puma 5.0.4 → 5.6.4

data/README.md

@@ -2,7 +2,7 @@
   <img src="https://puma.io/images/logos/puma-logo-large.png">
 </p>
 
-# Puma: A Ruby Web Server Built For Concurrency
+# Puma: A Ruby Web Server Built For Parallelism
 
 [![Actions MRI](https://github.com/puma/puma/workflows/MRI/badge.svg?branch=master)](https://github.com/puma/puma/actions?query=workflow%3AMRI)
 [![Actions non MRI](https://github.com/puma/puma/workflows/non_MRI/badge.svg?branch=master)](https://github.com/puma/puma/actions?query=workflow%3Anon_MRI)
@@ -10,13 +10,13 @@
 [![SemVer](https://api.dependabot.com/badges/compatibility_score?dependency-name=puma&package-manager=bundler&version-scheme=semver)](https://dependabot.com/compatibility-score.html?dependency-name=puma&package-manager=bundler&version-scheme=semver)
 [![StackOverflow](https://img.shields.io/badge/stackoverflow-Puma-blue.svg)]( https://stackoverflow.com/questions/tagged/puma )
 
-Puma is a **simple, fast, multi-threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications**.
+Puma is a **simple, fast, multi-threaded, and highly parallel HTTP 1.1 server for Ruby/Rack applications**.
 
-## Built For Speed &amp; Concurrency
+## Built For Speed &amp; Parallelism
 
-Puma processes requests using a C-optimized Ragel extension (inherited from Mongrel) that provides fast, accurate HTTP 1.1 protocol parsing in a portable way. Puma then serves the request using a thread pool. Each request is served in a separate thread, so truly concurrent Ruby implementations (JRuby, Rubinius) will use all available CPU cores.
+Puma processes requests using a C-optimized Ragel extension (inherited from Mongrel) that provides fast, accurate HTTP 1.1 protocol parsing in a portable way. Puma then serves the request using a thread pool. Each request is served in a separate thread, so truly parallel Ruby implementations (JRuby, Rubinius) will use all available CPU cores.
 
-Puma was designed to be the go-to server for [Rubinius](https://rubinius.com), but also works well with JRuby and MRI.
+Originally designed as a server for [Rubinius](https://github.com/rubinius/rubinius), Puma also works well with Ruby (MRI) and JRuby.
 
 On MRI, there is a Global VM Lock (GVL) that ensures only one thread can run Ruby code at a time. But if you're doing a lot of blocking IO (such as HTTP calls to external APIs like Twitter), Puma still improves MRI's throughput by allowing IO waiting to be done in parallel.
 
@@ -64,20 +64,30 @@ You can run your Sinatra application with Puma from the command line like this:
 $ ruby app.rb -s Puma
 ```
 
-Or you can configure your Sinatra application to always use Puma:
+In order to actually configure Puma using a config file, like `puma.rb`, however, you need to use the `puma` executable. To do this, you must add a rackup file to your Sinatra app:
 
 ```ruby
-require 'sinatra'
-configure { set :server, :puma }
+# config.ru
+require './app'
+run Sinatra::Application
+```
+
+You can then start your application using:
+
+```
+$ bundle exec puma
 ```
 
 ## Configuration
 
-Puma provides numerous options. Consult `puma -h` (or `puma --help`) for a full list of CLI options, or see [dsl.rb](https://github.com/puma/puma/blob/master/lib/puma/dsl.rb).
+Puma provides numerous options. Consult `puma -h` (or `puma --help`) for a full list of CLI options, or see `Puma::DSL` or [dsl.rb](https://github.com/puma/puma/blob/master/lib/puma/dsl.rb).
 
 You can also find several configuration examples as part of the
 [test](https://github.com/puma/puma/tree/master/test/config) suite.
 
+For debugging purposes, you can set the environment variable `PUMA_LOG_CONFIG` with a value
+and the loaded configuration will be printed as part of the boot process.
+
 ### Thread Pool
 
 Puma uses a thread pool. You can set the minimum and maximum number of threads that are available in the pool with the `-t` (or `--threads`) flag:
@@ -127,6 +137,11 @@ This code can be used to setup the process before booting the application, allow
 you to do some Puma-specific things that you don't want to embed in your application.
 For instance, you could fire a log notification that a worker booted or send something to statsd. This can be called multiple times.
 
+Constants loaded by your application (such as `Rails`) will not be available in `on_worker_boot`.
+However, these constants _will_ be available if `preload_app!` is enabled, either explicitly in your `puma` config or automatically if
+using 2 or more workers in cluster mode.
+If `preload_app!` is not enabled and 1 worker is used, then `on_worker_boot` will fire, but your app will not be preloaded and constants will not be available.
+
 `before_fork` specifies a block to be run before workers are forked:
 
