Date | Commit message (Collapse) |
|
Literal String#freeze avoids allocations since Ruby 2.1 via the
opt_str_freeze instruction, so we can start relying on it in
some places as Ruby 2.1 adoption increases. The 100-continue
handling is a good place to start since it is an uncommonly-used
code path which benefits from size reduction and the negative
performance impact is restricted to a handful of users.
HTTP_RESPONSE_START can safely live in http_request.rb as its
usage does not cross namespace boundaries
The goal is to eventually eliminate Unicorn::Const entirely.
|
|
Rainbows! (in maintenance mode) will need to define it's own
constants in the future. We'll trim down our constant usage in
subsequent commits as we take advantage of Ruby VM improvements.
|
|
require_relative appeared in Ruby 1.9.2 to speed up load times by
avoiding needless open() syscalls. This has no effect if you're using
RUBYLIB or the '-I' option when running ruby(1), but avoids searching
paths in other gems.
This does not affect unicorn greatly as unicorn does not activate many
gems, but still leads to reducing ~45 syscalls during startup.
|
|
This DRYs out our code and prevents snafus like the 4.6.0
release where UNICORN_VERSION stayed at 4.5.0
Reported-by: Maurizio De Santis <m.desantis@morganspa.com>
|
|
The new check_client_connection option allows unicorn to detect
most disconnected local clients before potentially expensive
application processing begins.
This feature is useful for applications experiencing spikes of
traffic leading to undesirable queue times, as clients will
disconnect (and perhaps even retry, compounding the problem)
before unicorn can even start processing the request.
To enable this feature, add the following line to a unicorn
config file:
check_client_connection true
This feature only works when nginx (or any other HTTP/1.0+
client) is on the same machine as unicorn.
A huge thanks to Tom Burns for implementing and testing this
change in production with real traffic (including mitigating
an unexpected DoS attack).
ref: http://mid.gmane.org/CAK4qKG3rkfVYLyeqEqQyuNEh_nZ8yw0X_cwTxJfJ+TOU+y8F+w@mail.gmail.com
This release fixes broken Rainbows! compatibility in 4.5.0pre1.
|
|
Rainbows! relies on the ERROR_XXX_RESPONSE constants of unicorn
4.x. Changing the constants in unicorn 4.x will break existing
versions of Rainbows!, so remove the dependency on the constants
and generate the error response dynamically.
Unlike Mongrel, unicorn is unlikely to see malicious traffic and
thus unlikely to benefit from making error messages constant.
For unicorn 5.x, we will drop these constants entirely.
(Rainbows! most likely cannot support check_client_connection
consistently across all concurrency models since some of them
pessimistically buffer all writes in userspace. However, the
extra concurrency of Rainbows! makes it less likely to be
overloaded than unicorn, so this feature is likely less useful
for Rainbows!)
|
|
The new check_client_connection option allows unicorn to detect
most disconnected clients before potentially expensive
application processing begins.
This feature is useful for applications experiencing spikes of
traffic leading to undesirable queue times, as clients will
disconnect (and perhaps even retry, compounding the problem)
before unicorn can even start processing the request.
To enable this feature, add the following line to a unicorn
config file:
check_client_connection true
A huge thanks to Tom Burns for implementing and testing this
change in production with real traffic (including mitigating
an unexpected DoS attack).
|
|
This patch checks incoming connections and avoids calling the application
if the connection has been closed.
It works by sending the beginning of the HTTP response before calling
the application to see if the socket can successfully be written to.
By enabling this feature users can avoid wasting application rendering
time only to find the connection is closed when attempting to write, and
throwing out the result.
When a client disconnects while being queued or processed, Nginx will log
HTTP response 499 but the application will log a 200.
Enabling this feature will minimize the time window during which the problem
can arise.
The feature is disabled by default and can be enabled by adding
'check_client_connection true' to the unicorn config.
