unicorn Ruby/Rack server user+dev discussion/patches/pulls/bugs/help
 help / color / mirror / code / Atom feed
From: Michael Bernstein <michael.bernstein@clicksign.com>
To: unicorn-public@yhbt.net
Cc: Daniel Libanori <daniel.libanori@clicksign.com>,
	 Luiz Ferreira <luiz.ferreira@clicksign.com>
Subject: Connection issues between nginx and unicorn
Date: Tue, 18 Aug 2020 12:15:25 -0300	[thread overview]
Message-ID: <CANgN-T4PPJL=G4SKH7DeaFq_ep9ROYaSXfXimMh32xpRqvyf0w@mail.gmail.com> (raw)

Hello,

We are having a lot of connection issues between nginx and unicorn,
but we don't know exactly where is the issue. Can somebody help us?

Exemple from our nginx logs:
[error] 6#6: *4269348 connect() failed (111: Connection refused) while
connecting to upstream, client: 10.2.2.252, server: _, request: "POST
/api/v1/documents?access_token=....
[error] 6#6: *4269169 recv() failed (104: Connection reset by peer)
while reading response header from upstream, client: 10.2.10.120,
server: _, request: "GET /api/v1/documents/.....
[error] 6#6: *4268896 upstream timed out (110: Operation timed out)
while connecting to upstream, client: 10.2.2.252, server: _, request:
"GET /accounts/.... HTTP/1.1", upstream:
"http://172.20.214.176:80/accounts...", host: "app.clicksign.com",
referrer: "https://app.clicksign.com/..."

############
Unicorn configuration file:

# frozen_string_literal: true

listen 8080
worker_processes 4
timeout 60

preload_app true
GC.respond_to?(:copy_on_write_friendly=) &&
  (GC.copy_on_write_friendly = true)

before_fork do |server, worker|
  Signal.trap 'TERM' do
    puts 'Unicorn master intercepting TERM and sending myself QUIT instead'
    Process.kill 'QUIT', Process.pid
  end

  defined?(ActiveRecord::Base) &&
    ActiveRecord::Base.connection.disconnect!

  old_pid = "#{server.config[:pid]}.oldbin"
  if old_pid != server.pid
    begin
      sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
      Process.kill(sig, File.read(old_pid).to_i)
    rescue Errno::ENOENT, Errno::ESRCH
    end
  end

  sleep 1
end

after_fork do |_server, _worker|
  Signal.trap 'TERM' do
    puts 'Unicorn worker intercepting TERM and doing nothing. Wait for
master to send QUIT'
  end

  defined?(ActiveRecord::Base) &&
    ActiveRecord::Base.establish_connection
end


############
nginx configuration file:

proxy_cache_path /var/cache/nginx/ levels=1:2 keys_zone=assets_cache:10m
                 max_size=1g inactive=60m use_temp_path=off;

resolver kube-dns.kube-system.svc.cluster.local valid=5s;

upstream backend {
  server unicorn;
}

server {
  server_name _;

  server_tokens off;
  keepalive_timeout 5;
  client_max_body_size 100M;
  client_body_buffer_size 30M;

  sendfile on;
  tcp_nopush on;
  tcp_nodelay off;

  gzip on;
  gzip_min_length 1000;
  gzip_proxied any;
  gzip_buffers 16 8k;
  gzip_http_version 1.0;
  gzip_types text/css
             text/plain
             text/javascript
             application/javascript
             application/json
             application/x-javascript
             application/xml
             application/xml+rss
             application/xhtml+xml
             application/x-font-ttf
             application/x-font-opentype
             application/vnd.ms-fontobject
             image/svg+xml
             image/x-icon
             application/rss+xml
             application/atom_xml;

  location /healthcheck {
    return 204;
  }

  location ~* ^/(fonts|webfonts|assets|packs) {
    proxy_redirect off;
    proxy_cache assets_cache;
    proxy_cache_valid 120m;
    proxy_pass http://backend;
    add_header Cache-Control public;
    if ($http_origin ~
'^((https*?:\/\/).*?((\.clicksign)\.(com|me|dev)))($|\/.*$)$' ){
      add_header Access-Control-Allow-Origin $http_origin;
    }
    expires max;
  }

  location / {
    proxy_pass http://backend;
    proxy_redirect off;
    proxy_read_timeout 60;
    proxy_set_header Host $http_host;
  }
}

######

Thanks,

Michael Belfer Bernstein
michael.bernstein@clicksign.com
https://www.clicksign.com | https://www.fluxia.com.br

-- 
A informação contida nesta mensagem e seus anexos é considerada secreta, 
para uso exclusivo de seu destinatário. Caso você não seja o destinatário, 
notifique o remetente e elimine esta mensagem. The information contained in 
this message and respective attachments is secret, to be used exclusively 
by its addressee. If you are not the intended addressee, please notify the 
sender and delete this message.

             reply	other threads:[~2020-08-18 15:15 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-18 15:15 Michael Bernstein [this message]
2020-08-18 18:06 ` Connection issues between nginx and unicorn Eric Wong
2020-08-22  1:27   ` Eric Wong

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://yhbt.net/unicorn/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CANgN-T4PPJL=G4SKH7DeaFq_ep9ROYaSXfXimMh32xpRqvyf0w@mail.gmail.com' \
    --to=michael.bernstein@clicksign.com \
    --cc=daniel.libanori@clicksign.com \
    --cc=luiz.ferreira@clicksign.com \
    --cc=unicorn-public@yhbt.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://yhbt.net/unicorn.git/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).