doc: update documentation for systemd + PrivateTmp users

The PrivateTmp feature of systemd breaks the usage of /tmp for the
shared Unix domain socket between nginx and unicorn, so discourage the
use of /tmp in that case.

While we're at it, use consistent paths for everything and use an
obviously intended-for-user-customization "/path/to" prefix instead
of "/tmp"

ML-Ref: CAKLVLx_t+9zWMhquMWDfStrxS7xrNoGmN0ZDsjSCUE=VxU+oyQ@mail.gmail.com
Reported-by: David Wilkins <dwilkins@conecuh.com>

1 files changed, 8 insertions, 2 deletions

diff --git a/lib/unicorn/configurator.rb b/lib/unicorn/configurator.rb
index 7651093..0d0eac7 100644
--- a/lib/unicorn/configurator.rb
+++ b/lib/unicorn/configurator.rb
@@ -188,7 +188,7 @@ class Unicorn::Configurator
   #    # on nginx upstream configuration:
   #    upstream unicorn_backend {
   #      # for UNIX domain socket setups:
-  #      server unix:/path/to/unicorn.sock fail_timeout=0;
+  #      server unix:/path/to/.unicorn.sock fail_timeout=0;
   #
   #      # for TCP setups
   #      server 192.168.0.7:8080 fail_timeout=0;
@@ -229,9 +229,15 @@ class Unicorn::Configurator
   #
   #   listen 3000 # listen to port 3000 on all TCP interfaces
   #   listen "127.0.0.1:3000"  # listen to port 3000 on the loopback interface
-  #   listen "/tmp/.unicorn.sock" # listen on the given Unix domain socket
+  #   listen "/path/to/.unicorn.sock" # listen on the given Unix domain socket
   #   listen "[::1]:3000" # listen to port 3000 on the IPv6 loopback interface
   #
+  # When using Unix domain sockets, be sure:
+  # 1) the path matches the one used by nginx
+  # 2) uses the same filesystem namespace as the nginx process
+  # For systemd users using PrivateTmp=true (for either nginx or unicorn),
+  # this means Unix domain sockets must not be placed in /tmp
+  #
   # The following options may be specified (but are generally not needed):
   #
   # [:backlog => number of clients]