[ew: After testing this change, Tom Burns wrote:
So we just finished the US Black Friday / Cyber Monday weekend running
unicorn forked with the last version of the patch I had sent you. It
worked splendidly and helped us handle huge flash sales without
increased response time over the weekend.
Whereas in previous flash traffic scenarios we would see the number of
HTTP 499 responses grow past the number of real HTTP 200 responses,
over the weekend we saw no growth in 499s during flash sales.
Unexpectedly the patch also helped us ward off a DoS attack where the
attackers were disconnecting immediately after making a request.
ref: <CAK4qKG3rkfVYLyeqEqQyuNEh_nZ8yw0X_cwTxJfJ+TOU+y8F+w@mail.gmail.com>
]
Signed-off-by: Eric Wong <normalperson@yhbt.net>
|
|
Non-regular files are no longer reopened on SIGUSR1. This
allows users to specify FIFOs as log destinations.
TCP_NOPUSH/TCP_CORK is no longer set/unset by default. Use
:tcp_nopush explicitly with the "listen" directive if you wish
to enable TCP_NOPUSH/TCP_CORK.
Listen sockets are now bound _after_ loading the application for
preload_app(true) users. This prevents load balancers from
sending traffic to an application server while the application
is still loading.
There are also minor test suite cleanups.
|
|
* Call shutdown(2) if a client EOFs on us during upload.
We can avoid holding a socket open if the Rack app forked a
process during uploads.
* ignore potential Errno::ENOTCONN errors (from shutdown(2)).
Even on LANs, connections can occasionally be accept()-ed but
be unusable afterwards.
Thanks to Joel Nimety <jnimety@continuity.net>,
Matt Smith <matt@nearapogee.com> and George <lists@southernohio.net>
on the mongrel-unicorn@rubyforge.org mailing list for their
feedback and testing for this release.
|
|
* PATH_INFO (aka REQUEST_PATH) increased to 4096 (from 1024).
This allows requests with longer path components and matches
the system PATH_MAX value common to GNU/Linux systems for
serving filesystem components with long names.
* Apps that fork() (but do not exec()) internally for background
tasks now indicate the end-of-request immediately after
writing the Rack response.
Thanks to Hongli Lai, Lawrence Pit, Patrick Wenger and Nuo Yan
for their valuable feedback for this release.
|
|
* Stale pid files are detected if a pid is recycled by processes
belonging to another user, thanks to Graham Bleach.
* nginx example config updates thanks to to Eike Herzbach.
* KNOWN_ISSUES now documents issues with apps/libs that install
conflicting signal handlers.
|
|
The GPLv3 is now an option to the Unicorn license. The existing GPLv2
and Ruby-only terms will always remain options, but the GPLv3 is
preferred.
Daemonization is correctly detected on all terminals for development
use (Brian P O'Rourke).
Unicorn::OobGC respects applications that disable GC entirely
during application dispatch (Yuichi Tateno).
Many test fixes for OpenBSD, which may help other *BSDs, too.
(Jeremy Evans).
There is now _optional_ SSL support (via the "kgio-monkey"
RubyGem). On fast, secure LANs, SSL is only intended for
detecting data corruption that weak TCP checksums cannot detect.
Our SSL support is remains unaudited by security experts.
There are also some minor bugfixes and documentation
improvements.
Ruby 2.0.0dev also has a copy-on-write friendly GC which can save memory
when combined with "preload_app true", so if you're in the mood, start
testing Unicorn with the latest Ruby!
|
|
The last-resort timeout mechanism was inaccurate and often
delayed in activation since the 2.0.0 release. It is now fixed
and remains power-efficient in idle situations, especially with
the wakeup reduction in MRI 1.9.3+.
There is also a new document on application timeouts
intended to discourage the reliance on this last-resort
mechanism. It is visible on the web at:
http://unicorn.bogomips.org/Application_Timeouts.html
|
|
* Rack::Chunked and Rack::ContentLength middlewares are loaded
by default for RACK_ENV=(development|deployment) users to match
Rack::Server behavior. As before, use RACK_ENV=none if you want
fine-grained control of your middleware. This should also
help users of Rainbows! and Zbatery.
* CTL characters are now rejected from HTTP header values
* Exception messages are now filtered for [:cntrl:] characters
since application/middleware authors may forget to do so
* Workers will now terminate properly if a SIGQUIT/SIGTERM/SIGINT
is received while during worker process initialization.
* close-on-exec is explicitly disabled to future-proof against
Ruby 2.0 changes [ruby-core:38140]
|
|
This release fixes things for users of per-worker "listen"
directives in the after_fork hook. Thanks to ghazel@gmail.com
for reporting the bug.
The "timeout" configurator directive is now truncated to
0x7ffffffe seconds to prevent overflow when calling
IO.select.
|
|
A single Unicorn instance may manage more than 1024 workers
without needing privileges to modify resource limits. As a
result of this, the "raindrops"[1] gem/library is now a required
dependency.
TCP socket defaults now favor low latency to mimic UNIX domain
socket behavior (tcp_nodelay: true, tcp_nopush: false). This
hurts throughput, users who want to favor throughput should
specify "tcp_nodelay: false, tcp_nopush: true" in the listen
directive.
Error logging is more consistent and all lines should be
formatted correctly in backtraces. This may break the
behavior of some log parsers.
The call stack is smaller and thus easier to examine backtraces
when debugging Rack applications.
There are some internal API changes and cleanups, but none that
affect applications designed for Rack. See "git log v3.7.0.."
for details.
For users who cannot install kgio[2] or raindrops, Unicorn 1.1.x
remains supported indefinitely. Unicorn 3.x will remain
supported if there is demand. We expect raindrops to introduce
fewer portability problems than kgio did, however.
[1] http://raindrops.bogomips.org/
[2] http://bogomips.org/kgio/
|
|
* miscellaneous documentation improvements
* return 414 (instead of 400) for Request-URI Too Long
* strip leading and trailing linear whitespace in header values
User-visible improvements meant for Rainbows! users:
* add :ipv6only "listen" option (same as nginx)
|
|
Rainbows! wants to be able to lower this eventually...
|
|
|
|
There's an HTTP status code allocated for it in
<http://www.iana.org/assignments/http-status-codes>, so
return that instead of 400.
|
|
The optional Unicorn::OobGC module is reimplemented to fix
breakage that appeared in v3.3.1. There are also minor
documentation updates, but no code changes as of 3.6.1 for
non-OobGC users.
There is also a v1.1.7 release to fix the same OobGC breakage
that appeared for 1.1.x users in the v1.1.6 release.
|
|
Don't clutter up our RDoc/website with things that users
of Unicorn don't need to see. This should make user-relevant
documentation easier to find, especially since Unicorn is
NOT intended to be an API.
|
|
* IPv6 support in the HTTP hostname parser and configuration
language. Configurator syntax for "listen" addresses should
be the same as nginx. Even though we support IPv6, we will
never support non-LAN/localhost clients connecting to Unicorn.
* TCP_NOPUSH/TCP_CORK is enabled by default to optimize
for bandwidth usage and avoid unnecessary wakeups in nginx.
* Updated KNOWN_ISSUES document for bugs in recent Ruby 1.8.7
(RNG needs reset after fork) and nginx+sendfile()+FreeBSD 8.
* examples/nginx.conf updated for modern stable versions of nginx.
* "Status" in headers no longer ignored in the response,
Rack::Lint already enforces this so we don't duplicate
the work.
* All tests pass under Ruby 1.9.3dev
* various bugfixes in the (mostly unused) ExecCGI class that
powers http://bogomips.org/unicorn.git
|
|
We now close the client socket after closing the response body.
This does not affect most applications that run under Unicorn,
in fact, it may not affect any.
There is also a new v1.1.6 release for users who do not use
kgio.
|
|
Certain applications that already serve hundreds/thousands of requests a
second should experience performance improvements due to
Time.now.httpdate usage being removed and reimplemented in C.
There are also minor internal changes and cleanups for Rainbows!
|
|
There are numerous improvements in the HTTP parser for
Rainbows!, none of which affect Unicorn-only users.
The kgio dependency is incremented to 2.1: this should avoid
ENOSYS errors for folks building binaries on newer Linux
kernels and then deploying to older ones.
There are also minor documentation improvements, the website
is now JavaScript-free!
(Ignore the 3.2.0 release, I fat-fingered some packaging things)
|
|
There are numerous improvements in the HTTP parser for
Rainbows!, none of which affect Unicorn-only users.
The kgio dependency is incremented to 2.1: this should avoid
ENOSYS errors for folks building binaries on newer Linux
kernels and then deploying to older ones.
There are also minor documentation improvements, the website
is now JavaScript-free!
|
|
This release enables tuning the client_buffer_body_size to raise
or lower the threshold for buffering request bodies to disk.
This only applies to users who have not disabled rewindable
input. There is also a TeeInput bugfix for uncommon usage
patterns and Configurator examples in the FAQ should be fixed
|
|
...and only Rainbows! This release fixes HTTP pipelining for
requests with bodies for users of synchronous Rainbows!
concurrency models.
Since Unicorn itself does not support keepalive nor pipelining,
Unicorn-only users need not upgrade.
|
|
Rewindable "rack.input" may be disabled via the
"rewindable_input false" directive in the configuration file.
This will violate Rack::Lint for Rack 1.x applications, but can
reduce I/O for applications that do not need a rewindable
input.
This release updates us to the Kgio 2.x series which should play
more nicely with other libraries and applications. There are
also internal cleanups and improvements for future versions of
Rainbows!
The Unicorn 3.x series supercedes the 2.x series
while the 1.x series will remain supported indefinitely.
|
|
This release updates us to the Kgio 2.x series which should play
more nicely with other applications. There are also bugfixes
from the 2.0.1 release and a small bugfix to the new StreamInput
class.
The Unicorn 3.x series will supercede the 2.x series
while the 1.x series will remain supported indefinitely.
|
|
Rewindable "rack.input" may be disabled via the
"rewindable_input false" directive in the configuration file.
This will violate Rack::Lint for Rack 1.x applications, but
can reduce I/O for applications that do not need it.
There are also internal cleanups and enhancements for future
versions of Rainbows!
Eric Wong (11):
t0012: fix race condition in reload
enable HTTP keepalive support for all methods
http_parser: add HttpParser#next? method
tee_input: switch to simpler API for parsing trailers
switch versions to 3.0.0pre
add stream_input class and build tee_input on it
configurator: enable "rewindable_input" directive
http_parser: ensure keepalive is disabled when reset
*_input: make life easier for subclasses/modules
tee_input: restore read position after #size
preread_input: no-op for non-rewindable "rack.input"
|
|
Here are major, incompatible internal API changes.
|
|
Despite the version number, this release mostly features
internal cleanups for future versions of Rainbows!. User
visible changes include reductions in CPU wakeups on idle sites
using high timeouts.
Barring possible portability issues due to the introduction of
the kgio library, this release should be ready for all to use.
However, 1.1.x (and possibly 1.0.x) will continue to be
maintained. Unicorn 1.1.5 and 1.0.2 have also been released
with bugfixes found during development of 2.0.0.
|
|
There is a new Unicorn::PrereadInput middleware to which allows
input bodies to be drained off the socket and buffered to disk
(or memory) before dispatching the application.
HTTP Pipelining behavior is fixed for Rainbows! There
are some small Kgio fixes and updates for Rainbows!
users as well.
|
|
Internal changes/cleanups for Rainbows!
|
|
Mostly internal cleanups for future versions of Rainbows! and
people trying out Rubinius. There are tiny performance
improvements for Ruby 1.9.2 users which may only be noticeable
with Rainbows!
Unicorn 1.1.x users are NOT required to upgrade.
|
|
This also affects some constant scoping rules, but hopefully
makes things easier to follow. Accessing ivars (not via
accessor methods) are also slightly faster, so use them in
the criticial process_client code path.
|
|
This hides more HTTP request logic inside our object.
|
|
|
|
There are only minor changes since 0.991.0.
For users clinging onto the past, MRI 1.8.6 support has been
restored. Users are strongly encouraged to upgrade to the
latest 1.8.7, REE or 1.9.1.
For users looking towards the future, the core test suite and
the Rails 3 (beta) integration tests pass entirely under 1.9.2
preview3. As of the latest rubinius.git[1], Rubinius support is
nearly complete as well.
Under Rubinius, signals may corrupt responses as they're being
written to the socket, but that should be fixable transparently
to us[4]. Support for the hardly used, hardly documented[2]
embedded command-line switches in rackup config (.ru) files is
is also broken under Rubinius.
The recently-released Rack 1.2.1 introduced no compatiblity
issues[3] in core Unicorn. We remain compatible with all Rack
releases starting with 0.9.1 (and possibly before).
[1] tested with Rubinius upstream commit
cf4a5a759234faa3f7d8a92d68fa89d8c5048f72
[2] lets avoid the Dueling Banjos effect here :x
[3] actually, Rack 1.2.1 is broken under 1.8.6.
[4] http://github.com/evanphx/rubinius/issues/373
|
|
The "working_directory" configuration parameter is now handled
before config.ru. That means "unicorn" and "unicorn_rails" no
longer barfs when initially started outside of the configured
"working_directory" where a config.ru is required. A huge
thanks to Pierre Baillet for catching this ugly UI inconsistency
before the big 1.0 release
Thanks to Hongli Lai, out-of-the-box Rails 3 (beta) support
should be improved for deployments lacking a config.ru
There are more new integration tests, cleanups and some
documentation improvements.
|
|
Thanks to Augusto Becciu for finding a bug in the HTTP parser
that caused a TypeError (and 500) when a rare client set the
"Version:" header which conflicts with the HTTP_VERSION header
we parse in the first line of the request[1].
Horizontal tabs are now allowed as leading whitespace in header
values as according to RFC 2616 as pointed out by
IƱaki Baz Castillo[2].
Taking a hint from Rack 1.1, the "logger" configuration
parameter no longer requires a "close" method. This means some
more Logger replacements may be used.
There's a new, optional, Unicorn (and maybe Passenger)-only
middleware, Unicorn::OobGC[2] that runs GC outside of the normal
request/response cycle to help out memory-hungry applications.
Thanks to Luke Melia for being brave enough to test and report
back on my big_app_gc.rb monkey patch[3] which lead up to this.
Rails 3 (beta) support:
Using "unicorn" is still recommended as Rails 3 comes with
a config.ru, but "unicorn_rails" is cleaned up a bit and
*should* work as well as "unicorn" out-of-the-box. Feedback
is much appreciated.
Rubinius updates:
USR2 binary upgrades are broken due to
{TCPServer,UNIXServer}.for_fd[5][6] being broken
(differently).
Repeatedly hitting the server with signals in a tight
loop is unusual and not recommended[7].
There are some workarounds and general code cleanups for other
issues[8], as well but things should generally work unless you
need USR2 upgrades. Feedback and reports would be greatly
appreciated as usual.
MRI support:
All tests (except old Rails) run and pass under 1.9.2-preview3.
1.8.7 and 1.9.1 work well as usual and will continue to be
supported indefinitely.
Lets hope this is the last release before 1.0. Please report
any issues on the mailing list[9] or email us privately[a].
Don't send HTML mail.
