Does the TLS handler close idle TCP connections after 60s?

I’m playing around with running an MQTT broker on fly, using the TLS handler on port 10000. Clients seem to get disconnected every 60s, and it seems to be that fly is sending a FIN about 60 seconds after the connection is established.

I assume your proxy is killing “idle” connections. Is this by design? Is the idle timeout configurable?

If I decided I wanted to not use the TLS handler, is there a way I could get the certs/secrets mounted in my container so I can handle TLS termination myself?


60s is our timeout for connections. If nothing in our out has been sent or received through them for 60s, then we close them. This is true of any TCP connection (not just ones using the TLS handler).

You’ll need good reconnection logic or to send “pings” to keep the connection alive. Depending on the type of service you’re exposing, this may or may not be possible.

We don’t presently offer this. We’re hoping our TLS solution can be complete enough that our users won’t need access to the certificates. As I said though, TCP connections would also be closed after 60s of inactivity, even if you handle TLS yourself.

Thanks - that makes sense, although I’m now confused about how this used to work (I just ran the broker on a VPS and had no issues with a keepalive > 60s).

I’ll update the client config.