diff --git a/README.lwsws.md b/README.lwsws.md
index da109e85..8f8543c3 100644
--- a/README.lwsws.md
+++ b/README.lwsws.md
@@ -28,8 +28,8 @@ There is a single file intended for global settings
 
 {
   "global": {
-   "uid": "99",
-   "gid": "99",
+   "uid": "48",
+   "gid": "48",
    "interface": "eth0",
    "count-threads": "1",
    "init-ssl": "yes"
@@ -135,6 +135,33 @@ negotiation time (via SNI) or if no SSL, then after the Host: header from
 the client has been parsed.
 
 
+Protocols
+---------
+
+Vhosts by default have available the union of any initial protocols from context creation time, and
+any protocols exposed by plugins.
+
+Vhosts can select which plugins they want to offer and give them per-vhost settings using this syntax
+
+```	
+     "ws-protocols": [{
+       "warmcat,timezoom": {
+         "status": "ok"
+       }
+     }]
+
+```
+
+Other vhost options
+-------------------
+
+ - If the three options "host-ssl-cert", "host-ssl-ca" and "host-ssl-key" are given, then the vhost supports SSL.
+
+ Each vhost may have its own certs, SNI is used during the initial connection negotiation to figure out which certs to use by the server name it's asking for from the request DNS name.
+
+ - keeplive-timeout (in secs) defaults to 60 for lwsws, it may be set as a vhost option
+
+
 Mounts
 ------
 
@@ -228,20 +255,4 @@ To help that happen conveniently, there are some new apis
 dumb increment, mirror and status protocol plugins are provided as examples.
 
 
-Protocols
----------
-
-Vhosts by default have available the union of any initial protocols from context creation time, and
-any protocols exposed by plugins.
-
-Vhosts can select which plugins they want to offer and give them per-vhost settings using this syntax
-
-```	
-     "ws-protocols": [{
-       "warmcat,timezoom": {
-         "status": "ok"
-       }
-     }]
-
-```
 
diff --git a/lib/context.c b/lib/context.c
index 85d70947..f75be876 100644
--- a/lib/context.c
+++ b/lib/context.c
@@ -228,6 +228,7 @@ lws_create_vhost(struct lws_context *context,
 		;
 
 	vh->pvo = info->pvo;
+	vh->keepalive_timeout = info->keepalive_timeout;
 
 #ifdef LWS_WITH_PLUGINS
 	if (plugin) {
diff --git a/lib/libwebsockets.h b/lib/libwebsockets.h
index b03ce923..278a5846 100644
--- a/lib/libwebsockets.h
+++ b/lib/libwebsockets.h
@@ -1469,6 +1469,7 @@ struct lws_context_creation_info {
 	const char *vhost_name;				/* VH */
 	const char *plugins_dir;			/* context */
 	struct lws_protocol_vhost_options *pvo;		/* VH */
+	int keepalive_timeout;				/* VH */
 
 	/* Add new things just above here ---^
 	 * This is part of the ABI, don't needlessly break compatibility
@@ -1702,6 +1703,7 @@ enum pending_timeout {
 	PENDING_FLUSH_STORED_SEND_BEFORE_CLOSE			= 12,
 	PENDING_TIMEOUT_SHUTDOWN_FLUSH				= 13,
 	PENDING_TIMEOUT_CGI					= 14,
+	PENDING_TIMEOUT_HTTP_KEEPALIVE_IDLE			= 15,
 
 	/****** add new things just above ---^ ******/
 };
diff --git a/lib/private-libwebsockets.h b/lib/private-libwebsockets.h
index c2be3e7a..1cab3c17 100644
--- a/lib/private-libwebsockets.h
+++ b/lib/private-libwebsockets.h
@@ -674,6 +674,7 @@ struct lws_vhost {
 	int ka_time;
 	int ka_probes;
 	int ka_interval;
+	int keepalive_timeout;
 
 #ifdef LWS_OPENSSL_SUPPORT
 	int use_ssl;
diff --git a/lib/server.c b/lib/server.c
index f001b5dd..37a2ea3c 100644
--- a/lib/server.c
+++ b/lib/server.c
@@ -1006,6 +1006,8 @@ lws_create_new_server_wsi(struct lws_vhost *vhost)
 LWS_VISIBLE int LWS_WARN_UNUSED_RESULT
 lws_http_transaction_completed(struct lws *wsi)
 {
+	int n = NO_PENDING_TIMEOUT;
+
 	lwsl_debug("%s: wsi %p\n", __func__, wsi);
 	/* if we can't go back to accept new headers, drop the connection */
 	if (wsi->u.http.connection_type != HTTP_CONNECTION_KEEP_ALIVE) {
@@ -1019,8 +1021,10 @@ lws_http_transaction_completed(struct lws *wsi)
 	wsi->u.http.content_length = 0;
 	wsi->hdr_parsing_completed = 0;
 
-	/* He asked for it to stay alive indefinitely */
-	lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0);
+
+	if (wsi->vhost->keepalive_timeout)
+		n = PENDING_TIMEOUT_HTTP_KEEPALIVE_IDLE;
+	lws_set_timeout(wsi, n, wsi->vhost->keepalive_timeout);
 
 	/*
 	 * We already know we are on http1.1 / keepalive and the next thing
diff --git a/lwsws/conf.c b/lwsws/conf.c
index 3bb1d5b9..7ed5b586 100644
--- a/lwsws/conf.c
+++ b/lwsws/conf.c
@@ -53,6 +53,7 @@ static const char * const paths_vhosts[] = {
 	"vhosts[].ws-protocols[].*.*",
 	"vhosts[].ws-protocols[].*",
 	"vhosts[].ws-protocols[]",
+	"vhosts[].keepalive_timeout",
 };
 
 enum lejp_vhost_paths {
@@ -71,6 +72,7 @@ enum lejp_vhost_paths {
 	LEJPVP_PROTOCOL_NAME_OPT,
 	LEJPVP_PROTOCOL_NAME,
 	LEJPVP_PROTOCOL,
+	LEJPVP_KEEPALIVE_TIMEOUT,
 };
 
 struct jpargs {
@@ -187,6 +189,7 @@ lejp_vhosts_cb(struct lejp_ctx *ctx, char reason)
 				       "!AES256-GCM-SHA384:"
 				       "!AES256-SHA256";
 		a->info->pvo = NULL;
+		a->info->keepalive_timeout = 60;
 	}
 
 	if (reason == LEJPCB_OBJECT_START &&
@@ -288,6 +291,9 @@ lejp_vhosts_cb(struct lejp_ctx *ctx, char reason)
 	case LEJPVP_CGI_TIMEOUT:
 		a->cgi_timeout = atoi(ctx->buf);
 		return 0;
+	case LEJPVP_KEEPALIVE_TIMEOUT:
+		a->info->keepalive_timeout = atoi(ctx->buf);
+		return 0;
 	case LEJPVP_CGI_ENV:
 		mp_cgienv = lwsws_align(a);
 		a->p += sizeof(*a->mp_cgienv);