 ```ruby
@@ -136,12 +151,12 @@ before_fork do
 end
 ```
 
-Preloading can’t be used with phased restart, since phased restart kills and restarts workers one-by-one, and preload_app copies the code of master into the workers.
+Preloading can’t be used with phased restart, since phased restart kills and restarts workers one-by-one, and `preload_app!` copies the code of master into the workers.
 
 ### Error handling
 
 If puma encounters an error outside of the context of your application, it will respond with a 500 and a simple
-textual error message (see `lowlevel_error` in [this file](https://github.com/puma/puma/blob/master/lib/puma/server.rb)).
+textual error message (see `Puma::Server#lowlevel_error` or [server.rb](https://github.com/puma/puma/blob/master/lib/puma/server.rb)).
 You can specify custom behavior for this scenario. For example, you can report the error to your third-party
 error-tracking service (in this example, [rollbar](https://rollbar.com)):
 
@@ -177,6 +192,38 @@ Need a bit of security? Use SSL sockets:
 ```
 $ puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert'
 ```
+#### Self-signed SSL certificates (via the [`localhost`] gem, for development use): 
+
+Puma supports the [`localhost`] gem for self-signed certificates. This is particularly useful if you want to use Puma with SSL locally, and self-signed certificates will work for your use-case. Currently, the integration can only be used in MRI. 
+
+Puma automatically configures SSL when the [`localhost`] gem is loaded in a `development` environment:
+
+```ruby
+# Add the gem to your Gemfile
+group(:development) do 
+  gem 'localhost'
+end
+
+# And require it implicitly using bundler
+require "bundler"
+Bundler.require(:default, ENV["RACK_ENV"].to_sym)
+
+# Alternatively, you can require the gem in config.ru:
+require './app'
+require 'localhost'
+run Sinatra::Application
+```
+
+Additionally, Puma must be listening to an SSL socket:
+
+```shell
+$ puma -b 'ssl://localhost:9292' config.ru
+
+# The following options allow you to reach Puma over HTTP as well:
+$ puma -b ssl://localhost:9292 -b tcp://localhost:9393 config.ru
+```
+
+[`localhost`]: https://github.com/socketry/localhost
 
 #### Controlling SSL Cipher Suites
 
@@ -194,7 +241,7 @@ $ puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert&ssl_cipher_fil
 $ puma -b 'ssl://127.0.0.1:9292?keystore=path_to_keystore&keystore-pass=keystore_password&ssl_cipher_list=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA'
 ```
 
-See https://www.openssl.org/docs/man1.0.2/apps/ciphers.html for cipher filter format and full list of cipher suites.
+See https://www.openssl.org/docs/man1.1.1/man1/ciphers.html for cipher filter format and full list of cipher suites.
 
 Disable TLS v1 with the `no_tlsv1` option:
 
@@ -202,6 +249,23 @@ Disable TLS v1 with the `no_tlsv1` option:
 $ puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert&no_tlsv1=true'
 ```
 
+#### Controlling OpenSSL Verification Flags
+
+To enable verification flags offered by OpenSSL, use `verification_flags` (not available for JRuby):
+
+```
+$ puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert&verification_flags=PARTIAL_CHAIN'
+```
+
+You can also set multiple verification flags (by separating them with coma):
+
+```
+$ puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert&verification_flags=PARTIAL_CHAIN,CRL_CHECK'
+```
+
+List of available flags: `USE_CHECK_TIME`, `CRL_CHECK`, `CRL_CHECK_ALL`, `IGNORE_CRITICAL`, `X509_STRICT`, `ALLOW_PROXY_CERTS`, `POLICY_CHECK`, `EXPLICIT_POLICY`, `INHIBIT_ANY`, `INHIBIT_MAP`, `NOTIFY_POLICY`, `EXTENDED_CRL_SUPPORT`, `USE_DELTAS`, `CHECK_SS_SIGNATURE`, `TRUSTED_FIRST`, `SUITEB_128_LOS_ONLY`, `SUITEB_192_LOS`, `SUITEB_128_LOS`, `PARTIAL_CHAIN`, `NO_ALT_CHAINS`, `NO_CHECK_TIME`
+(see https://www.openssl.org/docs/manmaster/man3/X509_VERIFY_PARAM_set_hostflags.html#VERIFICATION-FLAGS).
+
 ### Control/Status Server
 
 Puma has a built-in status and control app that can be used to query and control Puma.
@@ -210,7 +274,7 @@ Puma has a built-in status and control app that can be used to query and control
 $ puma --control-url tcp://127.0.0.1:9293 --control-token foo
 ```
 
-Puma will start the control server on localhost port 9293. All requests to the control server will need to include control token (in this case, `token=foo`) as a query parameter. This allows for simple authentication. Check out [status.rb](https://github.com/puma/puma/blob/master/lib/puma/app/status.rb) to see what the status app has available.
+Puma will start the control server on localhost port 9293. All requests to the control server will need to include control token (in this case, `token=foo`) as a query parameter. This allows for simple authentication. Check out `Puma::App::Status` or [status.rb](https://github.com/puma/puma/blob/master/lib/puma/app/status.rb) to see what the status app has available.
 
 You can also interact with the control server via `pumactl`. This command will restart Puma:
 
@@ -228,27 +292,31 @@ You can also provide a configuration file with the `-C` (or `--config`) flag:
 $ puma -C /path/to/config
 ```
 
-If no configuration file is specified, Puma will look for a configuration file at `config/puma.rb`. If an environment is specified, either via the `-e` and `--environment` flags, or through the `RACK_ENV` or the `RAILS_ENV` environment variables, Puma looks for configuration at `config/puma/<environment_name>.rb`.
+If no configuration file is specified, Puma will look for a configuration file at `config/puma.rb`. If an environment is specified (via the `--environment` flag or through the `APP_ENV`, `RACK_ENV`, or `RAILS_ENV` environment variables) Puma looks for a configuration file at `config/puma/<environment_name>.rb` and then falls back to `config/puma.rb`.
 
-If you want to prevent Puma from looking for a configuration file in those locations, provide a dash as the argument to the `-C` (or `--config`) flag:
+If you want to prevent Puma from looking for a configuration file in those locations, include the `--no-config` flag:
 
