Permalink
Commits on Nov 28, 2016
  1. TUNING: document THP caveat for Linux users

    This probably applies to other kernels, too, but I'm most
    familiar with Linux.
    Eric Wong committed Nov 28, 2016
Commits on Nov 9, 2016
  1. drop rb_str_set_len compatibility replacement

    While it is innocuous after compiling, it can be a confusing
    source of errors for users with broken installations of Ruby
    itself:
    
    https://bogomips.org/unicorn-public/5ace6a20-e094-293d-93df-b557480e12d5@anyces.com/
    https://bogomips.org/unicorn-public/02994a55-9c07-a3c5-f06b-a4c15551a67e@anyces.com/
    
    rb_str_set_len has been provided since Ruby 1.8.7+, so we have
    not needed it since we dropped all 1.8.x support in unicorn 5.x.
    Eric Wong committed Nov 9, 2016
Commits on Oct 31, 2016
  1. unicorn 5.2.0

    Most notably, this release allows us to support requests with
    lines delimited by LF-only, as opposed to the standard CRLF
    pair and allowed by RFC 2616 sec 19.3.
    
    Thanks to Mishael A Sibiryakov for the explanation and change:
    
      https://bogomips.org/unicorn-public/1476954332.1736.156.camel@junki.org/
    
    Thanks to Let's Encrypt, the website also moves to HTTPS
    <https://bogomips.org/unicorn/> to improve reader privacy.  The
    "unicorn.bogomips.org" subdomain will be retired soon to reduce
    subjectAltName bloat and speed up certificate renewals.
    
    There's also the usual round of documentation and example
    updates, too.
    
    Eric Wong (7):
          examples/init.sh: update to reduce upgrade raciness
          doc: systemd should only kill master in example
          examples/logrotate.conf: update example for systemd
          doc: update gmane URLs to point to our own archives
          relocate website to https://bogomips.org/unicorn/
          TODO: remove Rack 2.x item
          build: "install-gem" target avoids network
    
    Mishael A Sibiryakov (1):
          Add some tolerance (RFC2616 sec. 19.3)
    Eric Wong committed Oct 31, 2016
  2. build: "install-gem" target avoids network

    No need to go online when installing a locally-built gem.
    Eric Wong committed Oct 31, 2016
  3. TODO: remove Rack 2.x item

    Rack 2.x is less of a jump than initially expected,
    and we've already supported it for a few releases, already.
    Eric Wong committed Oct 31, 2016
Commits on Oct 30, 2016
  1. Merge remote-tracking branch 'origin/website-move'

    * origin/website-move:
      relocate website to https://bogomips.org/unicorn/
    Eric Wong committed Oct 30, 2016
  2. Merge remote-tracking branch 'origin/rfc2616-sec19.3'

    * origin/rfc2616-sec19.3:
      Add some tolerance (RFC2616 sec. 19.3)
    Eric Wong committed Oct 30, 2016
  3. Merge remote-tracking branch 'origin/jr/init'

    * origin/jr/init:
      examples/init.sh: update to reduce upgrade raciness
    Eric Wong committed Oct 30, 2016
Commits on Oct 25, 2016
  1. relocate website to https://bogomips.org/unicorn/

    HTTPS helps some with reader privacy and Let's Encrypt seems to
    be working well enough the past few months.
    
    This change will allow us to reduce subjectAltName bloat in our
    TLS certificate over time.  It will also promote domain name
    agility to support mirrors or migrations to other domains
    (including a Tor hidden service mirror).
    
    http://bogomips.org/unicorn/ will remain available for people on
    legacy systems without usable TLS.  There is no plan for automatic
    redirecting from HTTP to HTTPS at this time.
    Eric Wong committed Oct 25, 2016
Commits on Oct 20, 2016
  1. Add some tolerance (RFC2616 sec. 19.3)

    Hi all.
    
    We're implementing client certificate authentication with nginx and
    unicorn. 
    
    Nginx configured in the following way:
    
    proxy_set_header X-SSL-Client-Cert $ssl_client_cert;
    
    When client submits certificate and nginx passes it to the unicorn,
    unicorn responds with 400 (Bad Request). This caused because nginx
    doesn't use "\r\n" they using just "\n" and multilne headers is failed
    to parse (I've added test).
    
