Set Chromium MaxConnectionsPerProxy default to 16#183
Merged
sjmiller609 merged 1 commit intomainfrom Mar 19, 2026
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Set Chromium’s default managed policy
MaxConnectionsPerProxyto16in thekernel-imagesbrowser images.Why
In live testing on a stealth Envoy VM with a 6-tab workload, Chromium’s default behavior allowed substantially higher upstream proxy fanout than desired. Setting
MaxConnectionsPerProxyeffectively clamps Chrome-to-proxy and proxy-to-origin connection counts much closer to the configured limit.Observed results from the same workload:
MaxConnectionsPerProxy=16: peak ~17 / ~17MaxConnectionsPerProxy=8: peak ~9 / ~9MaxConnectionsPerProxy=4: peak ~7 / ~7This makes
16a good default for reducing proxy connection fanout without needing per-session configuration.What changed
"MaxConnectionsPerProxy": 16to the shared managed Chromium policy baked into the browser images./etc/chromium/policies/managed/policy.jsonto verify the default is present.Implementation details
The default policy is sourced from the shared image policy file and copied into the VM at
/etc/chromium/policies/managed/policy.json, so this change applies to the browser image startup path directly.Validation
MaxConnectionsPerProxy: 16go test ./lib/policygo test -run '^$' ./e2eNote
Medium Risk
Changes a Chromium managed policy that can affect browser networking/concurrency behavior across all images. Added e2e checks reduce regression risk but policy changes may have wide runtime impact.
Overview
Updates the default managed Chromium policy to set
MaxConnectionsPerProxyto16inshared/chromium-policies/managed/policy.json.Hardens e2e coverage by asserting
MaxConnectionsPerProxyexists and equals16in both the Chromium policy test and the enterprise extension policy test, so missing/changed policy values are caught early.Written by Cursor Bugbot for commit 524dd6b. This will update automatically on new commits. Configure here.