 ```
+$ puma --no-config
+
+# or
+
 $ puma -C "-"
 ```
 
-The other side-effects of setting the environment are whether to show stack traces (in `development` or `test`), and setting RACK_ENV may potentially affect middleware looking for this value to change their behavior. The default puma RACK_ENV value is `development`. You can see all config default values [here](https://github.com/puma/puma/blob/12d1706ddc71b89ed2ee26275e31c788e94ff541/lib/puma/configuration.rb#L170).
+The other side-effects of setting the environment are whether to show stack traces (in `development` or `test`), and setting RACK_ENV may potentially affect middleware looking for this value to change their behavior. The default puma RACK_ENV value is `development`. You can see all config default values in `Puma::Configuration#puma_default_options` or [configuration.rb](https://github.com/puma/puma/blob/61c6213fbab/lib/puma/configuration.rb#L182-L204).
 
-Check out [dsl.rb](https://github.com/puma/puma/blob/master/lib/puma/dsl.rb) to see all available options.
+Check out `Puma::DSL` or [dsl.rb](https://github.com/puma/puma/blob/master/lib/puma/dsl.rb) to see all available options.
 
 ## Restart
 
 Puma includes the ability to restart itself. When available (MRI, Rubinius, JRuby), Puma performs a "hot restart". This is the same functionality available in *Unicorn* and *NGINX* which keep the server sockets open between restarts. This makes sure that no pending requests are dropped while the restart is taking place.
 
-For more, see the [restart documentation](https://github.com/puma/puma/blob/master/docs/restart.md).
+For more, see the [Restart documentation](docs/restart.md).
 
 ## Signals
 
-Puma responds to several signals. A detailed guide to using UNIX signals with Puma can be found in the [signals documentation](https://github.com/puma/puma/blob/master/docs/signals.md).
+Puma responds to several signals. A detailed guide to using UNIX signals with Puma can be found in the [Signals documentation](docs/signals.md).
 
 ## Platform Constraints
 
@@ -256,6 +324,7 @@ Some platforms do not support all Puma features.
 
   * **JRuby**, **Windows**: server sockets are not seamless on restart, they must be closed and reopened. These platforms have no way to pass descriptors into a new process that is exposed to Ruby. Also, cluster mode is not supported due to a lack of fork(2).
   * **Windows**: Cluster mode is not supported due to a lack of fork(2).
+  * **Kubernetes**: The way Kubernetes handles pod shutdowns interacts poorly with server processes implementing graceful shutdown, like Puma. See the [kubernetes section of the documentation](docs/kubernetes.md) for more details.
 
 ## Known Bugs
 
@@ -278,8 +347,12 @@ It is common to use process monitors with Puma. Modern process monitors like sys
 provide continuous monitoring and restarts for increased
 reliability in production environments:
 
-* [docs/jungle](https://github.com/puma/puma/tree/master/docs/jungle) for rc.d
-* [docs/systemd](https://github.com/puma/puma/blob/master/docs/systemd.md)
+* [rc.d](docs/jungle/rc.d/README.md)
+* [systemd](docs/systemd.md)
+
+Community guides: 
+
+* [Deploying Puma on OpenBSD using relayd and httpd](https://gist.github.com/anon987654321/4532cf8d6c59c1f43ec8973faa031103)
 
 ## Community Extensions
 
@@ -295,9 +368,7 @@ reliability in production environments:
 
 ## Contributing
 
-Find details for contributing in the [contribution guide].
-
-[contribution guide]: https://github.com/puma/puma/blob/master/CONTRIBUTING.md
+Find details for contributing in the [contribution guide](CONTRIBUTING.md).
 
 ## License
 

data/docs/architecture.md

@@ -4,34 +4,71 @@
 
 ![https://bit.ly/2iJuFky](images/puma-general-arch.png)
 
-Puma is a threaded web server, processing requests across a TCP or UNIX socket.
+Puma is a threaded Ruby HTTP application server processing requests across a TCP
+and/or UNIX socket.
 
-Workers accept connections from the socket and a thread in the worker's thread pool processes the client's request.
 
-Clustered mode is shown/discussed here. Single mode is analogous to having a single worker process.
+Puma processes (there can be one or many) accept connections from the socket via
+a thread (in the [`Reactor`](../lib/puma/reactor.rb) class). The connection,
+once fully buffered and read, moves into the `todo` list, where an available
+thread will pick it up (in the [`ThreadPool`](../lib/puma/thread_pool.rb)
+class).
 
-## Connection pipeline
+Puma works in two main modes: cluster and single. In single mode, only one Puma
+process boots. In cluster mode, a `master` process is booted, which prepares
+(and may boot) the application and then uses the `fork()` system call to create
+one or more `child` processes. These `child` processes all listen to the same
+socket. The `master` process does not listen to the socket or process requests -
+its purpose is primarily to manage and listen for UNIX signals and possibly kill
+or boot `child` processes.
+
+We sometimes call `child` processes (or Puma processes in `single` mode)