    Accorording to RFC2616 section 19.3:
    https://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.3
    
    "The line terminator for message-header fields is the sequence CRLF.
    However, we recommend that applications, when parsing such headers,
    recognize a single LF as a line terminator and ignore the leading CR."
    
    CRLF changed to ("\r\n" | "\n")
    
    Github commit
    uno4ki/unicorn@ed127b6
    
    PS: Googling "nginx unicorn ssl_client_cert" shows the problem. 
    uno4ki committed with Eric Wong Oct 20, 2016
Commits on Jul 28, 2016
  1. doc: update gmane URLs to point to our own archives

    Gmane's NNTP server remains up, but the HTTP site is down:
    
      https://lars.ingebrigtsen.no/2016/07/28/the-end-of-gmane/
    
    Anyways, our own archives are designed to be mirror-able via git:
    
      git clone --mirror https://bogomips.org/unicorn-public
    
    And the code is self-hostable: git clone https://public-inbox.org
    Eric Wong committed Jul 28, 2016
Commits on Jun 20, 2016
  1. examples/logrotate.conf: update example for systemd

    ...And add placeholders for other systems
    Eric Wong committed Jun 20, 2016
Commits on Jun 13, 2016
  1. doc: systemd should only kill master in example

    By default, systemd kills every process in the control group
    when stopping a service.  While it ought to be harmless to
    signal workers, some Rack applications (and perhaps further
    subprocesses) can misbehave when interrupted by a signal.
    Ensure we only hit the master on graceful shutdown to avoid
    tickling bugs in Rack apps.
    
    This is the reason we switched to having the master send
    "fake" signals for workers beginning with unicorn 4.8.0
    back in 2013/2014.
    Eric Wong committed Jun 13, 2016
Commits on Jun 7, 2016
  1. examples/init.sh: update to reduce upgrade raciness

    Rework the "upgrade" target to only read the PID files once to
    avoid misreading the wrong PID files in the middle of the
    upgrade.
    
    Additionally, introduce the UPGRADE_DELAY environment parameter
    so users can increase/decrease according to their application
    startup time.
    
    PID files are inherently racy and people should be using a
    process manager (systemd or similar) instead, but this should
    mitigate most of the problems with the old target.
    
    While we're at it, add LSB tags for systems which complain
    about the lack of them and modernize things a bit using
    $(command) construct instead of the more fragile `command`.
    
    Thanks-to: Jesper Rønn-Jensen <jesperrr@gmail.com>
    Eric Wong committed Jun 7, 2016
Commits on Apr 1, 2016
  1. unicorn 5.1.0 - rack is optional, again

    Note: no code changes since 5.1.0.pre1 from January.^WNo, wait,
    last minute performance improvement added today.  See below.
    
    The big change is rack is not required (but still recommended).
    Applications are expected to depend on rack on their own so they can
    specify the version of rack they prefer without unicorn pulling
    in a newer, potentially incompatible version.
    
    unicorn will always attempt to work with multiple versions of rack
    as practical.
    
    The HTTP parser also switched to using the TypedData C-API for
    extra type safety and memory usage accounting support in the
    'objspace' extension.
    
    Thanks to Adam Duke to bringing the rack change to our attention
    and Aaron Patterson for helping with the matter.
    
    Last minute change: we now support the new leftpad() syscall under
    Linux for major performance and security improvement:
    
        http://mid.gmane.org/1459463613-32473-1-git-send-email-richard@nod.at
    
    8^H9 changes since 5.0.1:
    
          http: TypedData C-API conversion
          various documentation updates
          doc: bump olddoc to ~> 1.2 for extra NNTP URL
          rack is optional at runtime, required for dev
          doc update for ClientShutdown exceptions class
          unicorn 5.1.0.pre1 - rack is optional, again
          doc: reference --keep-file-descriptors for "bundle exec"
          doc: further trimming to reduce noise
          use leftpad Linux syscall for speed!
    Eric Wong committed Apr 1, 2016
Commits on Mar 31, 2016
  1. doc: further trimming to reduce noise

    It's not worth mentioning pre-Rack versions of Rails anymore,
    and there are a few async Rack applications reliant on
    EventMachine which we do not use.
    
    Some uses of chunked request decoding are not well-handled
    with nginx in front, anyways; so avoid mentioning them.
    
