puma 3.11.4 → 6.0.1

data/docs/compile_options.md

@@ -0,0 +1,55 @@
+# Compile Options
+
+There are some `cflags` provided to change Puma's default configuration for its
+C extension.
+
+## Query String, `PUMA_QUERY_STRING_MAX_LENGTH`
+
+By default, the max length of `QUERY_STRING` is `1024 * 10`. But you may want to
+adjust it to accept longer queries in GET requests.
+
+For manual install, pass the `PUMA_QUERY_STRING_MAX_LENGTH` option like this:
+
+```
+gem install puma -- --with-cflags="-D PUMA_QUERY_STRING_MAX_LENGTH=64000"
+```
+
+For Bundler, use its configuration system:
+
+```
+bundle config build.puma "--with-cflags='-D PUMA_QUERY_STRING_MAX_LENGTH=64000'"
+```
+
+## Request Path, `PUMA_REQUEST_PATH_MAX_LENGTH`
+
+By default, the max length of `REQUEST_PATH` is `8192`. But you may want to
+adjust it to accept longer paths in requests.
+
+For manual install, pass the `PUMA_REQUEST_PATH_MAX_LENGTH` option like this:
+
+```
+gem install puma -- --with-cflags="-D PUMA_REQUEST_PATH_MAX_LENGTH=64000"
+```
+
+For Bundler, use its configuration system:
+
+```
+bundle config build.puma "--with-cflags='-D PUMA_REQUEST_PATH_MAX_LENGTH=64000'"
+```
+
+## Request URI, `PUMA_REQUEST_URI_MAX_LENGTH`
+
+By default, the max length of `REQUEST_URI` is `1024 * 12`. But you may want to
+adjust it to accept longer URIs in requests.
+
+For manual install, pass the `PUMA_REQUEST_URI_MAX_LENGTH` option like this:
+
+```
+gem install puma -- --with-cflags="-D PUMA_REQUEST_URI_MAX_LENGTH=64000"
+```
+
+For Bundler, use its configuration system:
+
+```
+bundle config build.puma "--with-cflags='-D PUMA_REQUEST_URI_MAX_LENGTH=64000'"
+```

data/docs/deployment.md

@@ -1,33 +1,32 @@
-# Deployment engineering for puma
+# Deployment engineering for Puma
 
-Puma is software that is expected to be run in a deployed environment eventually.
-You can certainly use it as your dev server only, but most people look to use
-it in their production deployments as well.
+Puma expects to be run in a deployed environment eventually. You can use it as
+your development server, but most people use it in their production deployments.
 
-To that end, this is meant to serve as a foundation of wisdom how to do that
-in a way that increases happiness and decreases downtime.
+To that end, this document serves as a foundation of wisdom regarding deploying
+Puma to production while increasing happiness and decreasing downtime.
 
-## Specifying puma
+## Specifying Puma
 
-Most people want to do this by putting `gem "puma"` into their Gemfile, so we'll
-go ahead and assume that. Go add it now... we'll wait.
+Most people will specify Puma by including `gem "puma"` in a Gemfile, so we'll
+assume this is how you're using Puma.
 
+## Single vs. Cluster mode
 
-Welcome back!
+Initially, Puma was conceived as a thread-only web server, but support for
+processes was added in version 2.
 
-## Single vs Cluster mode
+To run `puma` in single mode (i.e., as a development environment), set the
+number of workers to 0; anything higher will run in cluster mode.
 
-Puma was originally conceived as a thread-only webserver, but grew the ability to
-also use processes in version 2.
-
-Here are some rules of thumb:
+Here are some tips for cluster mode:
 
 ### MRI
 
-* Use cluster mode and set the number of workers to 1.5x the number of cpu cores
-  in the machine, minimum 2.
-* Set the number of threads to desired concurrent requests / number of workers.
-  Puma defaults to 16 and that's a decent number.
+* Use cluster mode and set the number of workers to 1.5x the number of CPU cores
+  in the machine, starting from a minimum of 2.
+* Set the number of threads to desired concurrent requests/number of workers.
+  Puma defaults to 5, and that's a decent number.
 
 #### Migrating from Unicorn
 
@@ -35,57 +34,69 @@ Here are some rules of thumb:
   * Set workers to half the number of unicorn workers you're using
   * Set threads to 2
   * Enjoy 50% memory savings
-* As you grow more confident in the thread safety of your app, you can tune the
+* As you grow more confident in the thread-safety of your app, you can tune the
   workers down and the threads up.
 
