rack-timeout 0.4.0 → 0.6.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 3c6085bc1b83e9bb9f2b9e461a397dc4764fffe1
4
- data.tar.gz: 30290762388e9fc3512a48e962b4101817b7d53f
2
+ SHA256:
3
+ metadata.gz: 45a8b583f5c8ec73b0659348e53083fd449d1ae732c020c45ab3decfd4d7c913
4
+ data.tar.gz: 832b443cc5678f0c55df7a8c741dc2f5304e024da77f021ecbaa352c03279e51
5
5
  SHA512:
6
- metadata.gz: 58a88b26d6aad37c19e15ddac0db4b8b77684542c02ab00670a76bb36db01a98b2dbf9dadf0e2b34402a4e971eaf7f4d653311708c1e36ed52f64d09073d0c7a
7
- data.tar.gz: c542d17400ea593c1b85192a3e68917880a83dc89d274598566111c5f20d3c611e2fee7228bcaabe8fae18782bb65014a7ffff315157d04894287651874e53bb
6
+ metadata.gz: 2279854e2ca96bc0fa0c9e6fe4a67a4d217f79df5840b59cf36b97518ddab7823a134c15fe1e527ce1a24972ee9113825bb58d52520accdcb7dc2a3d8147cb16
7
+ data.tar.gz: 00651f0c2e2449d490e88db4cf7d899f1287f22bc531fc4c22270024790635b552119572847de65a1933a5b7e4e6514c530a33b0689c02d6aeb34e73de392245
@@ -1,9 +1,50 @@
1
+ ## 0.6.0
2
+
3
+ - Allow sending SIGTERM to workers on timeout (https://github.com/sharpstone/rack-timeout/pull/157)
4
+
5
+ 0.5.2
6
+ =====
7
+ - Rails 6 support (#147)
8
+
9
+ 0.5.1
10
+ =====
11
+ - Fixes setting ENV vars to false or 0 would not disable a timeout
12
+ (#133)
13
+
14
+ 0.5.0.1
15
+ =======
16
+ - Fix 0600 permissions in gem pushed to rubygems
17
+
18
+ 0.5.0
19
+ =====
20
+
21
+ Breaking Changes
22
+
23
+ - Remove Rollbar module (#124)
24
+ - Remove legacy class setters (#125)
25
+
26
+ Other
27
+
28
+ - Add support to configure via environment variables (#105)
29
+ - Adds support for ActionDispatch::RequestId generated request ids (#115)
30
+ - Changes uuid format to proper uuid (#115)
31
+
32
+ 0.4.2
33
+ =====
34
+ - Ruby 2.0 compatible
35
+
36
+ 0.4.1
37
+ =====
38
+ - Rails 5 support
39
+ - Remove deprecation warning on timeout setter for Rails apps
40
+
1
41
  0.4.0
2
42
  =====
3
43
  - Using monotonic time instead of Time.now where available (/ht concurrent-ruby)
4
44
  - Settings are now passable to the middleware initializer instead of class-level
5
45
  - Rollbar module may take a custom fingerprint block
6
46
  - Rollbar module considered final
47
+ - Fixed an issue where some heartbeats would live on forever (#103, /ht @0x0badc0de)
7
48
 
8
49
  0.3.2
9
50
  =====
data/Gemfile ADDED
@@ -0,0 +1,3 @@
1
+ source 'https://rubygems.org'
2
+
3
+ gemspec
data/README.md ADDED
@@ -0,0 +1,118 @@
1
+ Rack::Timeout
2
+ =============
3
+
4
+ Abort requests that are taking too long; an exception is raised.
5
+
6
+ A timeout of 15s is the default. It's recommended to set the timeout as
7
+ low as realistically viable for your application. You can modify this by
8
+ setting the `RACK_TIMEOUT_SERVICE_TIMEOUT` environment variable.
9
+
10
+ There's a handful of other settings, read on for details.
11
+
12
+ Rack::Timeout is not a solution to the problem of long-running requests,
13
+ it's a debug and remediation tool. App developers should track
14
+ rack-timeout's data and address recurring instances of particular
15
+ timeouts, for example by refactoring code so it runs faster or
16
+ offsetting lengthy work to happen asynchronously.
