Date | Commit message (Collapse) |
|
Latency from redirects is painful, and HTTPS can protect privacy
in some cases.
|
|
HTTPS helps some with reader privacy and Let's Encrypt seems to
be working well enough the past few months.
This change will allow us to reduce subjectAltName bloat in our
TLS certificate over time. It will also promote domain name
agility to support mirrors or migrations to other domains
(including a Tor hidden service mirror).
http://bogomips.org/unicorn/ will remain available for people on
legacy systems without usable TLS. There is no plan for automatic
redirecting from HTTP to HTTPS at this time.
|
|
They'll continue to be maintained, but we're no longer advertising
them. Also, favor lowercase "unicorn" while we're at it since that
matches the executable and gem name to avoid unnecessary escaping
for RDoc.
|
|
The PrivateTmp feature of systemd breaks the usage of /tmp for the
shared Unix domain socket between nginx and unicorn, so discourage the
use of /tmp in that case.
While we're at it, use consistent paths for everything and use an
obviously intended-for-user-customization "/path/to" prefix instead
of "/tmp"
ML-Ref: CAKLVLx_t+9zWMhquMWDfStrxS7xrNoGmN0ZDsjSCUE=VxU+oyQ@mail.gmail.com
Reported-by: David Wilkins <dwilkins@conecuh.com>
|
|
This adds a little more flexibility to the nginx config,
especially as protocols (e.g. SPDY) become more prevalent.
Suggested-by: Eike Herzbach <eike@herzbach.net>
|
|
From: Eike Herzbach <eike@herzbach.net>
|
|
Oops.
|
|
IPv4-mapped-IPv6 addresses are fugly.
|
|
I've tested with nginx 1.0.0 and confirmed "proxy_buffering off;"
can cause Unicorn to block on a slow client reading a
large response. While there's a potential (client-visible)
performance improvement with Rails 3.1 streaming responses, it
can also hurt the server with slow clients.
Rainbows! with (ThreadSpawn or ThreadPool) is probably the best
way to do streaming responses efficiently from all angles (from
a server, client and programmer time perspective).
|
|
This feature is in nginx 0.7.x and 0.8.x and optimized
better than the "if" directive in nginx.conf
ref: http://wiki.nginx.org/Pitfalls
ref: http://wiki.nginx.org/IfIsEvil
|
|
There's no need to use listen unless you use non-default port or
can enable "deferred" or "httpready" (which you usually want).
|
|
These should help make things easier for folks unfamiliar
with nginx setups.
|