Date | Commit message (Collapse) |
|
This patch checks incoming connections and avoids calling the application
if the connection has been closed.
It works by sending the beginning of the HTTP response before calling
the application to see if the socket can successfully be written to.
By enabling this feature users can avoid wasting application rendering
time only to find the connection is closed when attempting to write, and
throwing out the result.
When a client disconnects while being queued or processed, Nginx will log
HTTP response 499 but the application will log a 200.
Enabling this feature will minimize the time window during which the problem
can arise.
The feature is disabled by default and can be enabled by adding
'check_client_connection true' to the unicorn config.
[ew: After testing this change, Tom Burns wrote:
So we just finished the US Black Friday / Cyber Monday weekend running
unicorn forked with the last version of the patch I had sent you. It
worked splendidly and helped us handle huge flash sales without
increased response time over the weekend.
Whereas in previous flash traffic scenarios we would see the number of
HTTP 499 responses grow past the number of real HTTP 200 responses,
over the weekend we saw no growth in 499s during flash sales.
Unexpectedly the patch also helped us ward off a DoS attack where the
attackers were disconnecting immediately after making a request.
ref: <CAK4qKG3rkfVYLyeqEqQyuNEh_nZ8yw0X_cwTxJfJ+TOU+y8F+w@mail.gmail.com>
]
Signed-off-by: Eric Wong <normalperson@yhbt.net>
|
|
assert_nothing_raised ends up hiding errors and backtraces,
making things harder to debug. Since Test::Unit already
fails on uncaught exceptions, there is no need to assert
on the lack of exceptions for a successful test run.
This is a followup to commit 5acf5522295c947d3118926d1a1077007f615de9
|
|
It's better to show errors and backtraces when stuff
breaks
|
|
It's too much overhead to keep Rails-specific tests working,
especially when it's hauling in an ancient version of SQLite3.
Since Rails 3 has settled down with Rack and unicorn_rails is
unlikely to need changing in the future, we can drop these
tests.
|
|
I doubt anybody would attempt to run ancient, unsupported versions
of Rails on the latest (unreleased, even) versions of Ruby...
|
|
We need to be sure we don't barf on this header.
|
|
You can listen on 0.0.0.0, but trying to connect to it doesn't work
well on OpenBSD.
Acked-by: Eric Wong <normalperson@yhbt.net>
|
|
This will also be the foundation of SSL support in Rainbows!
and Zbatery. Some users may also want to use this in
Unicorn on LANs to meet certain security/auditing requirements.
Of course, Nightmare! (in whatever form) should also be able to
use it.
|
|
Existing license terms (Ruby-specific) and GPLv2 remain
in place, but GPLv3 is preferred as it helps with
distribution of AGPLv3 code and is explicitly compatible
with Apache License (v2.0).
Many more reasons are documented by the FSF:
https://www.gnu.org/licenses/quick-guide-gplv3.html
http://gplv3.fsf.org/rms-why.html
ref: http://thread.gmane.org/gmane.comp.lang.ruby.unicorn.general/933
|
|
We do it in the Ruby invocation or RUBYLIB.
|
|
I don't build IPv6 into all my kernels; maybe other testers do
not, either.
|
|
RFC 2616 doesn't appear to allow most CTL bytes even though
Mongrel always did. Rack::Lint disallows 0..31, too, though we
allow "\t" (HT, 09) since it's LWS and allowed by RFC 2616.
|
|
The testcase for this was broken, too, so we didn't notice
this :<
Reported-by: ghazel@gmail.com on the Rainbows! mailing list,
http://mid.gmane.org/BANLkTi=oQXK5Casq9SuGD3edeUrDPvRm3A@mail.gmail.com
|
|
The random garbage generator may occasionally generate URIs that
are too long and cause the URI-specific error to be raised
instead of the generic parser error we recently introduced.
Follow-up-to: commit 742c4d77f179a757dbcb1fa350f9d75b757acfc7
|
|
rescuing from SystemExit and exit()-ing again is ugly, but
changes made to lower stack depth positively affect _everyone_
so we'll tolerate some ugliness here.
We'll need to disable graceful exit for some tests, too...
|
|
This means we no longer waste an extra file descriptor per
worker process in the master. Now there's no need to set a
higher file descriptor limit for systems running >= 1024
workers.
|
|
The random garbage generator may occasionally generate URIs that
are too long and cause the URI-specific error to be raised
instead of the generic parser error we recently introduced.
Follow-up-to: commit 742c4d77f179a757dbcb1fa350f9d75b757acfc7
|
|
It may return the previous second
|
|
The random garbage generator may occasionally generate URIs that
are too long and cause the URI-specific error to be raised
instead of the generic parser error we recently introduced.
|
|
This allows one to enter the dechunker without parsing
HTTP headers beforehand. Since we skipped header parsing,
trailer parsing is not supported since we don't know
what trailers might be (to our knowledge, nobody uses trailers
anyways)
|
|
Stack depth affects Ruby GC performance, so lowering it
makes sense
|
|
Enabling this flag for an IPv6 TCP listener allows users to
specify IPv6-only listeners regardless of the OS default.
This should be interest to Rainbows! users.
|
|
RFC 2616, section 4.2:
> The field-content does not include any leading or trailing LWS:
> linear white space occurring before the first non-whitespace
> character of the field-value or after the last non-whitespace
> character of the field-value. Such leading or trailing LWS MAY be
> removed without changing the semantics of the field value. Any LWS
> that occurs between field-content MAY be replaced with a single SP
> before interpreting the field value or forwarding the message
> downstream.
|
|
|
|
They were transitionary releases and the logic to deal with them
and Rack versioning was too much overhead.
|
|
This causes conflicts with ports clients may use in
the ephemeral range since those do not hold FS locks.
This reverts commit e597e594ad88dc02d70f7d3521d0d3bdc23739bb.
Conflicts:
test/test_helper.rb
|
|
No need to unnecessarily leave file descriptor open.
|
|
Ugh, one day I'll clean them up, one day...
|
|
for i in `git ls-files '*.rb'`; do ruby -w -c $i; done
|
|
Duh...
|
|
This is much like how nginx does it, except we always require a
port when explicitly binding to IPv6 using the "listen"
directive. This also adds support to listen with an
address-only, which can be useful to Rainbows! users.
|
|
Just in case we have people that don't use DNS, we can support
folks who enter ugly IPv6 addresses...
IPv6 uses brackets around the address to avoid confusing
the colons used in the address with the colon used to denote
the TCP port number in URIs.
|
|
The client may not get a proper response with TCP_CORK enabled
|
|
Rack::Lint already stops apps from using it. If a developer
insists on it, then users who inspect their HTTP headers can
point and laugh at them for not using Rack::Lint!
|
|
Response bodies may capture the block passed to each
and save it for body.close, so don't close the socket
before we have a chance to call body.close
|
|
But allows small optimizations to be made to avoid
constant/instance variable lookups later :)
|
|
No need to preserve the response tuplet if we're just
going to unpack it eventually.
|
|
This can return a static string and be significantly
faster as it reduces object allocations and Ruby method
calls for the fastest websites that serve thousands of
requests a second.
It assumes the Ruby runtime is single-threaded, but that
is the case of Ruby 1.8 and 1.9 and also what Unicorn
is all about. This change is safe for Rainbows! under 1.8
and 1.9.
|
|
It's a minor garbage reduction, but nobody uses "$,", and
if they did, they'd break things in the Ruby standard library
as well as Rack, so let anybody who uses "$," shoot themselves
in the foot.
|
|
We use this in Rainbows! to disable keepalive in certain
configurations.
|
|
We need to preserve our internal flags and only clear them on
HttpParser#parse. This allows the async concurrency models in
Rainbows! to work properly.
|
|
Oops
|
|
More config bloat, sadly this is necessary for Rainbows! :<
|
|
Evil clients may be exposed to the Unicorn parser via
Rainbows!, so we'll allow people to turn off blindly
trusting certain X-Forwarded* headers for "rack.url_scheme"
and rely on middleware to handle it.
|
|
The first value of X-Forwarded-Proto in rack.url_scheme should
be used as it can be chained. This header can be set multiple
times via different proxies in the chain, but consider the first
one to be valid.
Additionally, respect X-Forwarded-SSL as it may be passed with
the "on" flag instead of X-Forwarded-Proto.
ref: rack commit 85ca454e6143a3081d90e4546ccad602a4c3ad2e
and 35bb5ba6746b5d346de9202c004cc926039650c7
|
|
This limits the number of keepalive requests of a single
connection to prevent a single client from monopolizing server
resources. On multi-process servers (e.g. Rainbows!) with many
keepalive clients per worker process, this can force a client to
reconnect and increase its chances of being accepted on a
less-busy worker process.
This directive is named after the nginx directive which
is identical in function.
|
|
This allows apps/middlewares on Rainbows! that rely on env in
the response_body#close to hold onto the env.
|
|
Some apps may do them, so make sure we do them correctly.
|
|
No need to accept any number of args, that could hide bugs in
applications that could give three or more arguments. We also
raise ArgumentError when given a negative length argument to
read.
|
|
Any calls to read with an explicit zero length now returns an
empty string. While not explicitly specified by Rack::Lint,
this is for compatibility with StringIO and IO methods which
are common in other web servers.
|