CRE-2025-0054

NGINX upstream connection timeoutMedium

Impact: 7/10

Mitigation: 5/10

CRE-2025-0054View on GitHub

NginxTimeoutProxyBackend IssueNetworking

Description

NGINX reports an upstream timeout error when it cannot establish or maintain a connection to backend services within the configured timeout threshold. This occurs when backend services are unresponsive, overloaded, or when the timeout values are set too low for normal operation conditions. The error indicates that NGINX attempted to proxy a request to an upstream server, but the connection or read operation timed out before completion.

Mitigation

- Review backend service performance and identify bottlenecks - Adjust NGINX timeout settings to accommodate realistic response times: - Increase `proxy_read_timeout` if backends need more time to generate responses - Adjust `proxy_connect_timeout` for connection establishment issues - Consider `proxy_send_timeout` for slow uploads - Scale backend services horizontally to handle increased load - Implement health checks to remove unhealthy backends from rotation - Add caching for frequently requested content to reduce backend load - Optimize backend application code and database queries - Consider implementing circuit breakers to fail fast rather than waiting for timeouts - Monitor backend response times and set alerts for increasing latency

References

• http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_read_timeout
• https://www.nginx.com/blog/avoiding-top-10-nginx-configuration-mistakes/
• https://www.nginx.com/blog/tuning-nginx/