From: Michael Bernstein <michael.bernstein@clicksign.com>
To: unicorn-public@yhbt.net
Cc: Daniel Libanori <daniel.libanori@clicksign.com>,
Luiz Ferreira <luiz.ferreira@clicksign.com>
Subject: Connection issues between nginx and unicorn
Date: Tue, 18 Aug 2020 12:15:25 -0300 [thread overview]
Message-ID: <CANgN-T4PPJL=G4SKH7DeaFq_ep9ROYaSXfXimMh32xpRqvyf0w@mail.gmail.com> (raw)
Hello,
We are having a lot of connection issues between nginx and unicorn,
but we don't know exactly where is the issue. Can somebody help us?
Exemple from our nginx logs:
[error] 6#6: *4269348 connect() failed (111: Connection refused) while
connecting to upstream, client: 10.2.2.252, server: _, request: "POST
/api/v1/documents?access_token=....
[error] 6#6: *4269169 recv() failed (104: Connection reset by peer)
while reading response header from upstream, client: 10.2.10.120,
server: _, request: "GET /api/v1/documents/.....
[error] 6#6: *4268896 upstream timed out (110: Operation timed out)
while connecting to upstream, client: 10.2.2.252, server: _, request:
"GET /accounts/.... HTTP/1.1", upstream:
"http://172.20.214.176:80/accounts...", host: "app.clicksign.com",
referrer: "https://app.clicksign.com/..."
############
Unicorn configuration file:
# frozen_string_literal: true
listen 8080
worker_processes 4
timeout 60
preload_app true
GC.respond_to?(:copy_on_write_friendly=) &&
(GC.copy_on_write_friendly = true)
before_fork do |server, worker|
Signal.trap 'TERM' do
puts 'Unicorn master intercepting TERM and sending myself QUIT instead'
Process.kill 'QUIT', Process.pid
end
defined?(ActiveRecord::Base) &&
ActiveRecord::Base.connection.disconnect!
old_pid = "#{server.config[:pid]}.oldbin"
if old_pid != server.pid
begin
sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
Process.kill(sig, File.read(old_pid).to_i)
rescue Errno::ENOENT, Errno::ESRCH
end
end
sleep 1
end
after_fork do |_server, _worker|
Signal.trap 'TERM' do
puts 'Unicorn worker intercepting TERM and doing nothing. Wait for
master to send QUIT'
end
defined?(ActiveRecord::Base) &&
ActiveRecord::Base.establish_connection
end
############
nginx configuration file:
proxy_cache_path /var/cache/nginx/ levels=1:2 keys_zone=assets_cache:10m
max_size=1g inactive=60m use_temp_path=off;
resolver kube-dns.kube-system.svc.cluster.local valid=5s;
upstream backend {
server unicorn;
}
server {
server_name _;
server_tokens off;
keepalive_timeout 5;
client_max_body_size 100M;
client_body_buffer_size 30M;
sendfile on;
tcp_nopush on;
tcp_nodelay off;
gzip on;
gzip_min_length 1000;
gzip_proxied any;
gzip_buffers 16 8k;
gzip_http_version 1.0;
gzip_types text/css
text/plain
text/javascript
application/javascript
application/json
application/x-javascript
application/xml
application/xml+rss
application/xhtml+xml
application/x-font-ttf
application/x-font-opentype
application/vnd.ms-fontobject
image/svg+xml
image/x-icon
application/rss+xml
application/atom_xml;
location /healthcheck {
return 204;
}
location ~* ^/(fonts|webfonts|assets|packs) {
proxy_redirect off;
proxy_cache assets_cache;
proxy_cache_valid 120m;
proxy_pass http://backend;
add_header Cache-Control public;
if ($http_origin ~
'^((https*?:\/\/).*?((\.clicksign)\.(com|me|dev)))($|\/.*$)$' ){
add_header Access-Control-Allow-Origin $http_origin;
}
expires max;
}
location / {
proxy_pass http://backend;
proxy_redirect off;
proxy_read_timeout 60;
proxy_set_header Host $http_host;
}
}
######
Thanks,
Michael Belfer Bernstein
michael.bernstein@clicksign.com
https://www.clicksign.com | https://www.fluxia.com.br
--
A informação contida nesta mensagem e seus anexos é considerada secreta,
para uso exclusivo de seu destinatário. Caso você não seja o destinatário,
notifique o remetente e elimine esta mensagem. The information contained in
this message and respective attachments is secret, to be used exclusively
by its addressee. If you are not the intended addressee, please notify the
sender and delete this message.
next reply other threads:[~2020-08-18 15:15 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-18 15:15 Michael Bernstein [this message]
2020-08-18 18:06 ` Connection issues between nginx and unicorn Eric Wong
2020-08-22 1:27 ` Eric Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://yhbt.net/unicorn/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CANgN-T4PPJL=G4SKH7DeaFq_ep9ROYaSXfXimMh32xpRqvyf0w@mail.gmail.com' \
--to=michael.bernstein@clicksign.com \
--cc=daniel.libanori@clicksign.com \
--cc=luiz.ferreira@clicksign.com \
--cc=unicorn-public@yhbt.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhbt.net/unicorn.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).