Date | Commit message (Collapse) |
|
Typically UNIX domain sockets are created with more liberal
file permissions than the rest of the application. By default,
we create UNIX domain sockets to be readable and writable by
all local users to give them the same accessibility as
locally-bound TCP listeners.
This only has an effect on UNIX domain sockets.
This was inspired by Suraj Kurapati in
cfbcd2f00911121536rd0582b8u961f7f2a8c6e546a@mail.gmail.com
|
|
Some of this based on Suraj Kurapati's comments on
the mailing list.
|
|
This must be called in the after_fork hook because there may be
Ruby modules that'll allow things such as CPU affinity and
scheduling class/priority to be set on a per-worker basis. So
we give the user the ability to change users at any time during
the after_fork hook.
|
|
We follow the principle of least surprise now, so less
documentation is better documentation.
|
|
It makes more sense this way since users usually expect config
file directives to be order-independent.
|
|
Just in case anything depends on it, we'll have it set
correctly because it's usually set by the $SHELL
|
|
Allow people to use "~" and relative paths, like all
of our other paths.
|
|
This basically a prettier way of saying:
Dir.chdir(Unicorn::HttpServer::START_CTX[:cwd] = path)
In the config file. Unfortunately, this is configuration
directive where order matters and you should specify it
before any other path[1] directives if you're using relative
paths (relative paths are not recommended anyways)
[1] pid, stderr_path, stdout_path
|
|
Thanks to Greg Melton for reporting.
|
|
also __FILE__ did not reflect configuration file path
|
|
It has come to our attention that this setting is not very
well-known to the rest of the world...
|
|
:delay may be a Float to represent fractional seconds.
|
|
We now give an example of how a before_fork hook can be used
to incrementally migrate off the old code base without hitting
a thundering herd (especially in the "preload_app false") case.
Also comment on the per-worker listen usage in the RDoc, not
just a hidden comment.
|
|
We no longer have external lookups for it so just stick it in
the DEFAULTS hash for now. Since the Configurator::DEFAULTS
hash can be considered a stable interface for other modules to
interact with, they can eventually just use it instead of
relying on another constant.
|
|
Hopefuly make it more obvious that they're Ruby symbols and not
strings. While we're at it, fix ordering of :{rcv,snd}buf
descriptions to (logically) match the order of mention.
|
|
* Use the new :tries and :default parameters for listen()
instead of the ugly and less-effective "rescue nil"
* ActiveRecord connection management examples for hooks when
using for "preload_app true"
* combine "preload_app true" example with REE COW-friendly
optimization for memory savings
Some of these are based on Chris Wanstrath's configuration
posted here: http://gist.github.com/189623
|
|
Avoids making the #listen method any noisier than it should be.
|
|
This may be redundant for the "normal" configuration file
directive, but allows the same syntax to be used in after_fork
hooks where HttpServer#listen() may be called.
|
|
This allows per-worker listeners to be configured to retry and
and not continue until the equivalent worker belonging to a
previous master (or even another server) has released the
socket.
In the Configurator RDoc, include better examples for
per-worker server.listen calls using these :tries == -1.
Inspired by an example by Chris Wanstrath.
|
|
We changed this in 97e469fc3afb751618b8b9a7b364cb447aaf90dd
but never updated the example.
|
|
This ensures any string literals that pop up in *our* code will
just be a bag of bytes. This shouldn't affect/fix/break
existing apps in most cases, but most constants will always have
the "correct" encoding (none!) to be consistent with HTTP/socket
expectations. Since this comment affects things only on a
per-source basis, it won't affect existing apps with the
exception of strings we pass to the Rack application.
This will eventually allow us to get rid of that Unicorn::Z
constant, too.
|
|
There's a small memory reduction to be had when forking
oodles of processes and the Perl hacker in me still
gets confused into thinking those are arrays...
|
|
This change gives applications full control to deny clients
from uploading unwanted message bodies. This also paves the
way for doing things like upload progress notification within
applications in a Rack::Lint-compatible manner.
Since we don't support HTTP keepalive, so we have more freedom
here by being able to close TCP connections and deny clients the
ability to write to us (and thus wasting our bandwidth).
While I could've left this feature off by default indefinitely
for maximum backwards compatibility (for arguably broken
applications), Unicorn is not and has never been about
supporting the lowest common denominator.
|
|
Now that we support tunnelling arbitrary protocols over HTTP as
well as "100 Continue" responses, TCP_NODELAY actually becomes
useful to us. TCP_NODELAY is actually reasonably portable
nowadays; even.
While we're adding non-portable options, TCP_CORK/TCP_NOPUSH can
be enabled, too. Unlike some other servers, these can't be
disabled explicitly/intelligently to force a flush, however.
However, these may still improve performance with "normal" HTTP
applications (Mongrel has always had TCP_CORK enabled in Linux).
