Unicorn Configurator HttpServer OobGC PrereadInput StreamInput TeeInput Util Worker


#after_fork #after_worker_exit #after_worker_ready #before_exec #before_fork #check_client_connection #client_body_buffer_size #listen #logger #pid #preload_app #rewindable_input #stderr_path #stdout_path #timeout #user #worker_exec #worker_processes #working_directory

class Unicorn::Configurator

Implements a simple DSL for configuring a unicorn server.

See and example configuration files. An example config file for use with nginx is also available at

See the TUNING.html document for more information on tuning unicorn.

Public Instance Methods

after_fork (*args, &block) source

sets #after_fork hook to a given block. This block will be called by the worker after forking. The following is an example hook which adds a per-process listener to every worker:

after_fork do |server,worker|
  # per-process listener ports for debugging/admin:
  addr = "{9293 +}"

  # the negative :tries parameter indicates we will retry forever
  # waiting on the existing process to exit with a 5 second :delay
  # Existing options for Unicorn::Configurator#listen such as
  # :backlog, :rcvbuf, :sndbuf are available here as well.
  server.listen(addr, :tries => -1, :delay => 5, :backlog => 128)
after_worker_exit (*args, &block) source

sets #after_worker_exit hook to a given block. This block will be called by the master process after a worker exits:

after_worker_exit do |server,worker,status|
  # status is a Process::Status instance for the exited worker process
  unless status.success?
    server.logger.error("worker process failure: #{status.inspect}")
after_worker_ready (*args, &block) source

sets #after_worker_ready hook to a given block. This block will be called by a worker process after it has been fully loaded, directly before it starts responding to requests:

after_worker_ready do |server,worker|"worker #{} ready, dropping privileges")
  worker.user('username', 'groupname')

Do not use #user if you rely on changing users in the #after_worker_ready hook.

#after_worker_ready is only available in unicorn 5.3.0+

before_exec (*args, &block) source

sets the #before_exec hook to a given Proc object. This Proc object will be called by the master process right before exec()-ing the new unicorn binary. This is useful for freeing certain OS resources that you do NOT wish to share with the reexeced child process. There is no corresponding after_exec hook (for obvious reasons).

before_fork (*args, &block) source

sets #before_fork got be a given Proc object. This Proc object will be called by the master process before forking each worker.

check_client_connection (bool) source

When enabled, unicorn will check the client connection by writing the beginning of the HTTP headers before calling the application.

This will prevent calling the application for clients who have disconnected while their connection was queued.

This only affects clients connecting over Unix domain sockets and TCP via loopback (127...*). It is unlikely to detect disconnects if the client is on a remote host (even on a fast LAN).

This option cannot be used in conjunction with :tcp_nopush.

client_body_buffer_size (bytes) source

The maximum size (in bytes) to buffer in memory before resorting to a temporary file. Default is 112 kilobytes. This option has no effect if "rewindable_input" is set to false.

listen (address, options = {}) source

Adds an address to the existing listener set. May be specified more than once. address may be an Integer port number for a TCP port, an "IP_ADDRESS:PORT" for TCP listeners or a pathname for UNIX domain sockets.

listen 3000 # listen to port 3000 on all TCP interfaces
listen ""  # listen to port 3000 on the loopback interface
listen "/path/to/.unicorn.sock" # listen on the given Unix domain socket
listen "[::1]:3000" # listen to port 3000 on the IPv6 loopback interface

When using Unix domain sockets, be sure: 1) the path matches the one used by nginx 2) uses the same filesystem namespace as the nginx process For systemd users using PrivateTmp=true (for either nginx or unicorn), this means Unix domain sockets must not be placed in /tmp

The following options may be specified (but are generally not needed):

:backlog => number of clients

This is the backlog of the listen() syscall.

Some operating systems allow negative values here to specify the maximum allowable value. In most cases, this number is only recommendation and there are other OS-specific tunables and variables that can affect this number. See the listen(2) syscall documentation of your OS for the exact semantics of this.

If you are running unicorn on multiple machines, lowering this number can help your load balancer detect when a machine is overloaded and give requests to a different machine.

Default: 1024

Note: with the Linux kernel, the net.core.somaxconn sysctl defaults to 128, capping this value to 128. Raising the sysctl allows a larger backlog (which may not be desirable with multiple, load-balanced machines).

