From f628f731a8e6d3080f905d5879b64bf359d3233f Mon Sep 17 00:00:00 2001 From: saif <11242541+saifsmailbox98@users.noreply.github.com> Date: Tue, 12 May 2026 19:59:05 +0530 Subject: [PATCH 1/2] feat: decrease gateway heartbeat interval from 30 min to 3 min Companion to the backend/frontend change that lowers the heartbeat timeout from 1 hour to 5 minutes for faster gateway health detection in load balancing and HA deployments. --- packages/gateway-v2/gateway.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/gateway-v2/gateway.go b/packages/gateway-v2/gateway.go index b8f4e127..8cec5534 100644 --- a/packages/gateway-v2/gateway.go +++ b/packages/gateway-v2/gateway.go @@ -365,8 +365,8 @@ func (g *Gateway) registerHeartBeat(ctx context.Context, errCh chan error) { } }() - // Phase 2: Regular heartbeat every 30 minutes - regularTicker := time.NewTicker(30 * time.Minute) + // Phase 2: Regular heartbeat every 3 minutes + regularTicker := time.NewTicker(3 * time.Minute) defer regularTicker.Stop() for { From fca577d23036083c10131f27e4d0f26983619f98 Mon Sep 17 00:00:00 2001 From: saif <11242541+saifsmailbox98@users.noreply.github.com> Date: Sat, 16 May 2026 07:28:56 +0530 Subject: [PATCH 2/2] improvement: add infisical-health ALPN protocol and decrease heartbeat interval to 3 min --- packages/gateway-v2/connection.go | 6 ++++++ packages/gateway-v2/gateway.go | 21 ++++++++++++++++++--- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/packages/gateway-v2/connection.go b/packages/gateway-v2/connection.go index 04a856b1..7c5b1b73 100644 --- a/packages/gateway-v2/connection.go +++ b/packages/gateway-v2/connection.go @@ -273,3 +273,9 @@ func handlePing(ctx context.Context, conn *tls.Conn, reader *bufio.Reader) error conn.Write([]byte("PONG\n")) return nil } + +func handleHealth(ctx context.Context, conn *tls.Conn, reader *bufio.Reader, heartbeatTTL int) error { + response := fmt.Sprintf(`{"status":"ok","heartbeatTTL":%d}`, heartbeatTTL) + conn.Write([]byte(response + "\n")) + return nil +} diff --git a/packages/gateway-v2/gateway.go b/packages/gateway-v2/gateway.go index 8cec5534..8fb47487 100644 --- a/packages/gateway-v2/gateway.go +++ b/packages/gateway-v2/gateway.go @@ -38,6 +38,7 @@ const ( ForwardModePAMCancellation ForwardMode = "PAM_CANCELLATION" ForwardModePAMCapabilities ForwardMode = "PAM_CAPABILITIES" ForwardModePing ForwardMode = "PING" + ForwardModeHealth ForwardMode = "HEALTH" ) type ActorType string @@ -47,6 +48,8 @@ const ( ActorTypeUser ActorType = "user" ) +const heartbeatInterval = 3 * time.Minute + const GATEWAY_ROUTING_INFO_OID = "1.3.6.1.4.1.12345.100.1" const GATEWAY_ACTOR_OID = "1.3.6.1.4.1.12345.100.2" const PAM_INFO_OID = "1.3.6.1.4.1.12345.100.3" @@ -365,8 +368,8 @@ func (g *Gateway) registerHeartBeat(ctx context.Context, errCh chan error) { } }() - // Phase 2: Regular heartbeat every 3 minutes - regularTicker := time.NewTicker(3 * time.Minute) + // Phase 2: Regular heartbeat + regularTicker := time.NewTicker(heartbeatInterval) defer regularTicker.Stop() for { @@ -669,7 +672,7 @@ func (g *Gateway) setupTLSConfig() error { ClientCAs: clientCAPool, ClientAuth: tls.RequireAndVerifyClientCert, MinVersion: tls.VersionTLS12, - NextProtos: []string{"infisical-http-proxy", "infisical-tcp-proxy", "infisical-ping", "infisical-pam-proxy", "infisical-pam-session-cancellation", "infisical-pam-capabilities"}, + NextProtos: []string{"infisical-http-proxy", "infisical-tcp-proxy", "infisical-health", "infisical-ping", "infisical-pam-proxy", "infisical-pam-session-cancellation", "infisical-pam-capabilities"}, } return nil @@ -873,6 +876,14 @@ func (g *Gateway) handleIncomingChannel(newChannel ssh.NewChannel) { log.Info().Msg("Ping handler completed") } return + } else if forwardConfig.Mode == ForwardModeHealth { + log.Info().Msg("Starting health handler") + if err := handleHealth(g.ctx, tlsConn, reader, int(heartbeatInterval.Seconds())); err != nil { + log.Error().Err(err).Msg("Health handler ended with error") + } else { + log.Info().Msg("Health handler completed") + } + return } } @@ -919,6 +930,10 @@ func (g *Gateway) parseForwardConfigFromALPN(tlsConn *tls.Conn, reader *bufio.Re config.Mode = ForwardModePing return config, nil + case "infisical-health": + config.Mode = ForwardModeHealth + return config, nil + default: return nil, fmt.Errorf("unsupported ALPN protocol: %s", negotiatedProtocol) }