+_workers_, and we sometimes call the threads created by Puma's
+[`ThreadPool`](../lib/puma/thread_pool.rb) _worker threads_.
+
+## How Requests Work
 
 ![https://bit.ly/2zwzhEK](images/puma-connection-flow.png)
 
 * Upon startup, Puma listens on a TCP or UNIX socket.
-  * The backlog of this socket is configured (with a default of 1024), determining how many established but unaccepted connections can exist concurrently.
-  * This socket backlog is distinct from the "backlog" of work as reported by the control server stats. The latter is the number of connections in that worker's "todo" set waiting for a worker thread.
-* By default, a single, separate thread is used to receive HTTP requests across the socket.
-  * When at least one worker thread is available for work, a connection is accepted and placed in this request buffer
-  * This thread waits for entire HTTP requests to be received over the connection
-    * The time spent waiting for the HTTP request body to be received is exposed to the Rack app as `env['puma.request_body_wait']` (milliseconds)
-  * Once received, the connection is pushed into the "todo" set
-* Worker threads pop work off the "todo" set for processing
-  * The thread processes the request via the rack application (which generates the HTTP response)
-  * The thread writes the response to the connection
-  * Finally, the thread become available to process another connection in the "todo" set
-
-### Disabling `queue_requests`
+  * The backlog of this socket is configured with a default of 1024, but the
+    actual backlog value is capped by the `net.core.somaxconn` sysctl value.
+    The backlog determines the size of the queue for unaccepted connections. If
+    the backlog is full, the operating system is not accepting new connections.
+  * This socket backlog is distinct from the `backlog` of work as reported by
+    `Puma.stats` or the control server. The backlog that `Puma.stats` refers to
+    represents the number of connections in the process' `todo` set waiting for
+    a thread from the [`ThreadPool`](../lib/puma/thread_pool.rb).
+* By default, a single, separate thread (created by the
+  [`Reactor`](../lib/puma/reactor.rb) class) reads and buffers requests from the
+  socket.
+  * When at least one worker thread is available for work, the reactor thread
+    listens to the socket and accepts a request (if one is waiting).
+  * The reactor thread waits for the entire HTTP request to be received.
+    * Puma exposes the time spent waiting for the HTTP request body to be
+      received to the Rack app as `env['puma.request_body_wait']`
+      (milliseconds).
+  * Once fully buffered and received, the connection is pushed into the "todo"
+    set.
+* Worker threads pop work off the "todo" set for processing.
+  * The worker thread processes the request via `call`ing the configured Rack
+    application. The Rack application generates the HTTP response.
+  * The worker thread writes the response to the connection. While Puma buffers
+    requests via a separate thread, it does not use a separate thread for
+    responses.
+  * Once done, the thread becomes available to process another connection in the
+    "todo" set.
+
+### `queue_requests`
 
 ![https://bit.ly/2zxCJ1Z](images/puma-connection-flow-no-reactor.png)
 
-The `queue_requests` option is `true` by default, enabling the separate thread used to buffer requests as described above.
+The `queue_requests` option is `true` by default, enabling the separate reactor
+thread used to buffer requests as described above.
+
+If set to `false`, this buffer will not be used for connections while waiting
+for the request to arrive.
 
-If set to `false`, this buffer will not be used for connections while waiting for the request to arrive.
-In this mode, when a connection is accepted, it is added to the "todo" queue immediately, and a worker will synchronously do any waiting necessary to read the HTTP request from the socket.
+In this mode, when a connection is accepted, it is added to the "todo" queue
+immediately, and a worker will synchronously do any waiting necessary to read
+the HTTP request from the socket.

data/docs/compile_options.md

@@ -0,0 +1,21 @@
+# Compile Options
+
+There are some `cflags` provided to change Puma's default configuration for its
+C extension.
+
+## Query String, `PUMA_QUERY_STRING_MAX_LENGTH`
+
+By default, the max length of `QUERY_STRING` is `1024 * 10`. But you may want to
+adjust it to accept longer queries in GET requests.
+
+For manual install, pass the `PUMA_QUERY_STRING_MAX_LENGTH` option like this:
+
+```
+gem install puma -- --with-cflags="-D PUMA_QUERY_STRING_MAX_LENGTH=64000"
+```
+
+For Bundler, use its configuration system:
+
+```
+bundle config build.puma "--with-cflags='-D PUMA_QUERY_STRING_MAX_LENGTH=64000'"
+```

data/docs/deployment.md

@@ -1,35 +1,32 @@
 # Deployment engineering for Puma
 
-Puma is software that is expected to be run in a deployed environment eventually.
-You can certainly use it as your dev server only, but most people look to use
-it in their production deployments as well.
+Puma expects to be run in a deployed environment eventually. You can use it as
+your development server, but most people use it in their production deployments.
 
-To that end, this is meant to serve as a foundation of wisdom how to do that
-in a way that increases happiness and decreases downtime.
+To that end, this document serves as a foundation of wisdom regarding deploying
+Puma to production while increasing happiness and decreasing downtime.
 
 ## Specifying Puma
 
-Most people want to do this by putting `gem "puma"` into their Gemfile, so we'll
-go ahead and assume that. Go add it now... we'll wait.
+Most people will specify Puma by including `gem "puma"` in a Gemfile, so we'll
+assume this is how you're using Puma.
 
-Welcome back!
+## Single vs. Cluster mode
 
-## Single vs Cluster mode
+Initially, Puma was conceived as a thread-only web server, but support for
+processes was added in version 2.
 
-Puma was originally conceived as a thread-only webserver, but grew the ability to
-also use processes in version 2.
+To run `puma` in single mode (i.e., as a development environment), set the
+number of workers to 0; anything higher will run in cluster mode.
 
-To run `puma` in single mode (e.g. for a development environment) you will need to
-set the number of workers to 0, anything above will run in cluster mode.
-
-Here are some rules of thumb for cluster mode:
+Here are some tips for cluster mode:
 
 ### MRI
 
-* Use cluster mode and set the number of workers to 1.5x the number of cpu cores
-  in the machine, minimum 2.
-* Set the number of threads to desired concurrent requests / number of workers.
-  Puma defaults to 16 and that's a decent number.
+* Use cluster mode and set the number of workers to 1.5x the number of CPU cores
+  in the machine, starting from a minimum of 2.
+* Set the number of threads to desired concurrent requests/number of workers.
+  Puma defaults to 5, and that's a decent number.
 
 #### Migrating from Unicorn
 
@@ -37,7 +34,7 @@ Here are some rules of thumb for cluster mode:
   * Set workers to half the number of unicorn workers you're using
   * Set threads to 2
   * Enjoy 50% memory savings
-* As you grow more confident in the thread safety of your app, you can tune the
+* As you grow more confident in the thread-safety of your app, you can tune the
   workers down and the threads up.
 
 #### Ubuntu / Systemd (Systemctl) Installation
@@ -48,69 +45,58 @@ See [systemd.md](systemd.md)
 
 **How do you know if you've got enough (or too many workers)?**
 
-A good question. Due to MRI's GIL, only one thread can be executing Ruby code at a time.
-But since so many apps are waiting on IO from DBs, etc., they can utilize threads
-to make better use of the process.
+A good question. Due to MRI's GIL, only one thread can be executing Ruby code at
+a time. But since so many apps are waiting on IO from DBs, etc., they can
+utilize threads to use the process more efficiently.
 
-The rule of thumb is you never want processes that are pegged all the time. This
-means that there is more work to do than the process can get through. On the other
-hand, if you have processes that sit around doing nothing, then they're just eating
-up resources.
+Generally, you never want processes that are pegged all the time. That can mean
+there is more work to do than the process can get through. On the other hand, if
+you have processes that sit around doing nothing, then they're just eating up
+resources.
 
-Watch your CPU utilization over time and aim for about 70% on average. This means
-you've got capacity still but aren't starving threads.
+Watch your CPU utilization over time and aim for about 70% on average. 70%
+utilization means you've got capacity still but aren't starving threads.
 
 **Measuring utilization**
 
-Using a timestamp header from an upstream proxy server (eg. nginx or haproxy), it's
-possible to get an indication of how long requests have been waiting for a Puma
-thread to become available.
+Using a timestamp header from an upstream proxy server (e.g., `nginx` or
+`haproxy`) makes it possible to indicate how long requests have been waiting for
+a Puma thread to become available.
 
 * Have your upstream proxy set a header with the time it received the request:
     * nginx: `proxy_set_header X-Request-Start "${msec}";`
-    * haproxy >= 1.9: `http-request set-header X-Request-Start t=%[date()]%[date_us()]`
+    * haproxy >= 1.9: `http-request set-header X-Request-Start
+      t=%[date()]%[date_us()]`
     * haproxy < 1.9: `http-request set-header X-Request-Start t=%[date()]`
-* In your Rack middleware, determine the amount of time elapsed since `X-Request-Start`.
-* To improve accuracy, you will want to subtract time spent waiting for slow clients:
-    * `env['puma.request_body_wait']` contains the number of milliseconds Puma spent
-      waiting for the client to send the request body.
-    * haproxy: `%Th` (TLS handshake time) and `%Ti` (idle time before request) can
-      can also be added as headers.
+* In your Rack middleware, determine the amount of time elapsed since