:rcvbuf => bytes, :sndbuf => bytes

Maximum receive and send buffer sizes (in bytes) of sockets.

These correspond to the SO_RCVBUF and SO_SNDBUF settings which can be set via the setsockopt(2) syscall. Some kernels (e.g. Linux 2.4+) have intelligent auto-tuning mechanisms and there is no need (and it is sometimes detrimental) to specify them.

See the socket API documentation of your operating system to determine the exact semantics of these settings and other operating system-specific knobs where they can be specified.

Defaults: operating system defaults

:tcp_nodelay => true or false

Disables Nagle's algorithm on TCP sockets if true.

Setting this to true can make streaming responses in Rails 3.1 appear more quickly at the cost of slightly higher bandwidth usage. The effect of this option is most visible if nginx is not used, but nginx remains highly recommended with unicorn.

This has no effect on UNIX sockets.

Default: true (Nagle's algorithm disabled) in unicorn This defaulted to false in unicorn 3.x

:tcp_nopush => true or false

Enables/disables TCP_CORK in Linux or TCP_NOPUSH in FreeBSD

This prevents partial TCP frames from being sent out and reduces wakeups in nginx if it is on a different machine. Since unicorn is only designed for applications that send the response body quickly without keepalive, sockets will always be flushed on close to prevent delays.

This has no effect on UNIX sockets.

Default: false This defaulted to true in unicorn 3.4 - 3.7

:ipv6only => true or false

This option makes IPv6-capable TCP listeners IPv6-only and unable to receive IPv4 queries on dual-stack systems. A separate IPv4-only listener is required if this is true.

Enabling this option for the IPv6-only listener and having a separate IPv4 listener is recommended if you wish to support IPv6 on the same TCP port. Otherwise, the value of env["REMOTE_ADDR"] will appear as an ugly IPv4-mapped-IPv6 address for IPv4 clients (e.g ":ffff:" instead of just "").

Default: Operating-system dependent

:reuseport => true or false

This enables multiple, independently-started unicorn instances to bind to the same port (as long as all the processes enable this).

This option must be used when unicorn first binds the listen socket. It cannot be enabled when a socket is inherited via SIGUSR2 (but it will remain on if inherited), and it cannot be enabled directly via SIGHUP.

Note: there is a chance of connections being dropped if one of the unicorn instances is stopped while using this.

This is supported on *BSD systems and Linux 3.9 or later.


Default: false (unset)

:tries => Integer

Times to retry binding a socket if it is already in use

A negative number indicates we will retry indefinitely, this is useful for migrations and upgrades when individual workers are binding to different ports.

Default: 5

:delay => seconds

Seconds to wait between successive tries

Default: 0.5 seconds

:umask => mode

Sets the file mode creation mask for UNIX sockets. If specified, this is usually in octal notation.

Typically UNIX domain sockets are created with more liberal file permissions than the rest of the application. By default, we create UNIX domain sockets to be readable and writable by all local users to give them the same accessibility as locally-bound TCP listeners.

This has no effect on TCP listeners.

Default: 0000 (world-read/writable)

:tcp_defer_accept => Integer

Defer accept() until data is ready (Linux-only)

For Linux 2.6.32 and later, this is the number of retransmits to defer an accept() for if no data arrives, but the client will eventually be accepted after the specified number of retransmits regardless of whether data is ready.

For Linux before 2.6.32, this is a boolean option, and accepts are always deferred indefinitely if no data arrives. This is similar to :accept_filter => "dataready" under FreeBSD.

Specifying true is synonymous for the default value(s) below, and false or nil is synonymous for a value of zero.

A value of 1 is a good optimization for local networks and trusted clients. There is no good reason to ever disable this with a zero value with unicorn.

Default: 1

:accept_filter => String

defer accept() until data is ready (FreeBSD-only)

This enables either the "dataready" or (default) "httpready" accept() filter under FreeBSD. This is intended as an optimization to reduce context switches with common GET/HEAD requests.

There is no good reason to change from the default.

Default: "httpready"

logger (obj) source

sets object to the obj Logger-like object. The new Logger-like object must respond to the following methods:

The default Logger will log its output to the path specified by stderr_path. If you're running Unicorn daemonized, then you must specify a path to prevent error messages from going to /dev/null.

pid (path) source

sets the path for the PID file of the unicorn master process

preload_app (bool) source

Enabling this preloads an application before forking worker processes. This allows memory savings when using a copy-on-write-friendly GC but can cause bad things to happen when resources like sockets are opened at load time by the master process and shared by multiple children. People enabling this are highly encouraged to look at the before_fork/after_fork hooks to properly close/reopen sockets. Files opened for logging do not have to be reopened as (unbuffered-in-userspace) files opened with the File::APPEND flag are written to atomically on UNIX.

