about summary refs log tree commit homepage
path: root/examples
DateCommit message (Collapse)
2019-07-03examples/unicorn@.service: note the NonBlocking flag
It's racy otherwise when starting simultaneous instanced units. Without specifying NonBlocking=true, systemd will clear the O_NONBLOCK flag every time it starts a new service instance. There's a small window where systemd can clear O_NONBLOCK immediately after it's set by Ruby (or kgio): unicorn@1 |systemd |unicorn@2 ---------------------------+----------------+-------------------- F_SETFL, O_NONBLOCK|O_RDWR | | (not running, yet) |F_SETFL, O_RDWR | |fork | | exec unicorn@2 | accept4(...) # blocks! | | (now started by systemd) | |F_SETFL,O_NONBLOCK|O_RDWR | |accept4(...) non-blocking
2018-10-18doc: update more URLs to use HTTPS and avoid redirects
Latency from redirects is painful, and HTTPS can protect privacy in some cases.
2016-10-30Merge remote-tracking branch 'origin/website-move'
* origin/website-move: relocate website to https://bogomips.org/unicorn/
2016-10-30Merge remote-tracking branch 'origin/jr/init'
* origin/jr/init: examples/init.sh: update to reduce upgrade raciness
2016-10-25relocate website to https://bogomips.org/unicorn/
HTTPS helps some with reader privacy and Let's Encrypt seems to be working well enough the past few months. This change will allow us to reduce subjectAltName bloat in our TLS certificate over time. It will also promote domain name agility to support mirrors or migrations to other domains (including a Tor hidden service mirror). http://bogomips.org/unicorn/ will remain available for people on legacy systems without usable TLS. There is no plan for automatic redirecting from HTTP to HTTPS at this time.
2016-06-20examples/logrotate.conf: update example for systemd
...And add placeholders for other systems
2016-06-13doc: systemd should only kill master in example
By default, systemd kills every process in the control group when stopping a service. While it ought to be harmless to signal workers, some Rack applications (and perhaps further subprocesses) can misbehave when interrupted by a signal. Ensure we only hit the master on graceful shutdown to avoid tickling bugs in Rack apps. This is the reason we switched to having the master send "fake" signals for workers beginning with unicorn 4.8.0 back in 2013/2014.
2016-06-07examples/init.sh: update to reduce upgrade raciness jr/init
Rework the "upgrade" target to only read the PID files once to avoid misreading the wrong PID files in the middle of the upgrade. Additionally, introduce the UPGRADE_DELAY environment parameter so users can increase/decrease according to their application startup time. PID files are inherently racy and people should be using a process manager (systemd or similar) instead, but this should mitigate most of the problems with the old target. While we're at it, add LSB tags for systems which complain about the lack of them and modernize things a bit using $(command) construct instead of the more fragile `command`. Thanks-to: Jesper Rønn-Jensen <jesperrr@gmail.com>
2016-03-17doc: reference --keep-file-descriptors for "bundle exec"
"bundle exec" alone is not suitable for use with systemd-style socket activation due to Ruby 2.0+ behavior of setting close-on-exec for file descriptors above 2. However, the "--keep-file-descriptors" option was added to bundler 1.4.0 to workaround this Ruby 2.0 change and may be used to prevent Ruby 2.0+ from closing file descriptors on exec. Thanks to Amir Yalon and Christos Trochalakis for bringing up this issue on the mailing list: http://bogomips.org/unicorn-public/1457824748.3666627.547425122.2A828B07@webmail.messagingengine.com/
2015-11-17examples: add systemd socket and service files
Since we have init scripts, we ought to have the equivalent for systemd users who cannot upgrade via the normal SIGUSR2 mechanism; but can use multiple services: "unicorn@1" + h"unicorn@2" to accomplish the same thing. Based on examples by Christos Trochalakis <yatiohi@ideopolis.gr> ref: http://bogomips.org/unicorn-public/20150708130821.GA1361@luke.ws.skroutz.gr/
2015-10-15unicorn.conf.rb: remove mention of REE-specific setting
Ruby 2.0+ has a copy-on-write-friendly memory layout by default, and REE is long dead and just confusing to new users.
2015-07-15doc: remove references to old servers
They'll continue to be maintained, but we're no longer advertising them. Also, favor lowercase "unicorn" while we're at it since that matches the executable and gem name to avoid unnecessary escaping for RDoc.
2015-02-04remove old inetd+git examples and exec_cgi
While it was technically interesting and fun to tunnel arbitrary protocols over a semi-compliant Rack interface, nobody actually does it (and anybody who does can look in our git history). This was from back in 2009 when this was one of the few servers that could handle chunked uploads,were one of the few users of chunked uploads, nowadays everyone does it! (or do they? :) A newer version of exec_cgi.rb still lives on in the repository of yet another horribly-named server, but there's no point in bloating the installation footprint of somewhat popular server such as unicorn.
2014-10-04examples: add run_once to before_fork hook example
There may be code in a before_fork hook which should run only once, document an example using a guard variable since it may not be immediately obvious to all users. Inspired-by: Bráulio Bhavamitra <braulio@eita.org.br> http://bogomips.org/unicorn-public/m/20141004015707.GA1951@dcvr.yhbt.net.html
2013-04-05doc: update documentation for systemd + PrivateTmp users
The PrivateTmp feature of systemd breaks the usage of /tmp for the shared Unix domain socket between nginx and unicorn, so discourage the use of /tmp in that case. While we're at it, use consistent paths for everything and use an obviously intended-for-user-customization "/path/to" prefix instead of "/tmp" ML-Ref: CAKLVLx_t+9zWMhquMWDfStrxS7xrNoGmN0ZDsjSCUE=VxU+oyQ@mail.gmail.com Reported-by: David Wilkins <dwilkins@conecuh.com>
2012-11-29check_client_connection: document local-only requirement
In my testing, only dropped clients over Unix domain sockets or loopback TCP were detected with this option. Since many nginx+unicorn combinations run on the same host, this is not a problem. Furthermore, tcp_nodelay:true appears to work over loopback, so remove the requirement for tcp_nodelay:false.
2012-11-29Begin writing HTTP request headers early to detect disconnected clients
This patch checks incoming connections and avoids calling the application if the connection has been closed. It works by sending the beginning of the HTTP response before calling the application to see if the socket can successfully be written to. By enabling this feature users can avoid wasting application rendering time only to find the connection is closed when attempting to write, and throwing out the result. When a client disconnects while being queued or processed, Nginx will log HTTP response 499 but the application will log a 200. Enabling this feature will minimize the time window during which the problem can arise. The feature is disabled by default and can be enabled by adding 'check_client_connection true' to the unicorn config. [ew: After testing this change, Tom Burns wrote: So we just finished the US Black Friday / Cyber Monday weekend running unicorn forked with the last version of the patch I had sent you. It worked splendidly and helped us handle huge flash sales without increased response time over the weekend. Whereas in previous flash traffic scenarios we would see the number of HTTP 499 responses grow past the number of real HTTP 200 responses, over the weekend we saw no growth in 499s during flash sales. Unexpectedly the patch also helped us ward off a DoS attack where the attackers were disconnecting immediately after making a request. ref: <CAK4qKG3rkfVYLyeqEqQyuNEh_nZ8yw0X_cwTxJfJ+TOU+y8F+w@mail.gmail.com> ] Signed-off-by: Eric Wong <normalperson@yhbt.net>
2012-03-20examples/nginx.conf: use $scheme instead of hard-coded "https"
This adds a little more flexibility to the nginx config, especially as protocols (e.g. SPDY) become more prevalent. Suggested-by: Eike Herzbach <eike@herzbach.net>
2012-03-20examples/nginx.conf: remove redundant word
From: Eike Herzbach <eike@herzbach.net>
2012-01-28doc: update doc for Ruby 2.0.0dev CoW-friendliness
Ruby 2.0.0dev is the future and includes a CoW-friendly GC, so we shall encourage folks to give Ruby 2.0.0dev a spin.
2011-06-07examples/nginx.conf: better wording for ipv6only comment
Oops.
2011-06-06examples/nginx.conf: add ipv6only comment
IPv4-mapped-IPv6 addresses are fugly.
2011-04-29oob_gc: reimplement to fix breakage and add tests
This was broken since v3.3.1[1] since nginx relies on a closed socket (and not Content-Length/Transfer-Encoding) to detect a response completion. We have to close the client socket before invoking GC to ensure the client sees the response in a timely manner. [1] - commit b72a86f66c722d56a6d77ed1d2779ace6ad103ed
2011-04-29examples/big_app_gc: fix comment
Oops, comments should match the latest code
2011-04-29examples/big_app_gc: update this example
OobGC is actually broken with nginx these days since we needed to preserve the env for body.close...
2011-04-27examples/nginx.conf: clarify proxy_buffering for Rails 3.1
I've tested with nginx 1.0.0 and confirmed "proxy_buffering off;" can cause Unicorn to block on a slow client reading a large response. While there's a potential (client-visible) performance improvement with Rails 3.1 streaming responses, it can also hurt the server with slow clients. Rainbows! with (ThreadSpawn or ThreadPool) is probably the best way to do streaming responses efficiently from all angles (from a server, client and programmer time perspective).
2011-04-12Document "user" directive in example unicorn conf
2011-03-29add examples/logrotate.conf
logrotate is the de facto tool for logrotation, so an example config for highlighting important parts are in order. Since our USR1 signal handling is part of the crusade against the slow and lossy "copytruncate" option, be sure to emphasize that :)
2011-01-25examples/nginx.conf: use try_files directive
This feature is in nginx 0.7.x and 0.8.x and optimized better than the "if" directive in nginx.conf ref: http://wiki.nginx.org/Pitfalls ref: http://wiki.nginx.org/IfIsEvil
2011-01-25examples/nginx: avoid unnecessary listen directive
There's no need to use listen unless you use non-default port or can enable "deferred" or "httpready" (which you usually want).
2010-10-27examples/unicorn.conf: add a note about throttling signals
Sending the same signal faster than the receiver can process means signals can get lost.