+#### Ubuntu / Systemd (Systemctl) Installation
+
+See [systemd.md](systemd.md)
+
 #### Worker utilization
 
-**How do you know if you're got enough (or too many workers)?**
+**How do you know if you've got enough (or too many workers)?**
+
+A good question. Due to MRI's GIL, only one thread can be executing Ruby code at
+a time. But since so many apps are waiting on IO from DBs, etc., they can
+utilize threads to use the process more efficiently.
+
+Generally, you never want processes that are pegged all the time. That can mean
+there is more work to do than the process can get through. On the other hand, if
+you have processes that sit around doing nothing, then they're just eating up
+resources.
+
+Watch your CPU utilization over time and aim for about 70% on average. 70%
+utilization means you've got capacity still but aren't starving threads.
+
+**Measuring utilization**
 
-A good question. Due to MRI's GIL, only one thread can be executing Ruby code at a time.
-But since so many apps are waiting on IO from DBs, etc., they can utilize threads
-to make better use of the process.
+Using a timestamp header from an upstream proxy server (e.g., `nginx` or
+`haproxy`) makes it possible to indicate how long requests have been waiting for
+a Puma thread to become available.
 
-The rule of thumb is you never want processes that are pegged all the time. This
-means that there is more work to do that the process can get through. On the other
-hand, if you have processes that sit around doing nothing, then they're just eating
-up resources.
+* Have your upstream proxy set a header with the time it received the request:
+    * nginx: `proxy_set_header X-Request-Start "${msec}";`
+    * haproxy >= 1.9: `http-request set-header X-Request-Start
+      t=%[date()]%[date_us()]`
+    * haproxy < 1.9: `http-request set-header X-Request-Start t=%[date()]`
+* In your Rack middleware, determine the amount of time elapsed since
+  `X-Request-Start`.
+* To improve accuracy, you will want to subtract time spent waiting for slow
+  clients:
+    * `env['puma.request_body_wait']` contains the number of milliseconds Puma
+      spent waiting for the client to send the request body.
+    * haproxy: `%Th` (TLS handshake time) and `%Ti` (idle time before request)
+      can can also be added as headers.
 
-Watching your CPU utilization over time and aim for about 70% on average. This means
-you've got capacity still but aren't starving threads.
+## Should I daemonize?
 
-## Daemonizing
+The Puma 5.0 release removed daemonization. For older versions and alternatives,
+continue reading.
 
-I prefer to not daemonize my servers and use something like `runit` or `upstart` to
-monitor them as child processes. This gives them fast response to crashes and
+I prefer not to daemonize my servers and use something like `runit` or `systemd`
+to monitor them as child processes. This gives them fast response to crashes and
 makes it easy to figure out what is going on. Additionally, unlike `unicorn`,
-puma does not require daemonization to do zero-downtime restarts.
+Puma does not require daemonization to do zero-downtime restarts.
 
-I see people using daemonization because they start puma directly via capistrano
-task and thus want it to live on past the `cap deploy`. To this people I said:
-You need to be using a process monitor. Nothing is making sure puma stays up in
-this scenario! You're just waiting for something weird to happen, puma to die,
-and to get paged at 3am. Do yourself a favor, at least the process monitoring
-your OS comes with, be it `sysvinit`, `upstart`, or `systemd`. Or branch out
-and use `runit` or hell, even `monit`.
+I see people using daemonization because they start puma directly via Capistrano
+task and thus want it to live on past the `cap deploy`. To these people, I say:
+You need to be using a process monitor. Nothing is making sure Puma stays up in
+this scenario! You're just waiting for something weird to happen, Puma to die,
+and to get paged at 3 AM. Do yourself a favor, at least the process monitoring
+your OS comes with, be it `sysvinit` or `systemd`. Or branch out and use `runit`
+or hell, even `monit`.
 