17
+
18
+ Upgrading
19
+ ---------
20
+
21
+ For fixing issues when upgrading, please see [UPGRADING](UPGRADING.md).
22
+
23
+ Basic Usage
24
+ -----------
25
+
26
+ The following covers currently supported versions of Rails, Rack, Ruby,
27
+ and Bundler. See the Compatibility section at the end for legacy
28
+ versions.
29
+
30
+ ### Rails apps
31
+
32
+ ```ruby
33
+ # Gemfile
34
+ gem "rack-timeout"
35
+ ```
36
+
37
+ This will load rack-timeout and set it up as a Rails middleware using
38
+ the default timeout of 15s. The middleware is not inserted for the test
39
+ environment. You can modify the timeout by setting a
40
+ `RACK_TIMEOUT_SERVICE_TIMEOUT` environment variable.
41
+
42
+ ### Rails apps, manually
43
+
44
+ You'll need to do this if you removed `Rack::Runtime` from the
45
+ middleware stack, or if you want to determine yourself where in the
46
+ stack `Rack::Timeout` gets inserted.
47
+
48
+ ```ruby
49
+ # Gemfile
50
+ gem "rack-timeout", require: "rack/timeout/base"
51
+ ```
52
+
53
+ ```ruby
54
+ # config/initializers/rack_timeout.rb
55
+
56
+ # insert middleware wherever you want in the stack, optionally pass
57
+ # initialization arguments, or use environment variables
58
+ Rails.application.config.middleware.insert_before Rack::Runtime, Rack::Timeout, service_timeout: 15
59
+ ```
60
+
61
+ ### Sinatra and other Rack apps
62
+
63
+ ```ruby
64
+ # config.ru
65
+ require "rack-timeout"
66
+
67
+ # Call as early as possible so rack-timeout runs before all other middleware.
68
+ # Setting service_timeout or `RACK_TIMEOUT_SERVICE_TIMEOUT` environment
69
+ # variable is recommended. If omitted, defaults to 15 seconds.
70
+ use Rack::Timeout, service_timeout: 15
71
+ ```
72
+
73
+ Configuring
74
+ -----------
75
+
76
+ Rack::Timeout takes the following settings, shown here with their
77
+ default values and associated environment variables.
78
+
79
+ ```
80
+ service_timeout: 15 # RACK_TIMEOUT_SERVICE_TIMEOUT
81
+ wait_timeout: 30 # RACK_TIMEOUT_WAIT_TIMEOUT
82
+ wait_overtime: 60 # RACK_TIMEOUT_WAIT_OVERTIME
83
+ service_past_wait: false # RACK_TIMEOUT_SERVICE_PAST_WAIT
84
+ term_on_timeout: false # RACK_TIMEOUT_TERM_ON_TIMEOUT
85
+ ```
86
+
87
+ These settings can be overriden during middleware initialization or
88
+ environment variables `RACK_TIMEOUT_*` mentioned above. Middleware
89
+ parameters take precedence:
90
+
91
+ ```ruby
92
+ use Rack::Timeout, service_timeout: 15, wait_timeout: 30
93
+ ```
94
+
95
+ For more on these settings, please see [doc/settings](doc/settings.md).
96
+
97
+ Further Documentation
98
+ ---------------------
99
+
100
+ Please see the [doc](doc) folder for further documentation on:
101
+
102
+ * [Risks and shortcomings of using Rack::Timeout](doc/risks.md)
103
+ * [Understanding the request lifecycle](doc/request-lifecycle.md)
104
+ * [Exceptions raised by Rack::Timeout](doc/exceptions.md)
105
+ * [Rollbar fingerprinting](doc/rollbar.md)
106
+ * [Observers](doc/observers.md)
107
+ * [Logging](doc/logging.md)
108
+
109
+ Compatibility
110
+ -------------
111
+
112
+ This version of Rack::Timeout is compatible with Ruby 2.1 and up, and,
113
+ for Rails apps, Rails 3.x and up.
