| Date | Commit message (Collapse) |
|---|
|
I've gotten cgit to work well for browsers without CSS
support (patches posted to <cgit@lists.zx2c4.com>).
For browsers with CSS support, the color scheme
is now dark and can help save electricity for users
of OLED and CRT displays.
|
|
Since we've required Ruby 2.0+ for a while, we can assume
descriptors are created with IO#close_on_exec=true and
avoid bloating our code with calls to it.
|
|
Since the common case is still to run a single app inside yahns,
we can simplify setup a bit for systemd (and like) users by
allowing them to omit the "listen" directive when they are
running a single app in yahns.
|
|
That object is not a Rack app, so lets avoid confusing
ourselves.
|
|
HTTPS adds some level of privacy protection and helps marketing
(because we care soooo much about good marketing! :P).
Performance-wise, this reduces subjectAltName bloat when
negotiating connections and will also speed up occasional
certificate renewals when/if we drop the old name.
Also, not occupying the document root of a domain will make it
easier to add alternative site locations in the future, because
centralization sucks and I don't like the idea of anybody paying
ICANN or similar entities for domain names.
|
|
Using the 'update-copyright' script from gnulib[1]:
git ls-files | UPDATE_COPYRIGHT_HOLDER='all contributors' \
UPDATE_COPYRIGHT_USE_INTERVALS=2 \
xargs /path/to/gnulib/build-aux/update-copyright
We're also switching to 'GPL-3.0+' as recommended by SPDX
to be consistent with our gemspec and other metadata
(as opposed to the longer but equivalent "GPLv3 or later").
[1] git://git.savannah.gnu.org/gnulib.git
|
|
There are likely yet-to-be-discovered bugs in here.
Also, keeping explicit #freeze calls for 2.2 users, since most
users have not migrated to 2.3, yet.
|
|
We do not expose any sort of API beyond what's in the config file
manpage to our users. Do not mislead them into thinking we
currently have a stable API (though I'm considering one).
This avoids wasting disk space and installation time for users who
do not have a: "gem: --no-ri --no-rdoc" line in their ~/.gemrc
|
|
Clarify APP_CONFIG is only public for modules maintained within
yahns, not external users.
While we're at it, avoid the http:// -> https:// redirect for
bugs.ruby-lang.org in the comment.
|
|
Future updates may use the update-copyright script in gnulib:
git ls-files | UPDATE_COPYRIGHT_HOLDER='all contributors' \
UPDATE_COPYRIGHT_USE_INTERVALS=2 \
xargs /path/to/gnulib/build-aux/update-copyright
|
|
We don't need optimized dispatch methods in cold code, so use
the more space-efficient "nil?" method dispatch to save us one
word per-call site for a rough total of 24 bytes saving.
|
|
We may set binary mode upon open by passing "b" in the mode string,
so avoid the extra method dispatch and bytecode/cache overhead that
entails.
|
|
Literal regexps costs over 400 bytes of memory on x86-64 per-site,
so there's no point in using them to cause bloat at cold call sites
where runtime performance does not matter.
|
|
The current CA model and code quality of OpenSSL have long put me off
from supporting TLS; however but efforts such as "Let's Encrypt"
and the fallout from Heartbleed give me hope for the future.
This implements, as much as possible, a "hands-off" approach to TLS
support via OpenSSL. This implementation allows us to shift
responsibility away from us to users and upstreams (the Ruby 'openssl'
extension maintainers, software packagers, and OpenSSL project itself).
This is also perhaps the easiest way for now for us, while being most
powerful for users. It requires users to configure their own OpenSSL
context object which we'll use as-is.
This context object is used as the :ssl_ctx parameter to the "listen"
directive in the yahns configuration file:
require 'openssl' # we will not do this for the user, even
ctx = OpenSSL::SSL::SSLContext.new
# user must configure ctx here...
listen 443, ssl_ctx: ctx
This way, in case we support GnuTLS or other TLS libraries, there'll
be less confusion as to what a user is actually using.
Note: this feature requires Ruby 2.1 and later for non-kgio
{read,write}_nonblock(.. exception: false) support.
|
|
Until we drop 1.9.3 support, we'll save some bytecode by using
[ :literal, :symbols, :in, :arrays ]
In 2.0.0 and later, we may use %i(terser syntax)
|
|
We may not be able to support this in a more performant
way just yet. Since this was never documented, we'll remove
the the current knobs for silently setting and ignoring it.