2010-06-10examples/init: "upgrade" task waits for completion
This makes the user (sysadmin in this case) more aware if the upgrade fails or doesn't work as intended. This change could be more useful for Rainbows! with its long-running responses.
2010-06-04doc: emphasize the importance of stderr_path
While second nature to myself, stderr_path may be an overlooked configuration parameter for some users. Also, add a minimal sample configuration file that is shorter and hopefully less intimidating to new users.
2010-05-06examples: add big_app_gc monkey patch
2010-02-08examples/init.sh: add "reopen-logs" target
2010-02-08examples/init.sh: reenable set -u
This may be used as a basis of other scripts so we need to stash $1 before we "set -u"
2010-01-25KNOWN_ISSUES: background threads + Logger monkey patch
Thanks to Michael Guterl for informing us of the issues and testing the monkey patch.
2009-11-23Add examples for nginx and unicorn
These should help make things easier for folks unfamiliar with nginx setups.
2009-10-09examples/init.sh: remove "set -u"
It's too simple of a script and causes running the init script with zero arguments to fail instead of printing out the usage message.
2009-08-18examples/echo: "Expect:" value is case-insensitive
From RFC 2616, section 14.20: > Comparison of expectation values is case-insensitive for > unquoted tokens (including the 100-continue token), and is > case-sensitive for quoted-string expectation-extensions.
2009-07-04Favor Struct members to instance variables
There's a small memory reduction to be had when forking oodles of processes and the Perl hacker in me still gets confused into thinking those are arrays...
2009-07-01Remove cat-chunk-proxy, curl CVS supports non-blocking stdin
Now that upstream curl supports this functionality, there's no reason to duplicate it here as an example.
2009-07-01Force streaming input onto apps by default
This change gives applications full control to deny clients from uploading unwanted message bodies. This also paves the way for doing things like upload progress notification within applications in a Rack::Lint-compatible manner. Since we don't support HTTP keepalive, so we have more freedom here by being able to close TCP connections and deny clients the ability to write to us (and thus wasting our bandwidth). While I could've left this feature off by default indefinitely for maximum backwards compatibility (for arguably broken applications), Unicorn is not and has never been about supporting the lowest common denominator.
2009-06-07examples/cat-chunk-proxy: link to proposed curl(1) patch
Then hopefully soon we'll be able to get rid of this script...
2009-06-06Unicorn::App::Inetd: reinventing Unix, poorly :)
This includes an example of tunneling the git protocol inside a TE:chunked HTTP request. The example is unfortunately contrived in that it relies on the custom examples/cat-chunk-proxy.rb script in the client. My initial wish was to have a generic tool like curl(1) operate like this: cat > ~/bin/cat-chunk-proxy.sh <<EOF #!/bin/sh exec curl -sfNT- http://$1:$2/ EOF chmod +x ~/bin/cat-chunk-proxy.sh GIT_PROXY_COMMAND=cat-chunk-proxy.sh git clone git://0:8080/foo Unfortunately, curl will attempt a blocking read on stdin before reading the TCP socket; causing the git-clone consumer to starve. This does not appear to be a problem with the new server code for handling chunked requests.
2009-06-05Transfer-Encoding: chunked streaming input support
This adds support for handling POST/PUT request bodies sent with chunked transfer encodings ("Transfer-Encoding: chunked"). Attention has been paid to ensure that a client cannot OOM us by sending an extremely large chunk. This implementation is pure Ruby as the Ragel-based implementation in rfuzz didn't offer a streaming interface. It should be reasonably close to RFC-compliant but please test it in an attempt to break it. The more interesting part is the ability to stream data to the hosted Rack application as it is being transferred to the server. This can be done regardless if the input is chunked or not, enabling the streaming of POST/PUT bodies can allow the hosted Rack application to process input as it receives it. See examples/echo.ru for an example echo server over HTTP. Enabling streaming also allows Rack applications to support upload progress monitoring previously supported by Mongrel handlers. Since Rack specifies that the input needs to be rewindable, this input is written to a temporary file (a la tee(1)) as it is streamed to the application the first time. Subsequent rewinded reads will read from the temporary file instead of the socket. Streaming input to the application is disabled by default since applications may not necessarily read the entire input body before returning. Since this is a completely new feature we've never seen in any Ruby HTTP application server before, we're taking the safe route by leaving it disabled by default. Enabling this can only be done globally by changing the Unicorn HttpRequest::DEFAULTS hash: Unicorn::HttpRequest::DEFAULTS["unicorn.stream_input"] = true Similarly, a Rack application can check if streaming input is enabled by checking the value of the "unicorn.stream_input" key in the environment hashed passed to it. All of this code has only been lightly tested and test coverage is lacking at the moment. [1] - http://tools.ietf.org/html/rfc2616#section-3.6.1
2009-04-29Add example init script
This was done in Bourne shell because it's easier for UNIX sysadmins who don't know Ruby to understand and modify. Additionally, it can be used for nginx or anything else that shares compatible signal handling.
2009-03-09Remove sinatra example
It is no longer relevant (or working) with rackup compatibility.
2009-02-11Add Sinatra example
2009-02-01Realistic defaults.