 ## Restarting
 
 You probably will want to deploy some new code at some point, and you'd like
-puma to start running that new code. Minimizing the amount of time the server
-is unavailable would be nice as well. Here's how to do it:
-
-1. Don't use `preload!`. This dirties the master process and means it will have
-to shutdown all the workers and re-exec itself to get your new code. It is not compatible with phased-restart and `prune_bundler` as well.
-
-1. Use `prune_bundler`. This makes it so that the cluster master will detach itself
-from a Bundler context on start. This allows the cluster workers to load your app
-and start a brand new Bundler context within the worker only. This means your
-master remains pristine and can live on between new releases of your code.
-
-1. Use phased-restart (`SIGUSR1` or `pumactl phased-restart`). This tells the master
-to kill off one worker at a time and restart them in your new code. This minimizes
-downtime and staggers the restart nicely. **WARNING** This means that both your
-old code and your new code will be running concurrently. Most deployment solutions
-already cause that, but it's worth warning you about it again. Be careful with your
-migrations, etc!
+Puma to start running that new code. There are a few options for restarting
+Puma, described separately in our [restart documentation](restart.md).

data/docs/fork_worker.md

@@ -0,0 +1,31 @@
+# Fork-Worker Cluster Mode [Experimental]
+
+Puma 5 introduces an experimental new cluster-mode configuration option, `fork_worker` (`--fork-worker` from the CLI). This mode causes Puma to fork additional workers from worker 0, instead of directly from the master process:
+
+```
+10000   \_ puma 4.3.3 (tcp://0.0.0.0:9292) [puma]
+10001       \_ puma: cluster worker 0: 10000 [puma]
+10002           \_ puma: cluster worker 1: 10000 [puma]
+10003           \_ puma: cluster worker 2: 10000 [puma]
+10004           \_ puma: cluster worker 3: 10000 [puma]
+```
+
+The `fork_worker` option allows your application to be initialized only once for copy-on-write memory savings, and it has two additional advantages:
+
+1. **Compatible with phased restart.** Because the master process itself doesn't preload the application, this mode works with phased restart (`SIGUSR1` or `pumactl phased-restart`). When worker 0 reloads as part of a phased restart, it initializes a new copy of your application first, then the other workers reload by forking from this new worker already containing the new preloaded application.
+
+   This allows a phased restart to complete as quickly as a hot restart (`SIGUSR2` or `pumactl restart`), while still minimizing downtime by staggering the restart across cluster workers.
+
+2. **'Refork' for additional copy-on-write improvements in running applications.** Fork-worker mode introduces a new `refork` command that re-loads all nonzero workers by re-forking them from worker 0.
+
+   This command can potentially improve memory utilization in large or complex applications that don't fully pre-initialize on startup, because the re-forked workers can share copy-on-write memory with a worker that has been running for a while and serving requests.
+
+   You can trigger a refork by sending the cluster the `SIGURG` signal or running the `pumactl refork` command at any time. A refork will also automatically trigger once, after a certain number of requests have been processed by worker 0 (default 1000). To configure the number of requests before the auto-refork, pass a positive integer argument to `fork_worker` (e.g., `fork_worker 1000`), or `0` to disable.
+
+### Limitations
+
+- This mode is still very experimental so there may be bugs or edge-cases, particularly around expected behavior of existing hooks. Please open a [bug report](https://github.com/puma/puma/issues/new?template=bug_report.md) if you encounter any issues.
+
+- In order to fork new workers cleanly, worker 0 shuts down its server and stops serving requests so there are no open file descriptors or other kinds of shared global state between processes, and to maximize copy-on-write efficiency across the newly-forked workers. This may temporarily reduce total capacity of the cluster during a phased restart / refork.
+
+  In a cluster with `n` workers, a normal phased restart stops and restarts workers one by one while the application is loaded in each process, so `n-1` workers are available serving requests during the restart. In a phased restart in fork-worker mode, the application is first loaded in worker 0 while `n-1` workers are available, then worker 0 remains stopped while the rest of the workers are reloaded one by one, leaving only `n-2` workers to be available for a brief period of time. Reloading the rest of the workers should be quick because the application is preloaded at that point, but there may be situations where it can take longer (slow clients, long-running application code, slow worker-fork hooks, etc).

data/docs/jungle/README.md

@@ -0,0 +1,9 @@
+# Puma as a service
+
+## Systemd
+
+See [/docs/systemd](https://github.com/puma/puma/blob/master/docs/systemd.md).
+
+## rc.d
+
+See `/docs/jungle/rc.d` for FreeBSD's rc.d scripts

data/{tools → docs}/jungle/rc.d/README.md

@@ -1,6 +1,6 @@
 # Puma as a service using rc.d
 
-Manage multilpe Puma servers as services on one box using FreeBSD's rc.d service.
+Manage multiple Puma servers as services on one box using FreeBSD's rc.d service.
 