114
+
115
+
116
+ ---
117
+ Copyright © 2010-2016 Caio Chassot, released under the MIT license
118
+ <http://github.com/heroku/rack-timeout>
data/Rakefile ADDED
@@ -0,0 +1,16 @@
1
+ require 'rake/testtask'
2
+ require 'bundler/gem_tasks'
3
+
4
+ Rake::TestTask.new do |t|
5
+ t.libs << "test"
6
+ t.test_files = FileList['test/**/*_test.rb']
7
+ t.verbose = true
8
+ end
9
+
10
+ task :fix_permissions do
11
+ FileUtils.chmod_R("a+rX", File.dirname(__FILE__))
12
+ end
13
+
14
+ task(:build).enhance([:fix_permissions])
15
+
16
+ task :default => :test
data/UPGRADING.md ADDED
@@ -0,0 +1,19 @@
1
+ Upgrading
2
+ =========
3
+
4
+ From 0.4 or older
5
+ -----------------
6
+
7
+ - Removal of the class setters, such as `Rack::Timeout.timeout = 5`, may
8
+ lead to an error when upgrading. To fix this, remove these setters and
9
+ instead use either the [environment variables][config-env],
10
+ `RACK_TIMEOUT_*`, or [insert the middleware manually][config-insert]
11
+ and configure the middleware as desired when inserting.
12
+
13
+ [config-env]: README.md#configuring
14
+ [config-insert]: README.md#rails-apps-manually
15
+
16
+ - The Rollbar support was removed; a deprecation warning will be emitted
17
+ if you are using this module. The recommendation is to use Rollbar's
18
+ custom fingerprinting. A recommendation is provided in
19
+ [doc/rollbar.md](doc/rollbar.md).
data/doc/exceptions.md ADDED
@@ -0,0 +1,24 @@
1
+ Exceptions
2
+ ----------
3
+
4
+ Rack::Timeout can raise three types of exceptions. They are:
5
+
6
+ Two descend from `Rack::Timeout::Error`, which itself descends from `RuntimeError` and is generally caught by an unqualified `rescue`. The third, `RequestTimeoutException`, is more complicated and the most important.
7
+
8
+ * `Rack::Timeout::RequestTimeoutException`: this is raised when a request has run for longer than the specified timeout. This descends from `Exception`, not from `Rack::Timeout::Error` (it has to be rescued from explicitly). It's raised by the rack-timeout timer thread in the application thread, at the point in the stack the app happens to be in when the timeout is triggered. This exception could be caught explicitly within the application, but in doing so you're working past the timeout. This is ok for quick cleanup work but shouldn't be abused as Rack::Timeout will not kick in twice for the same request.
9
+
10
+ Rails will generally intercept `Exception`s, but in plain Rack apps, this exception will be caught by rack-timeout and re-raised as a `Rack::Timeout::RequestTimeoutError`. This is to prevent an `Exception` from bubbling up beyond rack-timeout and to the server.
11
+
12
+ * `Rack::Timeout::RequestTimeoutError` descends from `Rack::Timeout::Error`, but it's only really seen in the case described above. It'll not be seen in a standard Rails app, and will only be seen in Sinatra if rescuing from exceptions is disabled.
13
+
14
+ * `Rack::Timeout::RequestExpiryError`: this is raised when a request is skipped for being too old (see Wait Timeout section). This error cannot generally be rescued from inside a Rails controller action as it happens before the request has a chance to enter Rails.
15
+
16
+ This shouldn't be different for other frameworks, unless you have something above Rack::Timeout in the middleware stack, which you generally shouldn't.
17
+
18
+ You shouldn't rescue from these errors for reporting purposes. Instead, you can subscribe for state change notifications with observers.
19
+
20
+ If you're trying to test that a `Rack::Timeout::RequestTimeoutException` is raised in an action in your Rails application, you **must do so in integration tests**. Please note that Rack::Timeout will not kick in for functional tests as they bypass the rack middleware stack.
