-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use STOPSIGNAL SIGQUIT
instead of SIGTERM
#377
Comments
We discussed that in #167 - can you check if dangling sockets are still an issue with your approach? |
Okay, interesting. We don't use any unix sockets, so it's not an issue for us. But more generally, this It seems to me that the correct signal to send is |
(Either that or nginx should change its behaviour on |
nginx is aware of the issue, see https://trac.nginx.org/nginx/ticket/753 for more details. |
Now that https://trac.nginx.org/nginx/ticket/753 is fixed, we can try moving to SIGQUIT. |
The fix was released in |
Nginx upstream [1] uses SIGQUIT for graceful shutdown even in their container images [2]. We switch to SIGQUIT too, as current default SIGTERM immediately closes opened connections. [1] http://nginx.org/en/docs/control.html [2] nginxinc/docker-nginx#377
Nginx upstream [1] uses SIGQUIT for graceful shutdown even in their container images [2]. We switch to SIGQUIT too, as current default SIGTERM immediately closes opened connections. [1] http://nginx.org/en/docs/control.html [2] nginxinc/docker-nginx#377
Docker (and, therefore, Kubernetes) send SIGTERM as the default signal to stop containers. Docker will then wait 10 seconds before sending SIGKILL, Kubernetes will wait 30 seconds. They expect containers to exit gracefully within this grace period:
From: https://www.ctl.io/developers/blog/post/gracefully-stopping-docker-containers/
From: https://cloud.google.com/blog/products/gcp/kubernetes-best-practices-terminating-with-grace
However, this is not what nginx does:
From: http://nginx.org/en/docs/control.html
The
Dockerfile
s in this project useSTOPSIGNAL SIGTERM
(which actually isn't necessary since this is the default).What this means in practice is that when Docker or Kubernetes decide to stop a container, nginx will die immediately, closing any connections straight away:
It would be much healthier, and comply with the ethos of both Docker and Kubernetes if instead the nginx image made an effort to close all connections before shutting down. This can be achieved nicely with:
STOPSIGNAL SIGQUIT
I've verified this behaviour locally with this Dockerfile.
The text was updated successfully, but these errors were encountered: