| Date | Commit message (Collapse) |
|---|
|
MRI 1.8 always sets O_NONBLOCK on sockets to implement green
threads correctly in the face of slow network I/O. Since we
already know what the I/O flags for a client socket should be,
we just set it to that instead.
Applications running on Unicorn continue to be green thread-safe
when used fast local traffic. Of course, Unicorn itself will
never use threads.
|
|
Unicorn is strictly for fast LAN and localhost clients. Unicorn
is not for slow, high-latency or trickling clients and cannot do
keepalive or pipelining.
None of the removed options actually make sense
in the environment Unicorn was designed for.
* DEFER_ACCEPT/ACCEPT_FILTER - these are useful for mitigating
connect() floods or trickling clients. We shouldn't have to
deal with those on a trusted LAN.
* TCP_CORK/TCP_NODELAY - we only send output in the response and
then immediately close the socket. Assuming the typical
response containing a small header and large strings in the
body: the Nagle algorithm would've corked the headers
regardless and any pending output would be immediately flushed
when the socket is closed immediately after sending.
These options would still be useful from the client-side on
the LAN, or if Unicorn supported keepalive.
Of course, I highly recommend enabling all of these options
you can possibly enable on nginx or another fully-buffering
reverse proxy when dealing with slow clients.
|
|
Apparently I was smoking crack and thought they weren't
changeable. Additionally, SO_REUSEADDR is set by TCPServer.new,
so there's no need to set it ourselves; so avoid putting
extra items in the purgatory.
This allows SIGHUP to change listen options.
|
|
I can't think of a good reason to ever use restrictive
permissions with UNIX domain sockets for an HTTP server.
Since some folks run their nginx on port 80 and then
have it drop permissions, we need to ensure our socket
is readable and writable across the board.
The reason I'm respecting the existing umask at all (instead of
using 0000 across the board like most daemonizers) is because
the admin may want to restrict access (especially write access)
to log files.
|
|
FD_CLOEXEC is POSIX and we only run on POSIX. Things will
slowly leak over time if FD_CLOEXEC is not set, so raise
the issue ASAP.
|
|
bind_listen takes a hash as its second parameter now, allowing
the addition of :sndbuf and :rcvbuf options to specify the size
of the buffers in bytes. These correspond to the SO_SNDBUF and
SO_RCVBUF options via setsockopt(2) respectively.
This also adds support for per-listener backlogs to be used.
However, this is only an internal API change and the changes
have not yet been exposed to the user via Unicorn::Configurator,
yet.
Also add a bunch of SocketHelper tests
|
|
Since we always unlink existing sockets when binding, there's no
point in having code to unlink the sockets when we exit.
Additionally, the old code path was racy.
|
|
This fixes a bug where listener names in the master process
would be incorrectly matched with the existing set; causing UNIX
sockets to be unbound and rebound; breaking things for child
processes.
This is a better fit anyways since it's higher level.
|
|
This is to be consistent with the existing "pid"
and std{err,out}_path options which also take
paths relative to "~"
|
|
The Configurator includes error checking and opens the way for
better reloading/error-checking abilities.
This also renames many of the config settings with something
nginx-like to minimize the learning/setup curve since nginx is
the only recommended reverse-proxy for this.
s/pid_file/pid/
=> blech!, more confusing :<
s/listen_backlog/backlog/
=> maybe more confusing to some, or less...
s/nr_workers/worker_processes/
=> less confusing to non-AWKers for sure
s/hot_config_file/config_file/
=> the config file is now general purpose,
not just hot reloads
|
|
|
|
We may have stale UNIX sockets leftover since we don't clean
those up at_exit. So unlink them if we didn't inherit one.
|
|
We'll be using this flag with a pipe, too.
|
|
Along with worker process management. This is nginx-style
inplace upgrading (I don't know of another web server that does
this). Basically we can preserve our opened listen sockets
across entire executable upgrades.
Signals:
USR2 - Sending USR2 to the master unicorn process will cause
it to exec a new master and keep the original workers running.
This is useful to validate that the new code changes took place
are valid and don't immediately die. Once the changes are
validated (manually), you may send QUIT to the original
master process to have it gracefully exit.
HUP - Sending this to the master will make it immediately exec
a new binary and cause the old workers to gracefully exit.
Use this if you're certain the latest changes to Unicorn (and
your app) are ready and don't need validating.
Unlike nginx, re-execing a new binary will pick up any and all
configuration changes. However listener sockets cannot be
removed when exec-ing; only added (for now).
I apologize for making such a big change in one commit, but once
I got the ability to replace the entire codebase while preserving
connections, it was too tempting to continue working.
So I wrote a large chunk of this while hitting
the unicorn-hello-world app with the following loop:
while curl -vSsfN http://0:8080; do date +%N; done
_Zero_ requests lost across multiple restarts.
|
|
Unicorn is only designed for fast internal networks (and
loopback); so avoid wasting time with userspace I/O buffering.
This should not significantly affect userspace threading on 1.8
in case your application itself is running threads for some
(masochistic) reason as long as the clients you're serving
directly with Unicorn are fast.
|
|
Instead of ".#{$$}" as the suffix. This makes it clearer that
it's a temporary name and also so we can use per-process sockets
to make debugging easier.
|
|
Additionally, provide Socket#unicorn_addr which makes it
easy to determine whether a given Socket matches one in
the config.
|
|
We'll be supporting UNIX domain sockets soon... Get rid of
tcphack since it was overriding a default method and just
manually call Socket.new, bind, listen ourselves. Additionaly,
use SO_REUSEADDR when binding since it is convenient for
restarts.
|