+  `X-Request-Start`.
+* To improve accuracy, you will want to subtract time spent waiting for slow
+  clients:
+    * `env['puma.request_body_wait']` contains the number of milliseconds Puma
+      spent waiting for the client to send the request body.
+    * haproxy: `%Th` (TLS handshake time) and `%Ti` (idle time before request)
+      can can also be added as headers.
 
 ## Should I daemonize?
 
-Daemonization was removed in Puma 5.0. For alternatives, continue reading.
+The Puma 5.0 release removed daemonization. For older versions and alternatives,
+continue reading.
 
-I prefer to not daemonize my servers and use something like `runit` or `systemd` to
-monitor them as child processes. This gives them fast response to crashes and
+I prefer not to daemonize my servers and use something like `runit` or `systemd`
+to monitor them as child processes. This gives them fast response to crashes and
 makes it easy to figure out what is going on. Additionally, unlike `unicorn`,
-puma does not require daemonization to do zero-downtime restarts.
+Puma does not require daemonization to do zero-downtime restarts.
 
-I see people using daemonization because they start puma directly via capistrano
-task and thus want it to live on past the `cap deploy`. To these people I say:
-You need to be using a process monitor. Nothing is making sure puma stays up in
-this scenario! You're just waiting for something weird to happen, puma to die,
-and to get paged at 3am. Do yourself a favor, at least the process monitoring
-your OS comes with, be it `sysvinit` or `systemd`. Or branch out
-and use `runit` or hell, even `monit`.
+I see people using daemonization because they start puma directly via Capistrano
+task and thus want it to live on past the `cap deploy`. To these people, I say:
+You need to be using a process monitor. Nothing is making sure Puma stays up in
+this scenario! You're just waiting for something weird to happen, Puma to die,
+and to get paged at 3 AM. Do yourself a favor, at least the process monitoring
+your OS comes with, be it `sysvinit` or `systemd`. Or branch out and use `runit`
+or hell, even `monit`.
 
 ## Restarting
 
 You probably will want to deploy some new code at some point, and you'd like
-puma to start running that new code. Minimizing the amount of time the server
-is unavailable would be nice as well. Here's how to do it:
-
-1. Don't use `preload!`. This dirties the master process and means it will have
-to shutdown all the workers and re-exec itself to get your new code. It is not compatible with phased-restart and `prune_bundler` as well.
-
-1. Use `prune_bundler`. This makes it so that the cluster master will detach itself
-from a Bundler context on start. This allows the cluster workers to load your app
-and start a brand new Bundler context within the worker only. This means your
-master remains pristine and can live on between new releases of your code.
-
-1. Use phased-restart (`SIGUSR1` or `pumactl phased-restart`). This tells the master
-to kill off one worker at a time and restart them in your new code. This minimizes
-downtime and staggers the restart nicely. **WARNING** This means that both your
-old code and your new code will be running concurrently. Most deployment solutions
-already cause that, but it's worth warning you about it again. Be careful with your
-migrations, etc!
+Puma to start running that new code. There are a few options for restarting
+Puma, described separately in our [restart documentation](restart.md).

data/docs/fork_worker.md

@@ -24,6 +24,8 @@ Similar to the `preload_app!` option, the `fork_worker` option allows your appli
 
 ### Limitations
 
+- Not compatible with the `preload_app!` option
+
 - This mode is still very experimental so there may be bugs or edge-cases, particularly around expected behavior of existing hooks. Please open a [bug report](https://github.com/puma/puma/issues/new?template=bug_report.md) if you encounter any issues.
 
 - In order to fork new workers cleanly, worker 0 shuts down its server and stops serving requests so there are no open file descriptors or other kinds of shared global state between processes, and to maximize copy-on-write efficiency across the newly-forked workers. This may temporarily reduce total capacity of the cluster during a phased restart / refork.

data/docs/jungle/rc.d/README.md

@@ -1,6 +1,6 @@
 # Puma as a service using rc.d
 
-Manage multilpe Puma servers as services on one box using FreeBSD's rc.d service.
+Manage multiple Puma servers as services on one box using FreeBSD's rc.d service.
 
 ## Dependencies
 

data/docs/kubernetes.md

@@ -0,0 +1,66 @@
+# Kubernetes
+
+## Running Puma in Kubernetes
+
+In general running Puma in Kubernetes works as-is, no special configuration is needed beyond what you would write anyway to get a new Kubernetes Deployment going. There is one known interaction between the way Kubernetes handles pod termination and how Puma handles `SIGINT`, where some request might be sent to Puma after it has already entered graceful shutdown mode and is no longer accepting requests. This can lead to dropped requests during rolling deploys. A workaround for this is listed at the end of this article.