21
+
22
+ [More details about testing middleware with Rails here][pablobm].
23
+
24
+ [pablobm]: http://stackoverflow.com/a/8681208/13989
data/doc/logging.md ADDED
@@ -0,0 +1,41 @@
1
+ Logging
2
+ -------
3
+
4
+ Rack::Timeout logs a line every time there's a change in state in a request's lifetime.
5
+
6
+ Request state changes into `timed_out` and `expired` are logged at the `ERROR` level, most other things are logged as `INFO`. The `active` state is logged as `DEBUG`, every ~1s while the request is still active.
7
+
8
+ Rack::Timeout will try to use `Rails.logger` if present, otherwise it'll look for a logger in `env['rack.logger']`, and if neither are present, it'll create its own logger, either writing to `env['rack.errors']`, or to `$stderr` if the former is not set.
9
+
10
+ When creating its own logger, rack-timeout will use a log level of `INFO`. Otherwise whatever log level is already set on the logger being used continues in effect.
11
+
12
+ A custom logger can be set via `Rack::Timeout::Logger.logger`. This takes priority over the automatic logger detection:
13
+
14
+ ```ruby
15
+ Rack::Timeout::Logger.logger = Logger.new
16
+ ```
17
+
18
+ There are helper setters that replace the logger:
19
+
20
+ ```ruby
21
+ Rack::Timeout::Logger.device = $stderr
22
+ Rack::Timeout::Logger.level = Logger::INFO
23
+ ```
24
+
25
+ Although each call replaces the logger, these can be use together and the final logger will retain both properties. (If only one is called, the defaults used above apply.)
26
+
27
+ Logging is enabled by default, but can be removed with:
28
+
29
+ ```ruby
30
+ Rack::Timeout::Logger.disable
31
+ ```
32
+
33
+ Each log line is a set of `key=value` pairs, containing the entries from the `env["rack-timeout.info"]` struct that are not `nil`. See the Request Lifetime section above for a description of each field. Note that while the values for `wait`, `timeout`, and `service` are stored internally as seconds, they are logged as milliseconds for readability.
34
+
35
+ A sample log excerpt might look like:
36
+
37
+ ```
38
+ source=rack-timeout id=13793c wait=369ms timeout=10000ms state=ready at=info
39
+ source=rack-timeout id=13793c wait=369ms timeout=10000ms service=15ms state=completed at=info
40
+ source=rack-timeout id=ea7bd3 wait=371ms timeout=10000ms state=timed_out at=error
41
+ ```
data/doc/observers.md ADDED
@@ -0,0 +1,22 @@
1
+ Observers
2
+ ---------
3
+
4
+ Observers are blocks that are notified about state changes during a request's lifetime. Keep in mind that the `active` state is set every ~1s, so you'll be notified every time.
5
+
6
+ You can register an observer with:
7
+
8
+ ```ruby
9
+ Rack::Timeout.register_state_change_observer(:a_unique_name) { |env| do_things env }
10
+ ```
11
+
12
+ There's currently no way to subscribe to changes into or out of a particular state. To check the actual state we're moving into, read `env['rack-timeout.info'].state`. Handling going out of a state would require some additional logic in the observer.
13
+
14
+ You can remove an observer with `unregister_state_change_observer`:
15
+
16
+ ```ruby
17
+ Rack::Timeout.unregister_state_change_observer(:a_unique_name)
18
+ ```
19
+
20
+ rack-timeout's logging is implemented using an observer; see `Rack::Timeout::StateChangeLoggingObserver` in logging-observer.rb for the implementation.
21
+
22
+ Custom observers might be used to do cleanup, store statistics on request length, timeouts, etc., and potentially do performance tuning on the fly.
@@ -0,0 +1,27 @@
1
+ Request Lifetime
2
+ ----------------
3
+
4
+ Throughout a request's lifetime, Rack::Timeout keeps details about the request in `env[Rack::Timeout::ENV_INFO_KEY]`, or, more explicitly, `env["rack-timeout.info"]`.