In addition to reloading the unicorn-specific config settings, SIGHUP will reload application code in the working directory/symlink when workers are gracefully restarted when #preload_app=false (the default). As reloading the application sometimes requires RubyGems updates, Gem.refresh is always called before the application is loaded (for RubyGems users).

During deployments, care should always be taken to ensure your applications are properly deployed and running. Using #preload_app=false (the default) means you must check if your application is responding properly after a deployment. Improperly deployed applications can go into a spawn loop if the application fails to load. While your children are in a spawn loop, it is is possible to fix an application by properly deploying all required code and dependencies. Using #preload_app=true means any application load error will cause the master process to exit with an error.

rewindable_input (bool) source

Toggles making env["rack.input"] rewindable. Disabling rewindability can improve performance by lowering I/O and memory usage for applications that accept uploads. Keep in mind that the Rack 1.x spec requires env["rack.input"] to be rewindable, but the Rack 2.x spec does not.

rewindable_input defaults to true for compatibility. Setting it to false may be safe for applications and frameworks developed for Rack 2.x and later.

stderr_path (path) source

Allow redirecting $stderr to a given path. Unlike doing this from the shell, this allows the unicorn process to know the path its writing to and rotate the file if it is used for logging. The file will be opened with the File::APPEND flag and writes synchronized to the kernel (but not necessarily to disk) so multiple processes can safely append to it.

If you are daemonizing and using the default logger, it is important to specify this as errors will otherwise be lost to /dev/null. Some applications/libraries may also triggering warnings that go to stderr, and they will end up here.

stdout_path (path) source

Same as #stderr_path, except for $stdout. Not many Rack applications write to $stdout, but any that do will have their output written here. It is safe to point this to the same location a stderr_path. Like #stderr_path, this defaults to /dev/null when daemonized.

timeout (seconds) source

sets the timeout of worker processes to seconds. Workers handling the request/ cycle taking longer than this time period will be forcibly killed (via SIGKILL). This timeout is enforced by the master process itself and not subject to the scheduling limitations by the worker process. Due the low-complexity, low-overhead implementation, timeouts of less than 3.0 seconds can be considered inaccurate and unsafe.

For running Unicorn behind nginx, it is recommended to set "fail_timeout=0" for in your nginx configuration like this to have nginx always retry backends that may have had workers SIGKILL-ed due to timeouts.

upstream unicorn_backend {
  # for UNIX domain socket setups:
  server unix:/path/to/.unicorn.sock fail_timeout=0;

  # for TCP setups
  server fail_timeout=0;
  server fail_timeout=0;
  server fail_timeout=0;

See for more details on nginx upstream configuration.

user (user, group = nil) source

Runs worker processes as the specified user and group. The master process always stays running as the user who started it. This switch will occur after calling the #after_fork hook, and only if the Worker#user method is not called in the #after_fork hook group is optional and will not change if unspecified.

Do not use #user if you rely on changing users in the #after_worker_ready hook. Instead, you need to call Worker#user directly in after_worker_ready.

worker_exec (bool) source

Whether to exec in each worker process after forking. This changes the memory layout of each worker process, which is a security feature designed to defeat possible address space discovery attacks. Note that using #worker_exec only makes sense if you are not preloading the application, and will result in higher memory usage.

#worker_exec is only available in unicorn 5.3.0+

worker_processes (nr) source

sets the current number of #worker_processes to nr. Each worker process will serve exactly one client at a time. You can increment or decrement this value at runtime by sending SIGTTIN or SIGTTOU respectively to the master process without reloading the rest of your Unicorn configuration. See the SIGNALS document for more information.

working_directory (path) source

sets the working directory for Unicorn. This ensures SIGUSR2 will start a new instance of Unicorn in this directory. This may be a symlink, a common scenario for Capistrano users. Unlike all other Unicorn configuration directives, this binds immediately for error checking and cannot be undone by unsetting it in the configuration file and reloading.

Included modules: Unicorn
Pages Classes Methods

mail archives: