Date | Commit message (Collapse) |
|
By explicitly calling OpenSSL::SSL::SSLContext#setup before
accepting connections. We cannot rely on "setup" being called
implicitly because any callbacks configured or objects
configured by the client may not be thread-safe.
We also avoid calling "setup" in the master process (if yahns is
configured to use worker processeses) in case the setup code
starts any TCP connections (e.g. to memcached for session
caching).
|
|
We cannot use the sendfile(2) syscall when serving static files
to TLS clients without breaking them. We currently rely on
OpenSSL to encrypt the data before it hits the socket, so it
must be read into userspace buffers before being written to the
socket.
|
|
This will allow Yahns::OpenSSLServer instances to take advantage
of TCP_INFO under Linux, saving us the overhead of method
invocations.
|
|
This avoids needless network traffic when installing
the locally-built gem.
|
|
We don't depend on rack directly, and unicorn 5.1 will make rack
optional. This seems reasonable for testing, but one day I could
imagine this being more than an HTTP or Rack server...
|
|
This should reduce memory pressure slightly as we can
have finer-grained control of memory usage for buffers which
can be several kilobytes large.
It is not safe to do this for output buffers we get from the
application, as they may reuse that memory themselves.
|
|
Apparently, StringIO#binmode has been totally broken in 1.9+ and
I've always hidden this bug with the combination of an explicit
string and magic "encoding: binary" comments :x
ref: https://bugs.ruby-lang.org/issues/11945
|
|
Oops, we need to duplicate our buffer in case the CGI executable
returns just the header :x
|
|
Using the 'update-copyright' script from gnulib[1]:
git ls-files | UPDATE_COPYRIGHT_HOLDER='all contributors' \
UPDATE_COPYRIGHT_USE_INTERVALS=2 \
xargs /path/to/gnulib/build-aux/update-copyright
We're also switching to 'GPL-3.0+' as recommended by SPDX
to be consistent with our gemspec and other metadata
(as opposed to the longer but equivalent "GPLv3 or later").
[1] git://git.savannah.gnu.org/gnulib.git
|
|
There are likely yet-to-be-discovered bugs in here.
Also, keeping explicit #freeze calls for 2.2 users, since most
users have not migrated to 2.3, yet.
|
|
We do not expose any sort of API beyond what's in the config file
manpage to our users. Do not mislead them into thinking we
currently have a stable API (though I'm considering one).
This avoids wasting disk space and installation time for users who
do not have a: "gem: --no-ri --no-rdoc" line in their ~/.gemrc
|
|
The "diff" function detection for C does not map well to
Ruby files, take advantage of gitattributes(5) to improve
method name detection in generated patches as well as
making "git diff -W" output more useful.
|
|
It's been there long enough and kqueue itself hasn't changed. In
fact, IIRC the entire design of yahns (for another server in late
2011) probably came about because of the name "kqueue"...
|
|
There's some minor test case fixes and documentation updates.
For OpenSSL users running the Ruby 2.3.0 preview releases,
we now use `exception: false' for for accept_nonblock to reduce
exceptions. Non-SSL I/O still uses kgio for now.
6 changes since 1.10.0:
wbuf: fix typo in bug check for sendfile gem
test_wbuf: deal with proper zero-copy for Unix sockets
README: clarify and update copyright year
doc: document and reference sd_listen_fds(3) behavior
test_server: fix race condition in hooks test
openssl_client: use `exception: false' for accept_nonblock
|
|
Ruby 2.3 will support this feature to reduce allocations
for common errors.
|
|
We need to ensure the master process is done writing to logs
when we check them. Do that by sending a SIGQUIT to the master
to shut it down, as the master process will defer the SIGQUIT
until after the test log is written to the kernel.
|
|
Users tend to skip reading release notes, ensure the manpage
documents this feature.
|
|
This is no place to advertise weirdo projects.
|
|
Linux 4.2 gained the ability to do true zero-copy sendfile support
for Unix sockets; so buffer space is accounted differently.
Previously Linux only avoided copies in userspace when doing
sendfile for Unix sockets, not internally within the kernel.
This kernel change has no bearing on normal code which would need to
account for concurrent draining by the client; only test code
designed to create a failure condition.
|
|
This typo would've only be triggered if the sendfile gem itself
turns out to be buggy and returns an undocumented return code.
|
|
* test_client_expire: favor Process.spawn over fork+exec
* extras/try_gzip_static: require readability on HEAD requests
* proxy_pass: quiet down ECONNRESET and EPIPE, too
* copyright updates
* update various comments
* proxy_http_response: use frozen string literal optimization
* README: add link to NNTP archive endpoint
* use olddoc 1.1.0 for generating NEWS + NEWS.atom.xml
* gemspec fixes for various RubyGems versions
* bytecode golfing to cut a few bytes of memory
* simplify sd_listen_fds emulation
* gemspec: allow compatibility with unicorn 5
|
|
We've been compatible for a while, actually, and probably
could've done this earlier.
We won't be dropping unicorn 4.x compatibility for a bit
in case some folks need to stick to unicorn 4.x for any
reason.
|
|
Remove unnecessary anonymous procs and conditionals to save some
bytecode memory Also, no valid PID can be zero, as kill(2)
treats zero specially.
|
|
Reduce unnecessary arguments to "exit" and "exit!". Additionally,
rely on a "putnil" instruction rather than a "putstring" argument
with an unnecessary string operand for an uncommon code path.
|
|
Version may not be frozen in some RubyGems versions, so we must dup
it. Use a SPDX-compatible license string for GPL-3.0+, too
(RubyGems still complains, for now)
|
|
This removes the build-time dependency on Nokogiri, which can
be time-consuming to install. We won't be supporting any public
APIs, so we will not actually support RDoc here.
|
|
The service seems stable and reliable enough to advertise in our
README.
|
|
This can reduce the amount of garbage we have by a small
amount. Once Ruby 2.3 comes out, we can rely on the
"frozen_string_literal: true" directive
|
|
Clarify APP_CONFIG is only public for modules maintained within
yahns, not external users.
While we're at it, avoid the http:// -> https:// redirect for
bugs.ruby-lang.org in the comment.
|
|
Future updates may use the update-copyright script in gnulib:
git ls-files | UPDATE_COPYRIGHT_HOLDER='all contributors' \
UPDATE_COPYRIGHT_USE_INTERVALS=2 \
xargs /path/to/gnulib/build-aux/update-copyright
|
|
Clients may disconnect on us while we're writing the response
here, so we should shut the backtrace up to avoid polluting
logs.
|
|
Files may exist and be stat-able, but not readable. Return
a 403 response for non-readable files.
|
|
Process.spawn is faster under Linux since it may use vfork
to avoid marking pages copy-on-write.
|
|
This release improves socket inheritance support. TCP socket
options are now applied to inherited sockets. We also emulate
the sd_listen_fds function to allow inheriting sockets from
systemd.
HTTP status strings are now generated dynamically, allowing
applications to modify Rack::Utils::HTTP_STATUS_CODES to
apply changes in the Rack response. Unfortunately, this leads
to minor (likely unnoticeable) performance regressions.
However, our code is not optimized for Ruby 2.2+, so users on
the latest released Ruby will benefit from reduced inline cache
and constant lookups as we reduced our constant footprint.
Expect further minor performance regressions if you are running
Ruby 2.2 and earlier.
For Ruby 2.2 users, overall performance should be largely
unchanged from 1.7.0 to 1.8.0
shortlog of changes since 1.7.0:
* use opt_str_freeze for Hash#delete
* test/helper: warn atomically
* generate response status strings dynamically
* reduce constants and optimize for Ruby 2.2+
* http_response: reduce bytecode size
* apply TCP socket options on inherited sockets
* test/test_rack_hijack.rb: try to increase test reliability
* emulate sd_listen_fds for systemd support
* test/test_rack_hijack: ensure proper ordering of log messages
|
|
Unfortunately we cannot rely on the RubyVM for optimizing hash
deletions, yet, so manually freeze for this string since it
(unlike every line after it) is a hot path if handling request
bodies.
Update a comment while we're at it.
|
|
Getting the logs to show up in order is tricky in a multithreaded
server...
|
|
systemd socket emulation shares FDs across execve, just like
the built-in SIGUSR2 upgrade process in unicorn. Thus it is
easy to support inheriting sockets from systemd.
|
|
We need to wait for the hijacked process to run and write to the
log before we check it. Since we may not have inotify, try to
trigger a sched_yield() syscall instead.
|
|
TCP socket options are now set when inheriting existing sockets from
a parent process. I'm fairly certain all the TCP setsockopt knobs
we use are idempotent and harmless to change.
If anything, the only directive I'd be uncomfortable changing is
shortening the listen(2) (aka :backlog) size, but we've always
changed that anyways since it also applies to UNIX sockets.
Note: removing a configuration knob in a yahns config file can not
reset the value to the OS-provided default setting. Inherited
sockets must use a new setting to override existing ones.
