Hello, We are having a lot of connection issues between nginx and unicorn, but we don't know exactly where is the issue. Can somebody help us?
Exemple from our nginx logs: [error] 6#6: *4269348 connect() failed (111: Connection refused) while connecting to upstream, client: 10.2.2.252, server: _, request: "POST /api/v1/documents?access_token=.... [error] 6#6: *4269169 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 10.2.10.120, server: _, request: "GET /api/v1/documents/..... [error] 6#6: *4268896 upstream timed out (110: Operation timed out) while connecting to upstream, client: 10.2.2.252, server: _, request: "GET /accounts/.... HTTP/1.1", upstream: "http://172.20.214.176:80/accounts...";, host: "app.clicksign.com", referrer: "https://app.clicksign.com/..."; ############ Unicorn configuration file: # frozen_string_literal: true listen 8080 worker_processes 4 timeout 60 preload_app true GC.respond_to?(:copy_on_write_friendly=) && (GC.copy_on_write_friendly = true) before_fork do |server, worker| Signal.trap 'TERM' do puts 'Unicorn master intercepting TERM and sending myself QUIT instead' Process.kill 'QUIT', Process.pid end defined?(ActiveRecord::Base) && ActiveRecord::Base.connection.disconnect! old_pid = "#{server.config[:pid]}.oldbin" if old_pid != server.pid begin sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU Process.kill(sig, File.read(old_pid).to_i) rescue Errno::ENOENT, Errno::ESRCH end end sleep 1 end after_fork do |_server, _worker| Signal.trap 'TERM' do puts 'Unicorn worker intercepting TERM and doing nothing. Wait for master to send QUIT' end defined?(ActiveRecord::Base) && ActiveRecord::Base.establish_connection end ############ nginx configuration file: proxy_cache_path /var/cache/nginx/ levels=1:2 keys_zone=assets_cache:10m max_size=1g inactive=60m use_temp_path=off; resolver kube-dns.kube-system.svc.cluster.local valid=5s; upstream backend { server unicorn; } server { server_name _; server_tokens off; keepalive_timeout 5; client_max_body_size 100M; client_body_buffer_size 30M; sendfile on; tcp_nopush on; tcp_nodelay off; gzip on; gzip_min_length 1000; gzip_proxied any; gzip_buffers 16 8k; gzip_http_version 1.0; gzip_types text/css text/plain text/javascript application/javascript application/json application/x-javascript application/xml application/xml+rss application/xhtml+xml application/x-font-ttf application/x-font-opentype application/vnd.ms-fontobject image/svg+xml image/x-icon application/rss+xml application/atom_xml; location /healthcheck { return 204; } location ~* ^/(fonts|webfonts|assets|packs) { proxy_redirect off; proxy_cache assets_cache; proxy_cache_valid 120m; proxy_pass http://backend; add_header Cache-Control public; if ($http_origin ~ '^((https*?:\/\/).*?((\.clicksign)\.(com|me|dev)))($|\/.*$)$' ){ add_header Access-Control-Allow-Origin $http_origin; } expires max; } location / { proxy_pass http://backend; proxy_redirect off; proxy_read_timeout 60; proxy_set_header Host $http_host; } } ###### Thanks, Michael Belfer Bernstein [email protected] https://www.clicksign.com | https://www.fluxia.com.br -- A informação contida nesta mensagem e seus anexos é considerada secreta, para uso exclusivo de seu destinatário. Caso você não seja o destinatário, notifique o remetente e elimine esta mensagem. The information contained in this message and respective attachments is secret, to be used exclusively by its addressee. If you are not the intended addressee, please notify the sender and delete this message.