    Additionally, avoid introducing new terms into the lexicon
    and just refer to "mailing list" as a generic term.
    Eric Wong committed Mar 31, 2016
Commits on Mar 17, 2016
  1. doc: reference --keep-file-descriptors for "bundle exec"

    "bundle exec" alone is not suitable for use with systemd-style
    socket activation due to Ruby 2.0+ behavior of setting close-on-exec
    for file descriptors above 2.  However, the "--keep-file-descriptors"
    option was added to bundler 1.4.0 to workaround this Ruby 2.0 change
    and may be used to prevent Ruby 2.0+ from closing file descriptors
    on exec.
    
    Thanks to Amir Yalon and Christos Trochalakis for bringing up
    this issue on the mailing list:
    
    http://bogomips.org/unicorn-public/1457824748.3666627.547425122.2A828B07@webmail.messagingengine.com/
    Eric Wong committed Mar 17, 2016
Commits on Jan 27, 2016
  1. unicorn 5.1.0.pre1 - rack is optional, again

    The big change is rack is not required (but still recommended).
    Applications are expected to depend on rack on their own so they can
    specify the version of rack they prefer without unicorn pulling
    in a newer, potentially incompatible version.
    
    unicorn will always attempt to work with multiple versions of rack
    as practical.
    
    The HTTP parser also switched to using the TypedData C-API for
    extra type safety and memory usage accounting support in the
    'objspace' extension.
    
    Thanks to Adam Duke to bringing the rack change to our attention
    and Aaron Patterson for helping with the matter.
    
    There might be more documentation-related changes before 5.1.0
    final.  I am considering dropping pandoc from manpage generation
    and relying on pod2man (from Perl) because it has a wider install
    base.
    
    5 changes since v5.0.1:
    
          http: TypedData C-API conversion
          various documentation updates
          doc: bump olddoc to ~> 1.2 for extra NNTP URL
          rack is optional at runtime, required for dev
          doc update for ClientShutdown exceptions class
    Eric Wong committed Jan 27, 2016
  2. doc update for ClientShutdown exceptions class

    State explicitly applications should not rely on it, and instead
    rescue the generic EOFError exception.  This class will stick
    around because there may inevitably be things which rely on it,
    but we should not encourage it, either.
    Eric Wong committed Jan 27, 2016
  3. rack is optional at runtime, required for dev

    We do not want to pull in a newer or older version of rack depending
    on an the application running under it requires.  Furthermore, it
    has always been possible to use unicorn without any middleware at
    all.
    
    Without rack, we'll be missing descriptive status text in the first
    response line, but any valid HTTP/1.x parser should be able to
    handle it properly.
    
    ref:
     http://bogomips.org/unicorn-public/20160121201255.GA6186@dcvr.yhbt.net/t/#u
    
    Thanks-to: Adam Duke <adam.v.duke@gmail.com>
    Thanks-to: Aaron Patterson <tenderlove@ruby-lang.org>
    Eric Wong committed Jan 27, 2016
Commits on Jan 9, 2016
  1. doc: bump olddoc to ~> 1.2 for extra NNTP URL

    Additional advertising for the gmane NNTP server makes sense
    from a robustness standpoint:
    
      nntp://news.gmane.org/gmane.comp.lang.ruby.unicorn.general
    
    Not advertising other HTTP-based URLs just yet.  They could contain
    images/frames/JS/CSS and add unnecessary clutter to the footer.
    NNTP puts the client in control of UI.
    Eric Wong committed Jan 9, 2016
Commits on Jan 7, 2016
  1. various documentation updates

    * add nntp_url to the olddoc website footer
    * update legacy support status for 4.x (not 4.8.x)
    * update copyright range to 2016
    * note all of our development tools are Free Software, too
    * remove cgit mention; it may not always be cgit
      (but URLs should remain compatible).
    * discourage downloading snapshot tarballs;
      "git clone" + periodic "git fetch" is more efficient
    * remove most mentions of unicorn_rails as that
      was meant for ancient Rails 1.x/2.x users
    * update path reference to Ruby 2.3.0
    * fix nginx upstream module link to avoid redirect
    * shorten Message-ID example to avoid redirects
      and inadvertant linkage
    Eric Wong committed Jan 7, 2016
Commits on Dec 13, 2015
  1. http: TypedData C-API conversion

    This provides some extra type safety if combined with other
    C extensions, as well as allowing us to account for memory usage of
    the HTTP parser in ObjectSpace.
    
    This requires Ruby 1.9.3+ and has remained a stable API since
    then.  This will become officially supported when Ruby 2.3.0 is
    released later this month.
    