While we're adding OS-specific features, we might as well
support TCP_DEFER_ACCEPT in Linux and FreeBSD the "httpready"
accept filter to prevent abuse.
These options can all be enabled on a per-listener basis.
|
|
The default is false because some applications were not
written to handle partial reads (even though IO#read allows
it, not just IO#readpartial).
|
|
2 seconds is still prone to race conditions under high load.
We're intentionally less accurate than we could be in order to
reduce syscall and method dispatch overhead.
|
|
|
|
Timeouts of less than 2 seconds are unsafe due to the lack of
subsecond resolution in most POSIX filesystems. This is the
trade-off for using a low-complexity solution for timeouts.
Since this type of timeout is a last resort; 2 seconds is not
entirely unreasonable IMNSHO. Additionally, timing out too
aggressively can put us in a fork loop and slow down the system.
Of course, the default is 60 seconds and most people do not
bother to change it.
|
|
The following specifications to bind port 8080 on all interfaces
are now accepted in the configuration file:
listen "8080" # (with quotes)
listen 8080 # (without quotes)
|
|
|
|
We no longer have anything outside of SocketHelper module in
that file, so just give it a more obvious name.
|
|
I don't advocate running Unicorn on unprivileged ports anyways
since Unicorn should never be exposed directly to public
clients.
|
|
Instead of just worker.nr. This is a configuration file/API
change and will break existing configurations.
This allows worker.tempfile to be exposed to the hooks
so ownership changes can still happen on it.
On the other hand, I don't know of many people actually
using this feature (or Unicorn).
|
|
Apparently I was smoking crack and thought they weren't
changeable. Additionally, SO_REUSEADDR is set by TCPServer.new,
so there's no need to set it ourselves; so avoid putting
extra items in the purgatory.
This allows SIGHUP to change listen options.
|
|
Premade lambda/proc/Proc objects may all be passed, to the
hooks, not just anonymous blocks.
|
|
|
|
* Expand addresses like "1:8080" to "127.0.0.1:8080"
beforehand so sock_name() in SocketHelper will
always return consistent results.
* Add support for "unix:/path/to/foo" paths for easier
synchronization with nginx config files.
|
|
We still need to support "listeners" for easy use of
command-line options, but folks using the config file should use
"listen" as it is more flexible.
|
|
Instead of having global options for all listeners,
make all socket options per-listener. This allows
reverse-proxies to pick different listeners to get
different options on different sockets.
Given a cluster of machines (10.0.0.1, 10.0.0.2, 10.0.0.3)
running Unicorn with the following config:
------------------ 8< ----------------
listen "/tmp/local.sock", :backlog => 1
listen "*:8080" # use the backlog=1024 default
------------------ 8< ----------------
It is possible to configure a reverse proxy to try to use
"/tmp/local.sock" first and then fall back to using the
TCP listener on port 8080 in a failover configuration.
Thus the nginx upstream configuration on 10.0.0.1 to
compliment this would be:
------------------ 8< ----------------
upstream unicorn_cluster {
# reject connections ASAP if we are overloaded
server unix:/tmp/local.sock;
# fall back to other machines in the cluster via "backup"
# listeners which have a large backlog queue.
server 10.0.0.2:8080 backup;
server 10.0.0.3:8080 backup;
}
------------------ 8< ----------------
This removes the global "backlog" config option which
was inflexible with multiple machines in a cluster
and exposes the ability to change SO_SNDBUF/SO_RCVBUF
via setsockopt(2) for the first time.
|
|
This fixes a bug where listener names in the master process
would be incorrectly matched with the existing set; causing UNIX
sockets to be unbound and rebound; breaking things for child
processes.
This is a better fit anyways since it's higher level.
|
|
In nearly every app, if the current working directory
disappears, the app becomes broken, sometimes subtly. It can be
especially broken when preload_app is false (the default).
So just shut ourselves down to spare ourselves the
wasted CPU cycles on a dead app.
As a (hopefully) pleasant side effect, this allows
configurations with preload_app==false (the default) to do
application code reloads via SIGHUP (in addition to unicorn
config reloads).
|
|
|
|
|
|
This is useful for freeing certain resources you
do NOT want passed to child processes.
|
|
Unicorn will always continue to run in the directory it started
in, it does not chdir to "/". Since the default start_ctx[:cwd]
is symlink-aware, this should not be a problem for
Capistrano-deployed applications.
|
|
The config file format changed from add_listener => listen.
|
|
|
|
As opposed to doing this in the shell, this allows the files to
be reopened reliably after rotation.
While we're at it, use $stderr/$stdout instead of STDERR/STDOUT
since they seem to be more favored.
|
|
This means processes will share less memory but things
should be compatible with all existing setups.
|
|
This allows Unicorn to be constantly started in symlink
paths such as the ones Capistrano creates
(e.g. "/u/apps/$app/current")
|