Use options on the Advanced tab to:
-
Configure how the ingress load balancer handles HTTP requests.
-
Specify the read-response timeout.
This value is the amount of time the CloudHub 2.0 ingress controller waits to receive a response from your Mule application after forwarding the request. If your application takes longer than the configured time to process the request and start sending the response, CloudHub 2.0 drops the connection with a 504 error.
ImportantThis timeout setting is separate from the read-request timeout, which controls how long the CloudHub 2.0 ingress controller waits to receive the full request from the client. The read-request timeout is hardcoded to 300 seconds, and you can’t configure it. If your client takes longer than 300 seconds to send the complete request (for example, when uploading large files), CloudHub 2.0 drops the connection even if you have configured a longer read-response timeout.
For data transfers that exceed 300 seconds, consider breaking the request into smaller chunks or implementing asynchronous processing patterns.
-
Configure ingress access logs and download logs.
-
Configure Amazon Web Services (AWS) service roles.
When you modify HTTP requests, applications may not be reachable for up to 5 seconds.
partial$select-private-space.adoc partial$select-private-space.adoc partial$select-private-space.adoc . Configure how the private accepts inbound traffic:
+
CloudHub 2.0 doesn’t allow you to accept only insecure HTTP requests.
From the HTTP Requests list, select one of the following:
-
Redirect to HTTPS
Redirects HTTP requests to the same URL using the HTTPS protocol.
-
Accept HTTP
Accepts the inbound request on the default SSL endpoint using the HTTP protocol.
-
Drop HTTP
Silently drops HTTP requests.
-
Specify the read response timeout value.
The default read-response timeout is 300 seconds. You can configure this value up to 3600 seconds (1 hour).
-
Click Save Changes or Discard Changes.
|
Note
|
The maximum request size is 1 GB. |
CloudHub 2.0 uses multiple timeout settings to manage different phases of request handling:
- Read Request Timeout (hardcoded at 300 seconds)
-
The time the CloudHub 2.0 ingress controller waits to receive the complete request from the client. If the client takes longer than 300 seconds to send the entire request payload (for example, uploading a large CSV file), CloudHub 2.0 drops the connection. This timeout is not user-configurable and applies to both shared and private spaces.
- Read Response Timeout (user-configurable)
-
The time the CloudHub 2.0 ingress controller waits to receive a response from your Mule application after the request has been forwarded. You can configure this timeout in the Advanced tab of your private space settings. This setting controls how long your Mule application has to process the request and begin sending a response.
- Connection Idle Timeout (hardcoded at 15 seconds)
-
The time the CloudHub 2.0 ingress controller waits before closing an idle connection when no data is being transferred.
For long-running operations that exceed these timeout limits, consider implementing one of the following approaches:
-
Break large requests into smaller chunks
-
Use asynchronous processing patterns where the client receives an immediate acknowledgment and polls for results
-
Implement keep-alive mechanisms to prevent idle timeout during processing
CloudHub 2.0 enables you to enable or disable access logs for the ingress load balancer. Access logs record information about requests to applications deployed in the private space, which can help you diagnose connection issues and monitor traffic.
partial$select-private-space.adoc partial$select-private-space.adoc partial$select-private-space.adoc . Toggle Enable Access Logs to enable or disable ingress access logging. . Click Save Changes or Discard Changes.
When access logs are enabled, each log entry contains the following fields:
| Field | Description |
|---|---|
Timestamp |
The date and time when the request was received. |
Request Method |
The HTTP method used for the request (for example, GET, POST, PUT). |
Request Path |
The URL path of the request. |
Protocol |
The protocol used for the request (for example, HTTP/1.1, HTTP/2). |
Response Code |
The HTTP status code returned to the client. |
Response Flags |
Flags that provide additional details about the response or connection, such as timeouts or connection termination reasons. |
Bytes Received |
The number of bytes received from the client. |
Bytes Sent |
The number of bytes sent to the client. |
Duration |
The total time in milliseconds to process the request, from when the first byte is received to when the last byte of the response is sent. |
Upstream Host |
The address of the upstream application that processed the request. |
X-Forwarded-For |
The client IP address from the X-Forwarded-For header. |
User Agent |
The user agent string from the client request. |
Request ID |
A unique identifier for the request, useful for tracing and debugging. |
To download ingress access logs:
partial$select-private-space.adoc partial$select-private-space.adoc partial$select-private-space.adoc . Click Download Logs.
If you have identity and access management (IAM) roles configured in AWS, you can associate the role with your private space. The private space receives the permissions from the IAM role in AWS and can access AWS resources. To configure this feature in AWS:
-
Use the unique AWS IAM role name that Anypoint Platform generates.
-
Use the organization ID for the organization in which the private space was configured.
-
Allow outbound traffic on port 443 to use this feature.
For more information, see IAM roles.
partial$select-private-space.adoc partial$select-private-space.adoc partial$select-private-space.adoc . Click Enable AWS Service Role. . Click Save Changes or Discard changes.
+ A unique service role name is generated, and you can use this role configure to configure identity and access management for AWS. Role generation might take a few minutes. If the role name does not appear, refresh the page.
|
Note
|
You can configure only one AWS service role per private space. |
-
IAM roles in the AWS documentation