    This API has only been documented in doc/extension.rdoc (formerly
    README.EXT) in the Ruby source tree since April 2015, r50318
    Eric Wong committed Nov 16, 2014
Commits on Nov 17, 2015
  1. unicorn 5.0.1 - continuing to violate Rack SPEC

    Once again, we allow nil values in response headers.  We've had
    this bug since March 2009, and thus cannot expect existing
    applications and middlewares running unicorn to fix this.
    
    Unfortunately, supporting this bug contributes to application
    server lock-in, but at least we'll document it as such.
    
    Thanks to Owen Ou <o@heroku.com> for reporting this regression:
    
      http://bogomips.org/unicorn-public/CAO47=rJa=zRcLn_Xm4v2cHPr6c0UswaFC_omYFEH+baSxHOWKQ@mail.gmail.com/
    
    Additionally, systemd examples are now in the examples/ directory
    based on a post by Christos Trochalakis <yatiohi@ideopolis.gr>:
    
      http://bogomips.org/unicorn-public/20150708130821.GA1361@luke.ws.skroutz.gr/
    Eric Wong committed Nov 17, 2015
  2. add .gitattributes for Ruby method detection

    The "diff" function detection for C does not map well to
    Ruby files, take advantage of gitattributes(5) to improve
    method name detection in generated patches as well as
    making "git diff -W" output more useful.
    Eric Wong committed Nov 17, 2015
  3. examples: add systemd socket and service files

    Since we have init scripts, we ought to have the equivalent for
    systemd users who cannot upgrade via the normal SIGUSR2 mechanism;
    but can use multiple services: "unicorn@1" + h"unicorn@2" to
    accomplish the same thing.
    
    Based on examples by Christos Trochalakis <yatiohi@ideopolis.gr>
    
    ref:
    http://bogomips.org/unicorn-public/20150708130821.GA1361@luke.ws.skroutz.gr/
    Eric Wong committed Nov 17, 2015
  4. http_response: allow nil values in response headers

    This blatantly violates Rack SPEC, but we've had this bug since
    March 2009[1].  Thus, we cannot expect all existing applications
    and middlewares to fix this bug and will probably have to
    support it forever.
    
    Unfortunately, supporting this bug contributes to application
    server lock-in, but at least we'll document it as such.
    
    [1] commit 1835c9e
        ("HttpResponse: speed up non-multivalue headers")
    
    Reported-by: Owen Ou <o@heroku.com>
    Ref: <CAO47=rJa=zRcLn_Xm4v2cHPr6c0UswaFC_omYFEH+baSxHOWKQ@mail.gmail.com>
    Eric Wong committed Nov 16, 2015
Commits on Nov 1, 2015
  1. unicorn 5.0.0 - most boring major release. EVER.

    An evolutionary dead-end since its announcement[1] nearly six years
    ago, this old-fashioned preforker has had enough bugs and missteps
    that it's managed to hit version 5!
    
    I wish I could say unicorn 5 is leaps and bounds better than 4, but
    it is not.  This major version change allows us to drop some cruft
    and unused features which accumulated over the years, resulting in
    several kilobytes of memory saved[2]!
    
    Compatibility:
    
    * The horrible, proprietary (:P) "Status:" response header is
      finally gone, saving at least 16 precious bytes in every HTTP
      response.  This should make it easier to write custom HTTP clients
      which are compatible across all HTTP servers.  It will hopefully
      make migrating between different Rack servers easier for new
      projects.
    
    * Ruby 1.8 support removed.  Ruby 1.9.3 is currently the earliest
      supported version.  However, expect minor, likely-unnoticeable
      performance regressions if you use Ruby 2.1 or earlier.  Going
      forward, unicorn will favor the latest version (currently 2.2) of
      the mainline Ruby implementation, potentially sacrificing
      performance on older Rubies.
    
    * Some internal, undocumented features and APIs used by
      derivative servers are gone; removing bloat and slightly lowering
      memory use.  We have never and will never endorse the use of any
      applications or middleware with a dependency on unicorn,
      applications should be written for Rack instead.
      Note: Rainbows! 5.0 will be released next week or so to be
      compatible with unicorn 5.x
    
    New features:
    
    * sd_listen_fds(3) emulation added for systemd compatibility.
      You may now stop using PID files and other process monitoring
      software when using systemd.
    
    * Newly-set TCP socket options are now applied to inherited sockets.
    
