ntlm_timeout
The `ntlm_timeout` directive sets the duration for which idle NTLM connections to upstream servers are maintained before timing out.
Description
The ntlm_timeout directive is integral to managing how long idle connections using NTLM authentication can remain open before they are closed. When a client connects to the NGINX server and initiates an NTLM authentication process, NGINX can cache that authenticated connection for subsequent requests from the same client. The ntlm_timeout directive defines the maximum duration, in milliseconds, that NGINX will keep this idle connection alive if it is not actively being used. This can help in optimizing resource utilization, as terminatively idle connections can lead to excessive used resources if they remain open for too long.
Parameters for the ntlm_timeout directive must be specified in milliseconds and define a critical aspect of server performance tuning in environments where NTLM is employed for authentication. When the specified timeout is reached, any idle connection will be gracefully closed, allowing the system to recycle resources. It can significantly affect applications with sporadic requests from the same users, ensuring inactive connections do not unnecessarily consume available connections for upstream servers.
Config Example
upstream http_backend {
server 127.0.0.1:8080;
ntlm_timeout 30s;
}
server {
location /http/ {
proxy_pass http://http_backend;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}Be cautious of setting the timeout too low, as this may cause increased overhead from frequently re-establishing connections.
Ensure the upstream server can handle connection setup frequency; a low timeout on a slow server could degrade performance.