seconds, a connection may remain open while idle while the maximum number of accepted connections has been exceeded. |
Some Linux distributions limit the number of connections via /proc/sys/net/core/somaxconn. That value supersedes
the max-accepts setting. Consult your distribution documentation for how to update that.
On Linux, consult your distribution man page for int listen(int sockfd, int backlog) from sys/socket.h to
understand the behaviour of the backlog parameter.
Curity has sane defaults for all these settings, but adjusting their values may be necessary to achieve specific goals regarding resilience and responsiveness.
See the full configuration reference at Service Role > Connections .