(or the socket needs to be closed and re-created in the process
launcher before yahns inherits it).
Based on unicorn commit 1db9a8243d42cc86d5ca4901bceb305061d0d212
Noticed-by: Christos Trochalakis <yatiohi@ideopolis.gr>
<20150626114129.GA25883@luke.ws.skroutz.gr>
|
|
This saves around 200 bytes on x86-64 and potentially improves
CPU cache performance. This does not reduce inline method
cache overhead as String#<< already has optimized dispatch
support (opt_ltlt in insns.def in Ruby 1.9+)
|
|
Ruby (MRI) 2.1 optimizes allocations away on String#freeze with
literal strings.
Furthermore, Ruby 2.2 optimizes away literal string allocations
when they are used as arguments to Hash#[] and Hash#[]=
Thus we can avoid expensive constant lookups and cache overhead
by taking advantage of advancements in Ruby.
Since Ruby 2.2 has been out for 7 months, now; it ought to be safe
to introduce minor performance regressions for folks using older
Rubies (1.9.3+ remains supported) to benefit folks on the latest
Ruby.
|
|
Rack::Utils::HTTP_STATUS_CODES may be altered by the underlying
application, allow changes to that to be reflected in our responses
and do not rely on the Unicorn::HttpResponse::CODES hash which
will probably go away soon.
|
|
We want to avoid race conditions if tests become multithreaded
from Kernel#warn internally issuing a second write.
|
|
Most notably, the Rack response body is now closed during rack.hijack.
Middlewares such as Rack::Lock (used by Rails) break badly unless
the response body is closed on hijack, so we will close it to follow
the lead of other popular Rack servers.
While it's unclear if there's anybody using rack.hijack besides
yahns/proxy_pass we'll try to emulate the behavior of other servers
as much as possible.
ref: https://github.com/ngauthier/tubesock/issues/10
We'll also support SIGWINCH if not daemonized
This has no effect for the (default) single process case with
no master/worker relationship as that does not support SIGWINCH.
Some process managers such as foreman and daemontools rely on
yahnsnot daemonizing, but we still want to be able to process
SIGWINCH in that case.
stdout and stderr may be redirected to a pipe (for cronolog or
similar process), so those are less likely to be attached to a TTY
than stdin. This also allows users to process SIGWINCH when running
inside a regular terminal if they redirect stdin to /dev/null.
This follows unicorn commit a6077391bb62d0b13016084b0eea36b987afe8f0
Thanks to Dan Moore for suggesting it on the unicorn list.
A few more minor changes, more memory reduction changes coming...
* proxy_pass: no point in closing StringIO
* proxy_pass: allow filtering or overriding response headers
* support SIGWINCH even if not daemonized
* use Unicorn::HttpParser#response_start_sent accessor
* reduce inline constant cache overheads
* proxy_pass: skip tests if kcar is missing
* ensure body is closed during hijack
|
|
Middlewares such as Rack::Lock (used by Rails) break badly unless
the response body is closed on hijack, so we will close it to follow
the lead of other popular Rack servers.
While it's unclear if there's anybody using rack.hijack besides
yahns/proxy_pass we'll try to emulate the behavior of other servers
as much as possible.
ref: https://github.com/ngauthier/tubesock/issues/10
While we're at it, use DieIfUsed correctly in test_ssl.rb :x
|
|
We don't require kcar to be installed since most users will never
use the proxy_pass feature, but show an informative error in case
they want to test this functionality.
|
|
We can use symbols in the SleepyPenguin APIs to trade speed for
space in uncommon code paths.
|
|
We don't need to waste a valuable ivar slot on each socket
when we know unicorn already maintains this flag for us.
|
|
This has no effect for the (default) single process case with
no master/worker relationship as that does not support SIGWINCH.
Some process managers such as foreman and daemontools rely on
yahnsnot daemonizing, but we still want to be able to process
SIGWINCH in that case.
stdout and stderr may be redirected to a pipe (for cronolog or
similar process), so those are less likely to be attached to a TTY
than stdin. This also allows users to process SIGWINCH when running
inside a regular terminal if they redirect stdin to /dev/null.
This follows unicorn commit a6077391bb62d0b13016084b0eea36b987afe8f0
Thanks to Dan Moore for suggesting it on the unicorn list.
|
|
We shouldn't blindly pass the "Server" tag through, since we may
be proxying Apache instances and we don't want to misadvertise,
either.
IMHO, it is best to say nothing at all to save bandwidth and
reduce the potential for attackers in case a vulnerability is
discovered in yahns.
|