[1] - http://mid.gmane.org/AANLkTimuGgcwNAMcVZdViFWdF-UcW_RGyZAue7phUXps@mail.gmail.com
[2] - http://mid.gmane.org/i2xcc1f582e1005070651u294bd83oc73d1e0adf72373a@mail.gmail.com
[3] - http://unicorn.bogomips.org/Unicorn/OobGC.html
[4] - http://unicorn.bogomips.org/examples/big_app_gc.rb
[5] - http://github.com/evanphx/rubinius/issues/354
[6] - http://github.com/evanphx/rubinius/issues/355
[7] - http://github.com/evanphx/rubinius/issues/356
[8] - http://github.com/evanphx/rubinius/issues/347
[9] - mailto:mongrel-unicorn@rubyforge.org
[a] - mailto:unicorn@bogomips.org
|
|
Starting with this release, we'll always load Rack up front at
startup.
Previously we had complicated ways to avoid loading Rack until
after the application was loaded to allow the application to
load an alternate version of Rack. However this has proven too
error-prone to be worth supporting even though Unicorn does not
have strict requirements on currently released Rack versions.
If an app requires a different version of Rack than what Unicorn
would load by default, it is recommended they only install that
version of Rack (and no others) since Unicorn does not have any
strict requirements on currently released Rack versions.
Rails 2.3.x users should be aware of this as those versions are
not compatible with Rack 1.1.0.
If it is not possible to only have one Rack version installed
"globally", then they should either use Isolate or Bundler and
install a private version of Unicorn along with their preferred
version of Rack. Users who install in this way are recommended
to execute the isolated/bundled version of Unicorn, instead of
what would normally be in $PATH.
Feedback/tips to mailto:mongrel-unicorn@rubyforge.org from
Isolate and Bundler users would be greatly appreciated.
|
|
Deployments that suspend or hibernate servers should no longer
have workers killed off (and restarted) upon resuming.
For Linux users of {raindrops}[http://raindrops.bogomips.org/]
(v0.2.0+) configuration is easier as raindrops can now
automatically detect the active listeners on the server
via the new Unicorn.listener_names singleton method.
For the pedantic, chunked request bodies without trailers are no
longer allowed to omit the final CRLF. This shouldn't affect
any real and RFC-compliant clients out there. Chunked requests
with trailers have always worked and continue to work the same
way.
The rest are mostly small internal cleanups and documentation
fixes. See the commit logs for full details.
|
|
This release fixes a denial-of-service vector for derived
servers exposed directly to untrusted clients.
This bug does not affect most Unicorn deployments as Unicorn is
only supported with trusted clients (such as nginx) on a LAN.
nginx is known to reject clients that send invalid
Content-Length headers, so any deployments on a trusted LAN
and/or behind nginx are safe.
Servers affected by this bug include (but are not limited to)
Rainbows! and Zbatery. This bug does not affect Thin nor
Mongrel, as neither got the request body filtering treatment
that the Unicorn HTTP parser got in August 2009.
The bug fixed in this release could result in a
denial-of-service as it would trigger a process-wide assertion
instead of raising an exception. For servers such as
Rainbows!/Zbatery that serve multiple clients per worker
process, this could abort all clients connected to the
particular worker process that hit the assertion.
|
|
A bunch of small fixes related to startup/configuration and hot
reload issues with HUP:
* Variables in the user-generated config.ru files no longer
risk clobbering variables used in laucher scripts.
* signal handlers are initialized before the pid file is
dropped, so over-eager firing of init scripts won't
mysteriously nuke a process.
* SIGHUP will return app to original state if an updated
config.ru fails to load due to {Syntax,Load}Error.
* unicorn_rails should be Rails 3 compatible out-of-the-box
('unicorn' works as always, and is recommended for Rails 3)
* unicorn_rails is finally "working_directory"-aware when
generating default temporary paths and pid file
* config.ru encoding is the application's default in 1.9,
not forced to binary like many parts of Unicorn.
* configurator learned to handle the "user" directive outside
of after_fork hook (which will always remain supported).
There are also various internal cleanups and possible speedups.
|
|
This constant hasn't been in active use in our Ruby code for
ages now. All HTTP header constraints are defined in the
C/Ragel HTTP parser and we have tests for them, so there's
no need to repeat ourselves.
|
|
There may be some large-ish internal changes for 0.97.0
|