 ## Dependencies
 

data/{tools → docs}/jungle/rc.d/puma

@@ -23,7 +23,7 @@ puma_start()
 		rb_ver=$(/usr/local/bin/jq -r ".servers[$i].ruby_version" /usr/local/etc/puma.conf)
 		case $rb_env in
 			"rbenv")
-				su - $user -c "cd $dir && rbenv shell $rb_ver && bundle exec puma -C $dir/config/puma.rb -d"
+				cd $dir && rbenv shell $rb_ver && /usr/sbin/daemon -u $user bundle exec puma -C $dir/config/puma.rb
 				;;
 			*)
 				;;
@@ -48,7 +48,7 @@ puma_restart()
 		rb_ver=$(/usr/local/bin/jq -r ".servers[$i].ruby_version" /usr/local/etc/puma.conf)
 		case $rb_env in
 			"rbenv")
-				su - $user -c "cd $dir && pkill ruby && rbenv shell $ruby_version && bundle exec puma -C $dir/config/puma.rb -d"
+				cd $dir && rbenv shell $rb_ver && /usr/sbin/daemon -u $user bundle exec puma -C $dir/config/puma.rb
 				;;
 			*)
 				;;

data/docs/kubernetes.md

@@ -0,0 +1,66 @@
+# Kubernetes
+
+## Running Puma in Kubernetes
+
+In general running Puma in Kubernetes works as-is, no special configuration is needed beyond what you would write anyway to get a new Kubernetes Deployment going. There is one known interaction between the way Kubernetes handles pod termination and how Puma handles `SIGINT`, where some request might be sent to Puma after it has already entered graceful shutdown mode and is no longer accepting requests. This can lead to dropped requests during rolling deploys. A workaround for this is listed at the end of this article.
+
+## Basic setup
+
+Assuming you already have a running cluster and docker image repository, you can run a simple Puma app with the following example Dockerfile and Deployment specification. These are meant as examples only and are deliberately very minimal to the point of skipping many options that are recommended for running in production, like healthchecks and envvar configuration with ConfigMaps. In general you should check the [Kubernetes documentation](https://kubernetes.io/docs/home/) and [Docker documentation](https://docs.docker.com/) for a more comprehensive overview of the available options.
+
+A basic Dockerfile example: 
+```
+FROM ruby:2.5.1-alpine # can be updated to newer ruby versions
+RUN apk update && apk add build-base # and any other packages you need 
+
+# Only rebuild gem bundle if Gemfile changes
+COPY Gemfile Gemfile.lock ./
+RUN bundle install
+
+# Copy over the rest of the files
+COPY . .
+
+# Open up port and start the service
+EXPOSE 9292
+CMD bundle exec rackup -o 0.0.0.0
+```
+
+A sample `deployment.yaml`:
+```
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: my-awesome-puma-app
+spec:
+  selector:
+    matchLabels:
+      app: my-awesome-puma-app
+  template:
+    metadata:
+      labels:
+        app: my-awesome-puma-app
+        service: my-awesome-puma-app
+    spec:
+      containers:
+      - name: my-awesome-puma-app
+        image: <your image here>
+        ports:
+        - containerPort: 9292
+``` 
+
+## Graceful shutdown and pod termination
+
+For some high-throughput systems, it is possible that some HTTP requests will return responses with response codes in the 5XX range during a rolling deploy to a new version. This is caused by [the way that Kubernetes terminates a pod during rolling deploys](https://cloud.google.com/blog/products/gcp/kubernetes-best-practices-terminating-with-grace):
+
+1. The replication controller determines a pod should be shut down.
+2. The Pod is set to the “Terminating” State and removed from the endpoints list of all Services, so that it receives no more requests.
+3. The pods pre-stop hook get called. The default for this is to send `SIGTERM` to the process inside the pod.
+4. The pod has up to `terminationGracePeriodSeconds` (default: 30 seconds) to gracefully shut down. Puma will do this (after it receives SIGTERM) by closing down the socket that accepts new requests and finishing any requests already running before exiting the Puma process.
+5. If the pod is still running after `terminationGracePeriodSeconds` has elapsed, the pod receives `SIGKILL` to make sure the process inside it stops. After that, the container exits and all other Kubernetes objects associated with it are cleaned up.
+
+There is a subtle race condition between step 2 and 3: The replication controller does not synchronously remove the pod from the Services AND THEN call the pre-stop hook of the pod, but rather it asynchronously sends "remove this pod from your endpoints" requests to the Services and then immediately proceeds to invoke the pods' pre-stop hook. If the Service controller (typically something like nginx or haproxy) receives this request handles this request "too" late (due to internal lag or network latency between the replication and Service controllers) then it is possible that the Service controller will send one or more requests to a Puma process which has already shut down its listening socket. These requests will then fail with 5XX error codes.
+
+The way Kubernetes works this way, rather than handling step 2 synchronously, is due to the CAP theorem: in a distributed system there is no way to guarantee that any message will arrive promptly. In particular, waiting for all Service controllers to report back might get stuck for an indefinite time if one of them has already been terminated or if there has been a net split. A way to work around this is to add a sleep to the pre-stop hook of the same time as the `terminationGracePeriodSeconds` time. This will allow the Puma process to keep serving new requests during the entire grace period, although it will no longer receive new requests after all Service controllers have propagated the removal of the pod from their endpoint lists. Then, after `terminationGracePeriodSeconds`, the pod receives `SIGKILL` and closes down. If your process can't handle SIGKILL properly, for example because it needs to release locks in different services, you can also sleep for a shorter period (and/or increase `terminationGracePeriodSeconds`) as long as the time slept is longer than the time that your Service controllers take to propagate the pod removal. The downside of this workaround is that all pods will take at minimum the amount of time slept to shut down and this will increase the time required for your rolling deploy.
+
+More discussions and links to relevant articles can be found in https://github.com/puma/puma/issues/2343.

