Date | Commit message (Collapse) |
|
Otherwise these tests fail if we start using IO#autoclose=true
on Ruby 1.9 (and also if we use IPv6 sockets for tests).
|
|
This will preserve mtime on successful renames for comparisions.
While we're at it, avoid writing the new PID until the listeners are
inherited successfully. This can be useful to avoid accidentally
clobbering a good PID if binding the listener or building the app
(preload_app==true) fails
|
|
In multithreaded apps, we must use dup2/dup3 with a temporary
descriptor to reopen log files atomically. This is the only way
to protect all concurrent userspace access to a file when reopening.
ref: http://bugs.ruby-lang.org/issues/9036
ref: yahns commit bcb10abe53cfb1d6a8ef7daef59eb10ced397c8a
|
|
RAA is dead.
|
|
All tests seem to pass.
|
|
Thanks to Eric Chapweske for the heads up.
ref: http://mid.gmane.org/loom.20130904T205308-432@post.gmane.org
|
|
As of r40610 in ruby trunk, internal encoding is ignored if
external coding is ASCII-8BIT (binary)
ref: r40610 http://svn.ruby-lang.org/repos/ruby/trunk
|
|
We do not attempt to write HTTP responses for socket errors if
clients disconnect from us unexpectedly.
Additionally, we do not hide backtraces EINVAL/EBADF errors, since
they are indicative of real bugs which must be fixed.
We do continue to hide hide EOF, ECONNRESET, ENOTCONN, and EPIPE
because clients (even "friendly") ones will break connections due to
client crashes or network failure (which is common for me :P), and
the backtraces from those will cause excessive logging and even
become a DoS vector.
|
|
Thanks to Micah Chalmer for this fix. There are also minor
documentation updates and internal cleanups.
|
|
This fixes the -N (a.k.a. --no-defaut-middleware) option, which
was not working. The problem was that Unicorn::Configurator::RACKUP
is cleared before the lambda returned by Unicorn.builder is run,
which means that checking whether the :no_default_middleware option
was set from the lambda could not detect anything. This patch copies
it to a local variable that won't get clobbered, restoring the feature.
[ew: squashed test commit into the fix, whitespace fixes]
Signed-off-by: Eric Wong <normalperson@yhbt.net>
|
|
This could allow servers with persistent connection support[1]
to support our check_client_connection in the future.
[1] - Rainbows!/zbatery, possibly others
|
|
Otherwise, the signalled process may take too long to react to
and process all the signals on machines with few CPUs.
|
|
The PrivateTmp feature of systemd breaks the usage of /tmp for the
shared Unix domain socket between nginx and unicorn, so discourage the
use of /tmp in that case.
While we're at it, use consistent paths for everything and use an
obviously intended-for-user-customization "/path/to" prefix instead
of "/tmp"
ML-Ref: CAKLVLx_t+9zWMhquMWDfStrxS7xrNoGmN0ZDsjSCUE=VxU+oyQ@mail.gmail.com
Reported-by: David Wilkins <dwilkins@conecuh.com>
|
|
This release fixes a bug in Unicorn::HttpParser#filter_body
which affected some configurations of Rainbows! There is
also a minor size reduction in the DSO.
|
|
Our rb_str_modify() became no-ops due to incomplete reverts
of workarounds for old Rubinius, causing rb_str_set_len to
fail with: can't set length of shared string (RuntimeError)
This bug was introduced due to improper workarounds for old
versions of Rubinius in 2009 and 2010:
commit 5e8979ad38efdc4de3a69cc53aea33710d478406
("http: cleanups for latest Rubinius")
commit f37c23704cb73d57e9e478295d1641df1d9104c7
("http: no-op rb_str_modify() for Rubies without it")
|
|
Extra pointers waste space in the DSO. Normally I wouldn't
care, but the string lengths are identical and this code
already made it into another project in this form.
size(1) output:
text data bss dec hex filename
before: 42881 2040 336 45257 b0c9 unicorn_http.so
after: 42499 1888 336 44723 aeb3 unicorn_http.so
ref: http://www.akkadia.org/drepper/dsohowto.pdf
|
|
Unicorn::Const::UNICORN_VERSION is now auto-generated from
GIT-VERSION-GEN and always correct. Minor cleanups for
hijacking.
|
|
As far as I can tell, this was never necessary.
|
|
commit a9474624a148fe58e0944664190b259787dcf51e in rack.git
|
|
This DRYs out our code and prevents snafus like the 4.6.0
release where UNICORN_VERSION stayed at 4.5.0
Reported-by: Maurizio De Santis <m.desantis@morganspa.com>
|
|
This pre-release adds hijacking support for Rack 1.5 users.
See Rack documentation for more information about hijacking.
There is also a new --no-default-middleware/-N option
for the `unicorn' command to ignore RACK_ENV within unicorn
thanks to Lin Jen-Shin.
There are only documentation and test-portability updates
since 4.6.0pre1, no code changes.
|
|
On FreeBSD 9.0, "wc -l" emits leading whitespace, so
filter it through tr -d '[:space:]' to eliminate it.
|
|
On FreeBSD 9.0, "wc -c" emits leading whitespace, so
filter it through tr -d '[:space:]' to eliminate it.
