Date | Commit message (Collapse) |
|
The PrivateTmp feature of systemd breaks the usage of /tmp for the
shared Unix domain socket between nginx and unicorn, so discourage the
use of /tmp in that case.
While we're at it, use consistent paths for everything and use an
obviously intended-for-user-customization "/path/to" prefix instead
of "/tmp"
ML-Ref: CAKLVLx_t+9zWMhquMWDfStrxS7xrNoGmN0ZDsjSCUE=VxU+oyQ@mail.gmail.com
Reported-by: David Wilkins <dwilkins@conecuh.com>
|
|
In my testing, only dropped clients over Unix domain sockets or
loopback TCP were detected with this option. Since many
nginx+unicorn combinations run on the same host, this is not a
problem.
Furthermore, tcp_nodelay:true appears to work over loopback,
so remove the requirement for tcp_nodelay:false.
|
|
This patch checks incoming connections and avoids calling the application
if the connection has been closed.
It works by sending the beginning of the HTTP response before calling
the application to see if the socket can successfully be written to.
By enabling this feature users can avoid wasting application rendering
time only to find the connection is closed when attempting to write, and
throwing out the result.
When a client disconnects while being queued or processed, Nginx will log
HTTP response 499 but the application will log a 200.
Enabling this feature will minimize the time window during which the problem
can arise.
The feature is disabled by default and can be enabled by adding
'check_client_connection true' to the unicorn config.
[ew: After testing this change, Tom Burns wrote:
So we just finished the US Black Friday / Cyber Monday weekend running
unicorn forked with the last version of the patch I had sent you. It
worked splendidly and helped us handle huge flash sales without
increased response time over the weekend.
Whereas in previous flash traffic scenarios we would see the number of
HTTP 499 responses grow past the number of real HTTP 200 responses,
over the weekend we saw no growth in 499s during flash sales.
Unexpectedly the patch also helped us ward off a DoS attack where the
attackers were disconnecting immediately after making a request.
ref: <CAK4qKG3rkfVYLyeqEqQyuNEh_nZ8yw0X_cwTxJfJ+TOU+y8F+w@mail.gmail.com>
]
Signed-off-by: Eric Wong <normalperson@yhbt.net>
|
|
This adds a little more flexibility to the nginx config,
especially as protocols (e.g. SPDY) become more prevalent.
Suggested-by: Eike Herzbach <eike@herzbach.net>
|
|
From: Eike Herzbach <eike@herzbach.net>
|
|
Ruby 2.0.0dev is the future and includes a CoW-friendly GC,
so we shall encourage folks to give Ruby 2.0.0dev a spin.
|
|
Oops.
|
|
IPv4-mapped-IPv6 addresses are fugly.
|
|
This was broken since v3.3.1[1] since nginx relies on a closed
socket (and not Content-Length/Transfer-Encoding) to detect
a response completion. We have to close the client socket
before invoking GC to ensure the client sees the response
in a timely manner.
[1] - commit b72a86f66c722d56a6d77ed1d2779ace6ad103ed
|
|
Oops, comments should match the latest code
|
|
OobGC is actually broken with nginx these days since
we needed to preserve the env for body.close...
|
|
I've tested with nginx 1.0.0 and confirmed "proxy_buffering off;"
can cause Unicorn to block on a slow client reading a
large response. While there's a potential (client-visible)
performance improvement with Rails 3.1 streaming responses, it
can also hurt the server with slow clients.
Rainbows! with (ThreadSpawn or ThreadPool) is probably the best
way to do streaming responses efficiently from all angles (from
a server, client and programmer time perspective).
|
|
|
|
logrotate is the de facto tool for logrotation, so an
example config for highlighting important parts are in order.
Since our USR1 signal handling is part of the crusade against
the slow and lossy "copytruncate" option, be sure to
emphasize that :)
|
|
This feature is in nginx 0.7.x and 0.8.x and optimized
better than the "if" directive in nginx.conf
ref: http://wiki.nginx.org/Pitfalls
ref: http://wiki.nginx.org/IfIsEvil
|
|
There's no need to use listen unless you use non-default port or
can enable "deferred" or "httpready" (which you usually want).
|
|
Sending the same signal faster than the receiver can process
means signals can get lost.
|
|
This makes the user (sysadmin in this case) more aware if the
upgrade fails or doesn't work as intended. This change could be
more useful for Rainbows! with its long-running responses.
|
|
While second nature to myself, stderr_path may be an
overlooked configuration parameter for some users. Also,
add a minimal sample configuration file that is shorter
and hopefully less intimidating to new users.
|
|
|
|
|
|
This may be used as a basis of other scripts so we need
to stash $1 before we "set -u"
|
|
Thanks to Michael Guterl for informing us of the issues
and testing the monkey patch.
|
|
These should help make things easier for folks unfamiliar
with nginx setups.
|
|
It's too simple of a script and causes running the init script
with zero arguments to fail instead of printing out the usage
message.
|
|
From RFC 2616, section 14.20:
> Comparison of expectation values is case-insensitive for
> unquoted tokens (including the 100-continue token), and is
> case-sensitive for quoted-string expectation-extensions.
|
|
There's a small memory reduction to be had when forking
oodles of processes and the Perl hacker in me still
gets confused into thinking those are arrays...
|
|
Now that upstream curl supports this functionality, there's
no reason to duplicate it here as an example.
|
|
This change gives applications full control to deny clients
from uploading unwanted message bodies. This also paves the
way for doing things like upload progress notification within
applications in a Rack::Lint-compatible manner.
Since we don't support HTTP keepalive, so we have more freedom
here by being able to close TCP connections and deny clients the
ability to write to us (and thus wasting our bandwidth).
While I could've left this feature off by default indefinitely
for maximum backwards compatibility (for arguably broken
applications), Unicorn is not and has never been about
supporting the lowest common denominator.
|
|
Then hopefully soon we'll be able to get rid of this script...
|
|
This includes an example of tunneling the git protocol inside a
TE:chunked HTTP request. The example is unfortunately contrived
in that it relies on the custom examples/cat-chunk-proxy.rb
script in the client. My initial wish was to have a generic
tool like curl(1) operate like this:
cat > ~/bin/cat-chunk-proxy.sh <<EOF
#!/bin/sh
exec curl -sfNT- http://$1:$2/
EOF
chmod +x ~/bin/cat-chunk-proxy.sh
GIT_PROXY_COMMAND=cat-chunk-proxy.sh git clone git://0:8080/foo
Unfortunately, curl will attempt a blocking read on stdin before
reading the TCP socket; causing the git-clone consumer to
starve. This does not appear to be a problem with the new
server code for handling chunked requests.
|
|
This adds support for handling POST/PUT request bodies sent with
chunked transfer encodings ("Transfer-Encoding: chunked").
Attention has been paid to ensure that a client cannot OOM us by
sending an extremely large chunk.
This implementation is pure Ruby as the Ragel-based
implementation in rfuzz didn't offer a streaming interface. It
should be reasonably close to RFC-compliant but please test it
in an attempt to break it.
The more interesting part is the ability to stream data to the
hosted Rack application as it is being transferred to the
server. This can be done regardless if the input is chunked or
not, enabling the streaming of POST/PUT bodies can allow the
hosted Rack application to process input as it receives it. See
examples/echo.ru for an example echo server over HTTP.
Enabling streaming also allows Rack applications to support
upload progress monitoring previously supported by Mongrel
handlers.
Since Rack specifies that the input needs to be rewindable, this
input is written to a temporary file (a la tee(1)) as it is
streamed to the application the first time. Subsequent rewinded
reads will read from the temporary file instead of the socket.
Streaming input to the application is disabled by default since
applications may not necessarily read the entire input body
before returning. Since this is a completely new feature we've
never seen in any Ruby HTTP application server before, we're
taking the safe route by leaving it disabled by default.
Enabling this can only be done globally by changing the
Unicorn HttpRequest::DEFAULTS hash:
Unicorn::HttpRequest::DEFAULTS["unicorn.stream_input"] = true
Similarly, a Rack application can check if streaming input
is enabled by checking the value of the "unicorn.stream_input"
key in the environment hashed passed to it.
All of this code has only been lightly tested and test coverage
is lacking at the moment.
[1] - http://tools.ietf.org/html/rfc2616#section-3.6.1
|
|
This was done in Bourne shell because it's easier for UNIX
sysadmins who don't know Ruby to understand and modify.
Additionally, it can be used for nginx or anything else
that shares compatible signal handling.
|
|
It is no longer relevant (or working) with rackup compatibility.
|
|
|
|
|
|
|
|
|
|
and configuration option.
git-svn-id: svn+ssh://rubyforge.org/var/svn/mongrel/trunk@245 19e92222-5c0b-0410-8929-a290d50e31e9
|
|
git-svn-id: svn+ssh://rubyforge.org/var/svn/mongrel/trunk@224 19e92222-5c0b-0410-8929-a290d50e31e9
|
|
git-svn-id: svn+ssh://rubyforge.org/var/svn/mongrel/trunk@210 19e92222-5c0b-0410-8929-a290d50e31e9
|
|
git-svn-id: svn+ssh://rubyforge.org/var/svn/mongrel/trunk@209 19e92222-5c0b-0410-8929-a290d50e31e9
|
|
git-svn-id: svn+ssh://rubyforge.org/var/svn/mongrel/trunk@208 19e92222-5c0b-0410-8929-a290d50e31e9
|
|
the MAX_BODY threshold. The only change here really is that HttpRequest#body is now an IO object rather than a string. I changed the various handlers to support this.
git-svn-id: svn+ssh://rubyforge.org/var/svn/mongrel/trunk@157 19e92222-5c0b-0410-8929-a290d50e31e9
|
|
now allows passing back of an IO object, to allow large file streaming. Simpler underscore replacement on Tepee wiki words.
git-svn-id: svn+ssh://rubyforge.org/var/svn/mongrel/trunk@154 19e92222-5c0b-0410-8929-a290d50e31e9
|
|
possibilities.
git-svn-id: svn+ssh://rubyforge.org/var/svn/mongrel/trunk@139 19e92222-5c0b-0410-8929-a290d50e31e9
|
|
Small change to config tool.
git-svn-id: svn+ssh://rubyforge.org/var/svn/mongrel/trunk@123 19e92222-5c0b-0410-8929-a290d50e31e9
|
|
git-svn-id: svn+ssh://rubyforge.org/var/svn/mongrel/trunk@121 19e92222-5c0b-0410-8929-a290d50e31e9
|
|
only have 1.3 camping.
git-svn-id: svn+ssh://rubyforge.org/var/svn/mongrel/trunk@119 19e92222-5c0b-0410-8929-a290d50e31e9
|
|
git-svn-id: svn+ssh://rubyforge.org/var/svn/mongrel/trunk@116 19e92222-5c0b-0410-8929-a290d50e31e9
|