data/docs/nginx.md

@@ -2,7 +2,7 @@
 
 This is a very common setup using an upstream. It was adapted from some Capistrano recipe I found on the Internet a while ago.
 
-```
+```nginx
 upstream myapp {
   server unix:///myapp/tmp/puma.sock;
 }
@@ -31,7 +31,7 @@ server {
 
   location / {
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header Host $http_host;
+    proxy_set_header Host $host;
 
     # If the file exists as a static file serve it directly without
     # running all the other rewrite tests on it

data/docs/plugins.md

@@ -1,28 +1,38 @@
 ## Plugins
 
-Puma 3.0 added support for plugins that can augment configuration and service operations.
+Puma 3.0 added support for plugins that can augment configuration and service
+operations.
 
-2 canonical plugins to look to aid in development of further plugins:
+There are two canonical plugins to aid in the development of new plugins:
 
-* [tmp\_restart](https://github.com/puma/puma/blob/master/lib/puma/plugin/tmp_restart.rb): Restarts the server if the file `tmp/restart.txt` is touched
-* [heroku](https://github.com/puma/puma-heroku/blob/master/lib/puma/plugin/heroku.rb): Packages up the default configuration used by puma on Heroku
+* [tmp\_restart](https://github.com/puma/puma/blob/master/lib/puma/plugin/tmp_restart.rb):
+  Restarts the server if the file `tmp/restart.txt` is touched
+* [heroku](https://github.com/puma/puma-heroku/blob/master/lib/puma/plugin/heroku.rb):
+  Packages up the default configuration used by Puma on Heroku (being sunset
+  with the release of Puma 5.0)
 
-Plugins are activated in a puma configuration file (such as `config/puma.rb'`) by adding `plugin "name"`, such as `plugin "heroku"`.
+Plugins are activated in a Puma configuration file (such as `config/puma.rb'`)
+by adding `plugin "name"`, such as `plugin "heroku"`.
 
-Plugins are activated based simply on path requirements so, activating the `heroku` plugin will simply be doing `require "puma/plugin/heroku"`. This allows gems to provide multiple plugins (as well as unrelated gems to provide puma plugins).
+Plugins are activated based on path requirements so, activating the `heroku`
+plugin is much like `require "puma/plugin/heroku"`. This allows gems to provide
+multiple plugins (as well as unrelated gems to provide Puma plugins).
 
-The `tmp_restart` plugin is bundled with puma, so it can always be used.
+The `tmp_restart` plugin comes with Puma, so it is always available.
 
 To use the `heroku` plugin, add `puma-heroku` to your Gemfile or install it.
 
 ### API
 
-At present, there are 2 hooks that plugins can use: `start` and `config`.
+## Server-wide hooks
 
-`start` runs when the server has started and allows the plugin to start other functionality to augment puma.
+Plugins can use a couple of hooks at the server level: `start` and `config`.
 
-`config` runs when the server is being configured and is passed a `Puma::DSL` object that can be used to add additional configuration.
+`start` runs when the server has started and allows the plugin to initiate other
+functionality to augment Puma.
 