5
+
6
+ The value of that entry is an instance of `Rack::Timeout::RequestDetails`, which is a `Struct` consisting of the following fields:
7
+
8
+ * `id`: a unique ID per request. Either the value of the `X-Request-ID` header or a random ID
9
+ generated internally.
10
+
11
+ * `wait`: time in seconds since `X-Request-Start` at the time the request was initially seen by Rack::Timeout. Only set if `X-Request-Start` is present.
12
+
13
+ * `timeout`: the final timeout value that was used or to be used, in seconds. For `expired` requests, that would be the `wait_timeout`, possibly with `wait_overtime` applied. In all other cases it's the `service_timeout`, potentially reduced to make up for time lost waiting. (See discussion regarding `service_past_wait` above, under the Wait Timeout section.)
14
+
15
+ * `service`: set after a request completes (or times out). The time in seconds it took being processed. This is also updated while a request is still active, around every second, with the time taken so far.
16
+
17
+ * `state`: the possible states, and their log level, are:
18
+
19
+ * `expired` (`ERROR`): the request is considered too old and is skipped entirely. This happens when `X-Request-Start` is present and older than `wait_timeout`. When in this state, `Rack::Timeout::RequestExpiryError` is raised. See earlier discussion about the `wait_overtime` setting, too.
20
+
21
+ * `ready` (`INFO`): this is the state a request is in right before it's passed down the middleware chain. Once it's being processed, it'll move on to `active`, and then on to `timed_out` and/or `completed`.
22
+
23
+ * `active` (`DEBUG`): the request is being actively processed in the application thread. This is signaled repeatedly every ~1s until the request completes or times out.
24
+
25
+ * `timed_out` (`ERROR`): the request ran for longer than the determined timeout and was aborted. `Rack::Timeout::RequestTimeoutException` is raised in the application when this occurs. This state is not the final one, `completed` will be set after the framework is done with it. (If the exception does bubble up, it's caught by rack-timeout and re-raised as `Rack::Timeout::RequestTimeoutError`, which descends from RuntimeError.)
26
+
27
+ * `completed` (`INFO`): the request completed and Rack::Timeout is done with it. This does not mean the request completed *successfully*. Rack::Timeout does not concern itself with that. As mentioned just above, a timed out request will still end up with a `completed` state.
data/doc/risks.md ADDED
@@ -0,0 +1,35 @@
1
+ Risks and shortcomings of using Rack::Timeout
2
+ ---------------------------------------------
3
+
4
+ ### Timing Out During IO Blocks
5
+
6
+ Sometimes a request is taking too long to complete because it's blocked waiting on synchronous IO. Such IO does not need to be file operations, it could be, say, network or database operations. If said IO is happening in a C library that's unaware of ruby's interrupt system (i.e. anything written without ruby in mind), calling `Thread#raise` (that's what rack-timeout uses) will not have effect until after the IO block is gone.
7
+
8
+ At the moment rack-timeout does not try to address this issue. As a fail-safe against these cases, a blunter solution that kills the entire process is recommended, such as unicorn's timeouts.
9
+
10
+ More detailed explanations of the issues surrounding timing out in ruby during IO blocks can be found at:
11
+
12
+ - http://redgetan.cc/understanding-timeouts-in-cruby/
13
+
14
+ ### Timing Out is Inherently Unsafe
15
+
16
+ Raising mid-flight in stateful applications is inherently unsafe. A request can be aborted at any moment in the code flow, and the application can be left in an inconsistent state. There's little way rack-timeout could be aware of ongoing state changes. Applications that rely on a set of globals (like class variables) or any other state that lives beyond a single request may find those left in an unexpected/inconsistent state after an aborted request. Some cleanup code might not have run, or only half of a set of related changes may have been applied.
17
+
18
+ A lot more can go wrong. An intricate explanation of the issue by JRuby's Charles Nutter can be found [here][broken-timeout].
19
+
20
+ Ruby 2.1 provides a way to defer the result of raising exceptions through the [Thread.handle_interrupt][handle-interrupt] method. This could be used in critical areas of your application code to prevent Rack::Timeout from accidentally wreaking havoc by raising just in the wrong moment. That said, `handle_interrupt` and threads in general are hard to reason about, and detecting all cases where it would be needed in an application is a tall order, and the added code complexity is probably not worth the trouble.
