From aaf2c6e27b77d90697a5be2b12b2e3b6ad1a5079 Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Mon, 9 May 2022 10:01:38 -0400
Subject: [PATCH] have nginx wait a little longer for PaymentServer v1/
 endpoint responses

---
 nixos/modules/issuer.nix | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/nixos/modules/issuer.nix b/nixos/modules/issuer.nix
index 67bc3c50..d3a48ecb 100644
--- a/nixos/modules/issuer.nix
+++ b/nixos/modules/issuer.nix
@@ -254,6 +254,17 @@ in {
           # we pass less scanning spam on to our backend
           # Want a regex instead? try locations."~ /v\d+/"
           proxyPass = "http://127.0.0.1:${internalHttpPort}";
+
+          # The redemption endpoint can intentionally delay its response for
+          # up to 600 seconds for a cheap kind of server-push when payment
+          # completes.  Let that timeout control how long the connection stays
+          # open.  PaymentServer does not accept configuration for that
+          # duration so we also hard-code it here.
+          #
+          # http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_read_timeout
+          extraConfig = ''
+            proxy_read_timeout = 660;
+          '';
         };
         locations."/metrics" = {
           # Only allow our monitoringvpn subnet
-- 
GitLab