This is commit 8a6117a22a7d01eeb5adc63d3152acf435cd3176
in rainbows.git
|
|
"date +%s" is not in POSIX (it is in GNU, and at least FreeBSD
9.0, possibly earlier). The Ruby equivalent should be
sufficiently portable between different Ruby versions.
This change was automated via:
perl -i -p -e 's/date \+%s/unix_time/' t/*.sh
This is commit 0ba6fc3c30b9cf530faf7fcf5ce7be519ec13fe7
in rainbows.git
|
|
POSIX already stipulates tee(1) must be unbuffered. I think my
decision to use utee was due to my being misled by a bug in
older curl where -N did not work as advertised (but --no-buffer
did).
N.B. we don't use tee in unicorn tests, this just matches
commit cbff7b0892148b037581541184364e0e91d2a138 in rainbows
|
|
-N/--no-default-middleware needs a corresponding manpage entry.
Additionally, the Rack::Chunked/ContentLength middleware comment
is out-of-date as of unicorn v4.1.0
|
|
This pre-release adds hijacking support for Rack 1.5 users.
See Rack documentation for more information about hijacking.
There is also a new --no-default-middleware/-N option
for the `unicorn' command to ignore RACK_ENV within unicorn.
|
|
* hijack:
ignore normal Rack response at request-time hijack
support for Rack hijack in request and response
|
|
This would prevent Unicorn from adding default middleware,
as if RACK_ENV were always none. (not development nor deployment)
This should also be applied to `rainbows' and `zbatery' as well.
One of the reasons to add this is to avoid conflicting
RAILS_ENV and RACK_ENV. It would be helpful in the case
where a Rails application and Rack application are composed
together, while we want Rails app runs under development
and Rack app runs under none (if we don't want those default
middleware), and we don't really want to make RAILS_ENV
set to development and RACK_ENV to none because it might be
confusing. Note that Rails would also look into RACK_ENV.
Another reason for this is that only `rackup' would be
inserting those default middleware. Both `thin' and `puma'
would not do this, nor does Rack::Handler.get.run which is
used in Sinatra.
So using this option would make it work differently from
`rackup' but somehow more similar to `thin' or `puma'.
Discussion thread on the mailing list:
http://rubyforge.org/pipermail/mongrel-unicorn/2013-January/001675.html
Signed-off-by: Eric Wong <normalperson@yhbt.net>
|
|
This off-by-one error was incorrectly rejecting a line which
would've been readable without wrapping on an 80-column terminal.
|
|
This fixes a Rack::Lint regression discovered in t0005.
|
|
Once a connection is hijacked, we ignore it completely and leave
the connection at the mercy of the application.
|
|
Rack 1.5.0 (protocol version [1,2]) adds support for
hijacking the client socket (removing it from the control
of unicorn (or any other Rack webserver)).
Tested with rack 1.5.0.
|
|
Ensure the latest versions work in tests.
|
|
It's the latest and greatest! \o/
|
|
The new check_client_connection option allows unicorn to detect
most disconnected local clients before potentially expensive
application processing begins.
This feature is useful for applications experiencing spikes of
traffic leading to undesirable queue times, as clients will
disconnect (and perhaps even retry, compounding the problem)
before unicorn can even start processing the request.
To enable this feature, add the following line to a unicorn
config file:
check_client_connection true
This feature only works when nginx (or any other HTTP/1.0+
client) is on the same machine as unicorn.
A huge thanks to Tom Burns for implementing and testing this
change in production with real traffic (including mitigating
an unexpected DoS attack).
ref: http://mid.gmane.org/CAK4qKG3rkfVYLyeqEqQyuNEh_nZ8yw0X_cwTxJfJ+TOU+y8F+w@mail.gmail.com
This release fixes broken Rainbows! compatibility in 4.5.0pre1.
|
|
This enables compatibility with metadata scanners such as
LicenseFinder[1].
The previously commented-out accessor was commented out
in September 2009 when ancient RubyGems were more prevalent.
By now (December 2012), those ancient versions of RubyGems
are unlikely to be around.
[1] https://github.com/pivotal/LicenseFinder
[ew: rewritten commit message]
Signed-off-by: Eric Wong <normalperson@yhbt.net>
|
|
Since Ruby 1.9.3, (Matz) Ruby is licensed under a 2-clause BSDL.
Thus we need to clarify we inherited the license terms from
Ruby 1.8 to prevent misunderstanding.
(The Ruby license change cannot alter the license of other
projects automatically)
Since we added the GPLv3 as an additional license in 2011,
the license terms of unicorn no longer matches Mongrel 1.1.5.
This is NOT a change to the unicorn license at all, just a
wording clarification.
|
|
Rainbows! relies on the ERROR_XXX_RESPONSE constants of unicorn
4.x. Changing the constants in unicorn 4.x will break existing
versions of Rainbows!, so remove the dependency on the constants
and generate the error response dynamically.
Unlike Mongrel, unicorn is unlikely to see malicious traffic and
thus unlikely to benefit from making error messages constant.