21
+
22
+ Your time is better spent ensuring requests run fast and don't need to timeout.
23
+
24
+ That said, it's something to be aware of, and may explain some eerie wonkiness seen in logs.
25
+
26
+ [broken-timeout]: http://headius.blogspot.de/2008/02/rubys-threadraise-threadkill-timeoutrb.html
27
+ [handle-interrupt]: http://www.ruby-doc.org/core-2.1.3/Thread.html#method-c-handle_interrupt
28
+
29
+ ### Time Out Early and Often
30
+
31
+ Because of the aforementioned issues, it's recommended you set library-specific timeouts and leave Rack::Timeout as a last resort measure. Library timeouts will generally take care of IO issues and abort the operation safely. See [The Ultimate Guide to Ruby Timeouts][ruby-timeouts].
32
+
33
+ You'll want to set all relevant timeouts to something lower than Rack::Timeout's `service_timeout`. Generally you want them to be at least 1s lower, so as to account for time spent elsewhere during the request's lifetime while still giving libraries a chance to time out before Rack::Timeout.
34
+
35
+ [ruby-timeouts]: https://github.com/ankane/the-ultimate-guide-to-ruby-timeouts
data/doc/rollbar.md ADDED
@@ -0,0 +1,30 @@
1
+ ### Rollbar
2
+
3
+ Because rack-timeout may raise at any point in the codepath of a timed-out request, the stack traces for similar requests may differ, causing rollbar to create separate entries for each timeout.
4
+
5
+ The recommended practice is to configure [Custom Fingerprints][rollbar-customfingerprint] on Rollbar.
6
+
7
+ [rollbar-customfingerprint]: https://docs.rollbar.com/docs/custom-grouping/
8
+
9
+ Example:
10
+
11
+ ```json
12
+ [
13
+ {
14
+ "condition": {
15
+ "eq": "Rack::Timeout::RequestTimeoutException",
16
+ "path": "body.trace.exception.class"
17
+ },
18
+ "fingerprint": "Rack::Timeout::RequestTimeoutException {{context}}",
19
+ "title": "Rack::Timeout::RequestTimeoutException {{context}}"
20
+ }
21
+ ]
22
+
23
+ ```
24
+
25
+ This configuration will generate exceptions following the pattern: `Rack::Timeout::RequestTimeoutException controller#action
26
+ `
27
+
28
+ On previous versions this configuration was made using `Rack::Timeout::Rollbar` which was removed. [More details on the Issue #122][rollbar-removal-issue].
29
+
30
+ [rollbar-removal-issue]: https://github.com/heroku/rack-timeout/issues/122
data/doc/settings.md ADDED
@@ -0,0 +1,101 @@
1
+ # Settings
2
+
3
+ Rack::Timeout has 4 settings, each of which impacts when Rack::Timeout
4
+ will raise an exception, and which type of exception will be raised.
5
+
6
+ ### Service Timeout
7
+
8
+ `service_timeout` is the most important setting.
9
+
10
+ *Service time* is the time taken from when a request first enters rack to when its response is sent back. When the application takes longer than `service_timeout` to process a request, the request's status is logged as `timed_out` and `Rack::Timeout::RequestTimeoutException` or `Rack::Timeout::RequestTimeoutError` is raised on the application thread. This may be automatically caught by the framework or plugins, so beware. Also, the exception is not guaranteed to be raised in a timely fashion, see section below about IO blocks.
11
+
12
+ Service timeout can be disabled entirely by setting the property to `0` or `false`, at which point the request skips Rack::Timeout's machinery (so no logging will be present).
13
+
14
+ ### Wait Timeout
15
+
16
+ Before a request reaches the rack application, it may have spent some time being received by the web server, or waiting in the application server's queue before being dispatched to rack. The time between when a request is received by the web server and when rack starts handling it is called the *wait time*.