Users should use Unicorn::HttpParser.max_header_len= for now,
instead. We may change Unicorn::HttpParser in the future if enough
people care about making this functionality per-app.
|
|
This allows users to specify alternative temporary directories
in case buffers get too large for one filesystem to handle or
to give priority to some clients on certain ports.
|
|
Some users may care to have sub-second or fractional timeouts for
various reasons. Do not reject those values to be consistent with
Ruby sleep/select.
|
|
This should allow users to more-easily enable/disable apps
and their dependent atfork_* hooks.
|
|
It's usually given as a block, so Ruby won't care about arity there.
Users will get the worker ID number as the first arg, making it
possible to isolate some things to certain processes (e.g. for A/B
testing).
|
|
It was totally unnecessary and just made things hard-to-follow.
|
|
This allows modifying the command-line (as an array) passed to
Kernel#exec, as well as running anything necessary.
|
|
Otherwise, the server may stay running forever if a client chooses
to stay forever (and there is no FD pressure).
|
|
The rest of the config handling spews ArgumentError when
a user sets something bad...
|
|
This is probably not needed and just adds contention, but it makes
experimenting easier.
While we're at it, validate minimum values of for sndbuf/rcvbuf
along with this new threads value, too.
|
|
Negative ratio makes little sense and there's no reason to
allow it.
|
|
working_directory affects the whole process, so it must be
called at the top-level and not allowed inside blocks.
|
|
In case we (and Linux) supports other values in the future,
we can update it then. Until now, ensure users only set
true or false for this option.
commit 03580a19afe5ce76323a7366b92243a94d445de1 in unicorn
|
|
This was documented (incorrectly) and not implemented for either
the master/worker or single process cases. Implement and test
all (with mocks, so not fully-tested).
|
|
This should make these definitions easier-to-find with grep(1)
|
|
naming new (global) queues should be done outside of app
contexts. Private, per-app queues should be anonymous to
avoid confusion.
|
|
We do not want users to use the default queue unless an app
context requires it. We also do not want to spin up the default
queue unless we are sure we have app contexts using it (and
not private/anonymous queues).
|
|
These can be used to disconnect/reconnect to databases
and other external connections. These are named to match
the documentation of pthread_atfork(3)
|
|
This can cause problems if we fork/exec outside of Ruby's knowledge
|
|
This means ruby 1.9.3 should be supported, as well as Ruby
implementations which do not set the close-on-exec flag by default.
Note: this is only best-effort outside of modern Linux with threads,
since a multithreaded process may create and inadvertantly share
descriptors. This is why Linux supports O_CLOEXEC, SOCK_CLOEXEC and
friends, as kernel support is the only way to sanely fix this.
|
|
Leaving running threads at exit seems to lead to occasional bugs at
finalization on Ruby 2.0.0. This could be a bug with sleepy_penguin
or kgio, too, so I'll have to investigate further. For now, we'll
just destroy the IOs associated with each queue and let the threads
die on their own.
This changes the QueueEgg internals a bit and I've removed the unit
test for QueueEgg now since the rest of the server already works
well (and QueueEgg internals may change even more).
Queues/worker threads no longer have their own logger, it seems like
excessive configurability/complexity since acceptors do not have
their own logger, either. This logger only exists to log bugs in
yahns, not the application, so using the server logger is sufficient.
|
|
This is mostly code imported from Rainbows! (so GPLv2+). This should
implement everything necessary to prevent clients from DoS-ing us with
overly large bodies. The default is 1M (same as Rainbows! and nginx).
Yahns::MaxBody may become part of the public API (as the equivalent is
in Rainbows!), since it makes more sense in the rackup (config.ru) file
(since it's endpoint-specific). However, that's confusing as
Yahns::MaxBody only works when input_buffering is :lazy or false, and
not when it is true (preread).
|
|
We want to shutdown gracefully, but still relatively quickly (to
make way for the new one). So we must disable persistent
connections to prevent clients from keeping to-be-dead server alive
indefinitely.
|
|
This is rarely-called code, but we need to be sure we can expire
clients correctly when thresholds are reached. We also correctly
handle negative values of the client_expire_threshold directive.
|
|
|