For unicorn 5.x, we will drop these constants entirely.
(Rainbows! most likely cannot support check_client_connection
consistently across all concurrency models since some of them
pessimistically buffer all writes in userspace. However, the
extra concurrency of Rainbows! makes it less likely to be
overloaded than unicorn, so this feature is likely less useful
for Rainbows!)
|
|
The new check_client_connection option allows unicorn to detect
most disconnected clients before potentially expensive
application processing begins.
This feature is useful for applications experiencing spikes of
traffic leading to undesirable queue times, as clients will
disconnect (and perhaps even retry, compounding the problem)
before unicorn can even start processing the request.
To enable this feature, add the following line to a unicorn
config file:
check_client_connection true
A huge thanks to Tom Burns for implementing and testing this
change in production with real traffic (including mitigating
an unexpected DoS attack).
|
|
In my testing, only dropped clients over Unix domain sockets or
loopback TCP were detected with this option. Since many
nginx+unicorn combinations run on the same host, this is not a
problem.
Furthermore, tcp_nodelay:true appears to work over loopback,
so remove the requirement for tcp_nodelay:false.
|
|
This patch checks incoming connections and avoids calling the application
if the connection has been closed.
It works by sending the beginning of the HTTP response before calling
the application to see if the socket can successfully be written to.
By enabling this feature users can avoid wasting application rendering
time only to find the connection is closed when attempting to write, and
throwing out the result.
When a client disconnects while being queued or processed, Nginx will log
HTTP response 499 but the application will log a 200.
Enabling this feature will minimize the time window during which the problem
can arise.
The feature is disabled by default and can be enabled by adding
'check_client_connection true' to the unicorn config.
[ew: After testing this change, Tom Burns wrote:
So we just finished the US Black Friday / Cyber Monday weekend running
unicorn forked with the last version of the patch I had sent you. It
worked splendidly and helped us handle huge flash sales without
increased response time over the weekend.
Whereas in previous flash traffic scenarios we would see the number of
HTTP 499 responses grow past the number of real HTTP 200 responses,
over the weekend we saw no growth in 499s during flash sales.
Unexpectedly the patch also helped us ward off a DoS attack where the
attackers were disconnecting immediately after making a request.
ref: <CAK4qKG3rkfVYLyeqEqQyuNEh_nZ8yw0X_cwTxJfJ+TOU+y8F+w@mail.gmail.com>
]
Signed-off-by: Eric Wong <normalperson@yhbt.net>
|
|
assert_nothing_raised ends up hiding errors and backtraces,
making things harder to debug. Since Test::Unit already
fails on uncaught exceptions, there is no need to assert
on the lack of exceptions for a successful test run.
This is a followup to commit 5acf5522295c947d3118926d1a1077007f615de9
|
|
Freecode.com now requires HTTPS.
|
|
Non-regular files are no longer reopened on SIGUSR1. This
allows users to specify FIFOs as log destinations.
TCP_NOPUSH/TCP_CORK is no longer set/unset by default. Use
:tcp_nopush explicitly with the "listen" directive if you wish
to enable TCP_NOPUSH/TCP_CORK.
Listen sockets are now bound _after_ loading the application for
preload_app(true) users. This prevents load balancers from
sending traffic to an application server while the application
is still loading.
There are also minor test suite cleanups.
|
|
If a user specifies a non-regular file for stderr_path or
stdout_path, we should not attempt to reopen or chown
it. This should also allow users to specify FIFOs as log
destinations.
|
|
It's better to show errors and backtraces when stuff
breaks
|
|
On a certain FreeBSD 8.1 installation, explicitly setting
TCP_NOPUSH to zero (off) can cause EADDRNOTAVAIL errors and also
resets the listen backlog to 5. Enabling TCP_NOPUSH explicitly
did not exhibit this issue for the user who (privately) reported
this issue.
To be on the safe side, we won't set/unset TCP_NOPUSH/TCP_CORK
at all, which will leave it off on all current systems.
|
|
In the case where preload_app is true, delay binding new
listeners until after loading the application.
Some applications have very long load times (especially Rails
apps with Ruby 1.9.2). Binding listeners early may cause a load
balancer to incorrectly believe the unicorn workers are ready to
serve traffic even while the app is being loaded.
Once a listener is bound, connect() requests from the load
balancer succeed until the listen backlog is filled. This
allows requests to pile up for a bit (depending on backlog size)
before getting rejected by the kernel. By the time the
application is loaded and ready-to-run, requests in the
listen backlog are likely stale and not useful to process.
Processes inheriting listeners do not suffer this effect, as the
old process should still be capable of serving new requests.
This change does not improve the situation for the
preload_app=false (default) use case. There may not be a
solution for preload_app=false users using large applications.
Fortunately Ruby 1.9.3+ improves load times of large
applications significantly over 1.9.2 so this should be less of
a problem in the future.
Reported via private email sent on 2012-06-29T22:59:10Z
|
|
It's too much overhead to keep Rails-specific tests working,
especially when it's hauling in an ancient version of SQLite3.
Since Rails 3 has settled down with Rack and unicorn_rails is
unlikely to need changing in the future, we can drop these
tests.
|