+
+## Basic setup
+
+Assuming you already have a running cluster and docker image repository, you can run a simple Puma app with the following example Dockerfile and Deployment specification. These are meant as examples only and are deliberately very minimal to the point of skipping many options that are recommended for running in production, like healthchecks and envvar configuration with ConfigMaps. In general you should check the [Kubernetes documentation](https://kubernetes.io/docs/home/) and [Docker documentation](https://docs.docker.com/) for a more comprehensive overview of the available options.
+
+A basic Dockerfile example: 
+```
+FROM ruby:2.5.1-alpine # can be updated to newer ruby versions
+RUN apk update && apk add build-base # and any other packages you need 
+
+# Only rebuild gem bundle if Gemfile changes
+COPY Gemfile Gemfile.lock ./
+RUN bundle install
+
+# Copy over the rest of the files
+COPY . .
+
+# Open up port and start the service
+EXPOSE 9292
+CMD bundle exec rackup -o 0.0.0.0
+```
+
+A sample `deployment.yaml`:
+```
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: my-awesome-puma-app
+spec:
+  selector:
+    matchLabels:
+      app: my-awesome-puma-app
+  template:
+    metadata:
+      labels:
+        app: my-awesome-puma-app
+        service: my-awesome-puma-app
+    spec:
+      containers:
+      - name: my-awesome-puma-app
+        image: <your image here>
+        ports:
+        - containerPort: 9292
+``` 
+
+## Graceful shutdown and pod termination
+
+For some high-throughput systems, it is possible that some HTTP requests will return responses with response codes in the 5XX range during a rolling deploy to a new version. This is caused by [the way that Kubernetes terminates a pod during rolling deploys](https://cloud.google.com/blog/products/gcp/kubernetes-best-practices-terminating-with-grace):
+
+1. The replication controller determines a pod should be shut down.
+2. The Pod is set to the “Terminating” State and removed from the endpoints list of all Services, so that it receives no more requests.
+3. The pods pre-stop hook get called. The default for this is to send `SIGTERM` to the process inside the pod.
+4. The pod has up to `terminationGracePeriodSeconds` (default: 30 seconds) to gracefully shut down. Puma will do this (after it receives SIGTERM) by closing down the socket that accepts new requests and finishing any requests already running before exiting the Puma process.
+5. If the pod is still running after `terminationGracePeriodSeconds` has elapsed, the pod receives `SIGKILL` to make sure the process inside it stops. After that, the container exits and all other Kubernetes objects associated with it are cleaned up.
+
+There is a subtle race condition between step 2 and 3: The replication controller does not synchronously remove the pod from the Services AND THEN call the pre-stop hook of the pod, but rather it asynchronously sends "remove this pod from your endpoints" requests to the Services and then immediately proceeds to invoke the pods' pre-stop hook. If the Service controller (typically something like nginx or haproxy) receives this request handles this request "too" late (due to internal lag or network latency between the replication and Service controllers) then it is possible that the Service controller will send one or more requests to a Puma process which has already shut down its listening socket. These requests will then fail with 5XX error codes.
+
+The way Kubernetes works this way, rather than handling step 2 synchronously, is due to the CAP theorem: in a distributed system there is no way to guarantee that any message will arrive promptly. In particular, waiting for all Service controllers to report back might get stuck for an indefinite time if one of them has already been terminated or if there has been a net split. A way to work around this is to add a sleep to the pre-stop hook of the same time as the `terminationGracePeriodSeconds` time. This will allow the Puma process to keep serving new requests during the entire grace period, although it will no longer receive new requests after all Service controllers have propagated the removal of the pod from their endpoint lists. Then, after `terminationGracePeriodSeconds`, the pod receives `SIGKILL` and closes down. If your process can't handle SIGKILL properly, for example because it needs to release locks in different services, you can also sleep for a shorter period (and/or increase `terminationGracePeriodSeconds`) as long as the time slept is longer than the time that your Service controllers take to propagate the pod removal. The downside of this workaround is that all pods will take at minimum the amount of time slept to shut down and this will increase the time required for your rolling deploy.
+
+More discussions and links to relevant articles can be found in https://github.com/puma/puma/issues/2343.