    * Dynamic changes in the application to Rack::Utils::HTTP_STATUS
      hash is now supported; allowing users to set custom status lines
      in Rack to be reflected in unicorn.  This feature causes a minor
      performance regression, but is made up for Ruby 2.2 users with
      other optimizations.
    
    * The monotonic clock is used under Ruby 2.1+, making the
      timeout feature immune to system clock changes.
    
    As unicorn may be used anonymously without registration, the
    project is committed to supporting anonymous and pseudonymous
    help requests, contributions and feedback via plain-text mail to:
    
    	unicorn-public@bogomips.org
    
    The mail submission port (587) is open to those behind firewalls
    and allows access via Tor and anonymous remailers.
    Archives are accessible via: http://bogomips.org/unicorn-public/
    and mirrored to various other places, so you do not need to use
    a valid address when posting.
    
    Finally, rest assured the core design of unicorn will never change.
    It will never use new-fangled things like threads, kqueue or epoll;
    but will always remain a preforking server serving one client
    per-process.
    
    [1] http://mid.gmane.org/20090211230457.GB22926@dcvr.yhbt.net
    [2] this would've been like, totally gnarly in the 80s!
    Eric Wong committed Nov 1, 2015
  2. manpage: reference systemd socket activation feature

    We cannot rely on users reading release notes.
    Eric Wong committed Nov 1, 2015
  3. doc updates

    ISSUES: note images are considered spam as well as HTML.
    
    Links: Clarify we may only endorse the Free versions of nginx, not the
    non-Free versions.
    
    Add a link to Starman as a unicorn derivative, as I even use Starman
    myself.  Remove yahns, since it's really the complete opposite of
    unicorn and probably not appropriate to place next to Starman and
    gunicorn
    Eric Wong committed Nov 1, 2015
  4. gemspec: relax Ruby version requirement for old RubyGems

    Older RubyGems (1.8.23.2 at least) does not seem to support
    multiple version requirements for the Ruby version; so drop
    the lower 1.9.3 requirement for now.
    Eric Wong committed Nov 1, 2015
  5. golf down conditional for socket activation

    The PID of a process can never be zero as kill(2) interprets a '0'
    PID arg as "every process in caller's process group", so there's no
    risk of the  'nil.to_i => 0'  conversion resulting in a truth value
    when compared to $$.
    Eric Wong committed Nov 1, 2015
Commits on Oct 27, 2015
  1. inheriting sockets from UNICORN_FD does not close them

    For some reason, I thought invalid descriptors passed to UNICORN_FD
    would be automatically closed by the master process; but apparently
    this hasn't been the case.  On the other hand, this bug has been
    around for over 6 years now and nobody noticed or cared enough to
    tell us, so fixing it might break existing setups.
    
    Since there may be users relying on this behavior, we cannot change
    the behavior anymore; so update the documentation and write at test
    to ensure we can never "fix" this bug at the expense of breaking
    any working setups which may be out there.
    
    Keep in mind that a before_exec hook may always be used to modify
    the UNICORN_FD environment by setting the close_on_exec flag and
    removing the appropriate descriptor from the environment.
    
    I originally intended to add the ability to inherit new listeners
    without a config file specification so systemd users can avoid
    repeating themselves in the systemd and unicorn config files,
    but apparently there is nothing to change in our code.
    Eric Wong committed Oct 27, 2015
  2. sd_listen_fds emulation cleanup

    Re-enable and expand on the test case while we're at it for new
    Rubies.  The bug is now fixed in Ruby 2.3.0dev as of r51576.  We
    shall assume anybody running a pre-release 2.3.0 at this point is
    running a fairly recent snapshot, so we won't bother doing a
    finer-grained check in the test for an exact revision number.
    Eric Wong committed Oct 27, 2015
Commits on Oct 15, 2015
  1. doc: DESIGN: update old statements.

    The statement about C exts hasn't been true since 2010 when kgio was
    unfortunately introduced.  However, I've been working on killing off
    kgio.  Maybe raindrops isn't worth it given the limits of SMP, either.
    And I'm even tempted to rewrite the HTTP parser in Ruby...
    
    Furthermore, Ruby Enterprise Edition is long gone and Ruby 2.0
    is already old, so update that bit about CoW-friendliness.
    
    While we're at it, avoid mentioning kgio at all in the Links
    document, too.
    Eric Wong committed Oct 15, 2015