-Any public methods in `Puma::Plugin` are the public API that any plugin may use.
+`config` runs when the server is being configured and receives a `Puma::DSL`
+object that is useful for additional configuration.
 
-In the future, more hooks and APIs will be added.
+Public methods in [`Puma::Plugin`](../lib/puma/plugin.rb) are treated as a
+public API for plugins.

data/docs/rails_dev_mode.md

@@ -0,0 +1,28 @@
+# Running Puma in Rails Development Mode
+
+## "Loopback requests" 
+
+Be cautious of "loopback requests," where a Rails application executes a request to a server that, in turn, results in another request back to the same Rails application before the first request completes. Having a loopback request will trigger [Rails' load interlock](https://guides.rubyonrails.org/threading_and_code_execution.html#load-interlock) mechanism. The load interlock mechanism prevents a thread from using Rails autoloading mechanism to load constants while the application code is still running inside another thread.
+
+This issue only occurs in the development environment as Rails' load interlock is not used in production environments. Although we're not sure, we believe this issue may not occur with the new `zeitwerk` code loader.
+
+### Solutions
+
+#### 1. Bypass Rails' load interlock with `.permit_concurrent_loads`
+
+Wrap the first request inside a block that will allow concurrent loads: [`ActiveSupport::Dependencies.interlock.permit_concurrent_loads`](https://guides.rubyonrails.org/threading_and_code_execution.html#permit-concurrent-loads). Anything wrapped inside the `.permit_concurrent_loads` block will bypass the load interlock mechanism, allowing new threads to access the Rails environment and boot properly. 
+
+###### Example 
+
+```ruby
+response = ActiveSupport::Dependencies.interlock.permit_concurrent_loads do
+  # Your HTTP request code here. For example:
+  Faraday.post url, data: 'foo'
+end
+
+do_something_with response
+```
+
+####  2. Use multiple processes on Puma
+
+Alternatively, you may also enable multiple (single-threaded) workers on Puma. By doing so, you are sidestepping the problem by creating multiple processes rather than new threads. However, this workaround is not ideal because debugging tools such as [byebug](https://github.com/deivid-rodriguez/byebug/issues/487) and [pry](https://github.com/pry/pry/issues/2153), work poorly with any multi-process web server. 

data/docs/restart.md

@@ -1,39 +1,64 @@
-# Restarts
+Puma provides three distinct kinds of restart operations, each for different use cases. This document describes "hot restarts" and "phased restarts." The third kind of restart operation is called "refork" and is described in the documentation for [`fork_worker`](fork_worker.md).
 
-To perform a restart, there are 3 builtin mechanisms:
+## Hot restart
 
-  * Send the `puma` process the `SIGUSR2` signal
-  * Send the `puma` process the `SIGUSR1` signal (rolling restart, cluster mode only)
-  * Use the status server and issue `/restart`
+To perform a "hot" restart, Puma performs an `exec` operation to start the process up again, so no memory is shared between the old process and the new process. As a result, it is safe to issue a restart at any place where you would manually stop Puma and start it again. In particular, it is safe to upgrade Puma itself using a hot restart.
 
-No code is shared between the current and restarted process, so it should be safe to issue a restart any place where you would manually stop Puma and start it again.
+If the new process is unable to load, it will simply exit. You should therefore run Puma under a process monitor when using it in production.
 
-If the new process is unable to load, it will simply exit. You should therefore run Puma under a process monitor (see below) when using it in production.
+### How-to
 
-### Normal vs Hot vs Phased Restart
+Any of the following will cause a Puma server to perform a hot restart: 
 
-A hot restart means that no requests will be lost while deploying your new code, since the server socket is kept open between restarts.
+* Send the `puma` process the `SIGUSR2` signal
+* Issue a `GET` request to the Puma status/control server with the path `/restart`
+* Issue `pumactl restart` (this uses the control server method if available, otherwise sends the `SIGUSR2` signal to the process)
 
-But beware, hot restart does not mean that the incoming requests won’t hang for multiple seconds while your new code has not fully deployed. If you need a zero downtime and zero hanging requests deploy, you must use phased restart.
+### Supported configurations
 
-When you run pumactl phased-restart, Puma kills workers one-by-one, meaning that at least another worker is still available to serve requests, which lead to zero hanging requests (yay!).
+* Works in cluster mode and single mode
+* Supported on all platforms
 
-But again beware, upgrading an application sometimes involves upgrading the database schema. With phased restart, there may be a moment during the deployment where processes belonging to the previous version and processes belonging to the new version both exist at the same time. Any database schema upgrades you perform must therefore be backwards-compatible with the old application version.
+### Client experience
 
-If you perform a lot of database migrations, you probably should not use phased restart and use a normal/hot restart instead (`pumactl restart`). That way, no code is shared while deploying (in that case, `preload_app!` might help for quicker deployment, see ["Clustered Mode" in the README](../README.md#clustered-mode)).
+* All platforms: clients with an in-flight request are served responses before the connection is closed gracefully. Puma gracefully disconnects any idle HTTP persistent connections before restarting.
+* On MRI or TruffleRuby on Linux and BSD: Clients who connect just before the server restarts may experience increased latency while the server stops and starts again, but their connections will not be closed prematurely.
+* On Windows and JRuby: Clients who connect just before a restart may experience "connection reset" errors.
 
-### Release Directory
+### Additional notes
 
-If your symlink releases into a common working directory (i.e., `/current` from Capistrano), Puma won't pick up your new changes when running phased restarts without additional configuration. You should set your working directory within Puma's config to specify the directory it should use. This is a change from earlier versions of Puma (< 2.15) that would infer the directory for you.
+* Only one version of the application is running at a time.
+* `on_restart` is invoked just before the server shuts down. This can be used to clean up resources (like long-lived database connections) gracefully. Since Ruby 2.0, it is not typically necessary to explicitly close file descriptors on restart. This is because any file descriptor opened by Ruby will have the `FD_CLOEXEC` flag set, meaning that file descriptors are closed on `exec`. `on_restart` is useful, though, if your application needs to perform any more graceful protocol-specific shutdown procedures before closing connections.
 
-```ruby
-# config/puma.rb
+## Phased restart
 
-directory '/var/www/current'
-```
+Phased restarts replace all running workers in a Puma cluster. This is a useful way to upgrade the application that Puma is serving gracefully. A phased restart works by first killing an old worker, then starting a new worker, waiting until the new worker has successfully started before proceeding to the next worker. This process continues until all workers are replaced. The master process is not restarted.
 
-### Cleanup Code
+### How-to
 
-Puma isn't able to understand all the resources that your app may use, so it provides a hook in the configuration file you pass to `-C` called `on_restart`. The block passed to `on_restart` will be called, unsurprisingly, just before Puma restarts itself.
+Any of the following will cause a Puma server to perform a phased restart: 
 
-You should place code to close global log files, redis connections, etc. in this block so that their file descriptors don't leak into the restarted process. Failure to do so will result in slowly running out of descriptors and eventually obscure crashes as the server is restarted many times.
+* Send the `puma` process the `SIGUSR1` signal
+* Issue a `GET` request to the Puma status/control server with the path `/phased-restart`
+* Issue `pumactl phased-restart` (this uses the control server method if available, otherwise sends the `SIGUSR1` signal to the process)
+
+### Supported configurations
+
+* Works in cluster mode only
+* To support upgrading the application that Puma is serving, ensure `prune_bundler` is enabled and that `preload_app!` is disabled
+* Supported on all platforms where cluster mode is supported
+
+### Client experience
+
+* In-flight requests are always served responses before the connection is closed gracefully
+* Idle persistent connections are gracefully disconnected
+* New connections are not lost, and clients will not experience any increase in latency (as long as the number of configured workers is greater than one)
+
+### Additional notes
+
+* When a phased restart begins, the Puma master process changes its current working directory to the directory specified by the `directory` option. If `directory` is set to symlink, this is automatically re-evaluated, so this mechanism can be used to upgrade the application.
+* On a single server, it's possible that two versions of the application are running concurrently during a phased restart.
+* `on_restart` is not invoked
+* Phased restarts can be slow for Puma clusters with many workers. Hot restarts often complete more quickly, but at the cost of increased latency during the restart.
+* Phased restarts cannot be used to upgrade any gems loaded by the Puma master process, including `puma` itself, anything in `extra_runtime_dependencies`, or dependencies thereof. Upgrading other gems is safe.
+* If you remove the gems from old releases as part of your deployment strategy, there are additional considerations. Do not put any gems into `extra_runtime_dependencies` that have native extensions or have dependencies that have native extensions (one common example is `puma_worker_killer` and its dependency on `ffi`). Workers will fail on boot during a phased restart. The underlying issue is recorded in [an issue on the rubygems project](https://github.com/rubygems/rubygems/issues/4004). Hot restarts are your only option here if you need these dependencies.

