Increase default keepalive_timeout server-side. (#9285)

CHANGES/9285.misc.rst

@@ -0,0 +1 @@
+Changed web ``keepalive_timeout`` default to around an hour in order to reduce race conditions on reverse proxies -- by :user:`Dreamsorcerer`.

aiohttp/web_protocol.py

@@ -173,7 +173,8 @@ def __init__(
         manager: "Server",
         *,
         loop: asyncio.AbstractEventLoop,
-        keepalive_timeout: float = 75.0,  # NGINX default is 75 secs
+        # Default should be high enough that it's likely longer than a reverse proxy.
+        keepalive_timeout: float = 3630,
         tcp_keepalive: bool = True,
         logger: Logger = server_logger,
         access_log_class: Type[AbstractAccessLogger] = AccessLogger,

docs/web_reference.rst

@@ -2750,7 +2750,9 @@ application on specific TCP or Unix socket, e.g.::
 
    :param bool tcp_keepalive: Enable TCP Keep-Alive. Default: ``True``.
    :param int keepalive_timeout: Number of seconds before closing Keep-Alive
-        connection. Default: ``75`` seconds (NGINX's default value).
+        connection. Default: ``3630`` seconds (when deployed behind a reverse proxy
+        it's important for this value to be higher than the proxy's timeout. To avoid
+        race conditions we always want the proxy to close the connection).
    :param logger: Custom logger object. Default:
         :data:`aiohttp.log.server_logger`.
    :param access_log: Custom logging object. Default:
@@ -2985,7 +2987,7 @@ Utilities
 
 .. function:: run_app(app, *, host=None, port=None, path=None, \
                       sock=None, shutdown_timeout=60.0, \
-                      keepalive_timeout=75.0, \
+                      keepalive_timeout=3630, \
                       ssl_context=None, print=print, backlog=128, \
                       access_log_class=aiohttp.helpers.AccessLogger, \
                       access_log_format=aiohttp.helpers.AccessLogger.LOG_FORMAT, \
@@ -3052,6 +3054,12 @@ Utilities
                                    closed after a HTTP request. The delay
                                    allows for reuse of a TCP connection.
 
+                                   When deployed behind a reverse proxy
+                                   it's important for this value to be
+                                   higher than the proxy's timeout. To avoid
+                                   race conditions, we always want the proxy
+                                   to handle connection closing.
+
       .. versionadded:: 3.8
 
    :param ssl_context: :class:`ssl.SSLContext` for HTTPS server,