data/docs/signals.md

@@ -1,8 +1,8 @@
-The [unix signal](http://en.wikipedia.org/wiki/Unix_signal) is a method of sending messages between [processes](http://en.wikipedia.org/wiki/Process_(computing)). When a signal is sent, the operating system interrupts the target process's normal flow of execution. There are standard signals that are used to stop a process but there are also custom signals that can be used for other purposes. This document is an attempt to list all supported signals that Puma will respond to. In general, signals need only be sent to the master process of a cluster.
+The [unix signal](https://en.wikipedia.org/wiki/Unix_signal) is a method of sending messages between [processes](https://en.wikipedia.org/wiki/Process_(computing)). When a signal is sent, the operating system interrupts the target process's normal flow of execution. There are standard signals that are used to stop a process, but there are also custom signals that can be used for other purposes. This document is an attempt to list all supported signals that Puma will respond to. In general, signals need only be sent to the master process of a cluster.
 
 ## Sending Signals
 
-If you are new to signals it can be useful to see how they can be used. When a process is created in a *nix like operating system it will have a [PID - or process identifier](http://en.wikipedia.org/wiki/Process_identifier) that can be used to send signals to the process. For demonstration we will create an infinitely running process by tailing a file:
+If you are new to signals, it can be helpful to see how they are used. When a process starts in a *nix-like operating system, it will have a [PID - or process identifier](https://en.wikipedia.org/wiki/Process_identifier) that can be used to send signals to the process. For demonstration, we will create an infinitely running process by tailing a file:
 
 ```sh
 $ echo "foo" >> my.log
@@ -10,24 +10,24 @@ $ irb
 > pid = Process.spawn 'tail -f my.log'
 ```
 
-From here we can see that the tail process is running by using the `ps` command:
+From here, we can see that the tail process is running by using the `ps` command:
 
 ```sh
 $ ps aux | grep tail
 schneems        87152   0.0  0.0  2432772    492 s032  S+   12:46PM   0:00.00 tail -f my.log
 ```
 
-You can send a signal in Ruby using the [Process module](http://www.ruby-doc.org/core-2.1.1/Process.html#kill-method):
+You can send a signal in Ruby using the [Process module](https://www.ruby-doc.org/core-2.1.1/Process.html#kill-method):
 
 ```
 $ irb
 > puts pid
 => 87152
-Process.detach(pid) # http://ruby-doc.org/core-2.1.1/Process.html#method-c-detach
+Process.detach(pid) # https://ruby-doc.org/core-2.1.1/Process.html#method-c-detach
 Process.kill("TERM", pid)
 ```
 
-Now you will see via `ps` that there is no more `tail` process. Sometimes when referring to signals the `SIG` prefix will be used for instance `SIGTERM` is equivalent to sending `TERM` via `Process.kill`.
+Now you will see via `ps` that there is no more `tail` process. Sometimes when referring to signals, the `SIG` prefix will be used. For example, `SIGTERM` is equivalent to sending `TERM` via `Process.kill`.
 
 ## Puma Signals
 
@@ -35,12 +35,14 @@ Puma cluster responds to these signals:
 
 - `TTIN` increment the worker count by 1
 - `TTOU` decrement the worker count by 1
-- `TERM` send `TERM` to worker. Worker will attempt to finish then exit.
-- `USR2` restart workers. This also reloads puma configuration file, if there is one.
-- `USR1` restart workers in phases, a rolling restart. This will not reload configuration file.
-- `HUP`  reopen log files defined in stdout_redirect configuration parameter. If there is no stdout_redirect option provided it will behave like `INT`
-- `INT` equivalent of sending Ctrl-C to cluster. Will attempt to finish then exit.
+- `TERM` send `TERM` to worker. The worker will attempt to finish then exit.
+- `USR2` restart workers. This also reloads the Puma configuration file, if there is one.
+- `USR1` restart workers in phases, a rolling restart. This will not reload the configuration file.
+- `HUP ` reopen log files defined in stdout_redirect configuration parameter. If there is no stdout_redirect option provided, it will behave like `INT`
+- `INT ` equivalent of sending Ctrl-C to cluster. Puma will attempt to finish then exit.
 - `CHLD`
+- `URG ` refork workers in phases from worker 0 if `fork_workers` option is enabled.
+- `INFO` print backtraces of all puma threads
 
 ## Callbacks order in case of different signals