17
+
18
+ On Heroku, a request will be dropped when the routing layer sees no data being transferred for over 30 seconds. (You can read more about the specifics of Heroku routing's timeout [here][heroku-routing] and [here][heroku-timeout].) In this case, it makes no sense to process a request that reaches the application after having waited more than 30 seconds. That's where the `wait_timeout` setting comes in. When a request has a wait time greater than `wait_timeout`, it'll be dropped without ever being sent down to the application, and a `Rack::Timeout::RequestExpiryError` is raised. Such requests are logged as `expired`.
19
+
20
+ [heroku-routing]: https://devcenter.heroku.com/articles/http-routing#timeouts
21
+ [heroku-timeout]: https://devcenter.heroku.com/articles/request-timeout
22
+
23
+ `wait_timeout` is set at a default of 30 seconds, matching Heroku's router's timeout.
24
+
25
+ Wait timeout can be disabled entirely by setting the property to `0` or `false`.
26
+
27
+ A request's computed wait time may affect the service timeout used for it. Basically, a request's wait time plus service time may not exceed the wait timeout. The reasoning for that is based on Heroku router's behavior, that the request would be dropped anyway after the wait timeout. So, for example, with the default settings of `service_timeout=15`, `wait_timeout=30`, a request that had 20 seconds of wait time will not have a service timeout of 15, but instead of 10, as there are only 10 seconds left before `wait_timeout` is reached. This behavior can be disabled by setting `service_past_wait` to `true`. When set, the `service_timeout` setting will always be honored. Please note that if you're using the `RACK_TIMEOUT_SERVICE_PAST_WAIT` environment variable, any value different than `"false"` will be considered `true`.
28
+
29
+ The way we're able to infer a request's start time, and from that its wait time, is through the availability of the `X-Request-Start` HTTP header, which is expected to contain the time since epoch in milliseconds. (A concession is made for nginx's sec.msec notation.)
30
+
31
+ If the `X-Request-Start` header is not present `wait_timeout` handling is skipped entirely.
32
+
33
+ ### Wait Overtime
34
+
35
+ Relying on `X-Request-Start` is less than ideal, as it computes the time since the request *started* being received by the web server, rather than the time the request *finished* being received by the web server. That poses a problem for lengthy requests.
36
+
37
+ Lengthy requests are requests with a body, such as POST requests. These take time to complete being received by the application server, especially when the client has a slow upload speed, as is common for example with mobile clients or asymmetric connections.
38
+
39
+ While we can infer the time since a request started being received, we can't tell when it completed being received, which would be preferable. We're also unable to tell the time since the last byte was sent in the request, which would be relevant in tracking Heroku's router timeout appropriately.
40
+
41
+ A request that took longer than 30s to be fully received, but that had been uploading data all that while, would be dropped immediately by Rack::Timeout because it'd be considered too old. Heroku's router, however, would not have dropped this request because data was being transmitted all along.
42
+
43
+ As a concession to these shortcomings, for requests that have a body present, we allow some additional wait time on top of `wait_timeout`. This aims to make up for time lost to long uploads.
44
+
45
+ This extra time is called *wait overtime* and can be set via `wait_overtime`. It defaults to 60 seconds. This can be disabled as usual by setting the property to `0` or `false`. When disabled, there's no overtime. If you want lengthy requests to never get expired, set `wait_overtime` to a very high number.
46
+
47
+ Keep in mind that Heroku [recommends][uploads] uploading large files directly to S3, so as to prevent the dyno from being blocked for too long and hence unable to handle further incoming requests.
48
+
49
+ [uploads]: https://devcenter.heroku.com/articles/s3#file-uploads
50
+
51
+ ### Term on Timeout
52
+
53
+ If your application timeouts fire frequently then [they can cause your application to enter a corrupt state](https://www.schneems.com/2017/02/21/the-oldest-bug-in-ruby-why-racktimeout-might-hose-your-server/). One option for resetting that bad state is to restart the entire process. If you are running in an environment with multiple processes (such as `puma -w 2`) then when a process is sent a `SIGTERM` it will exit. The webserver then knows how to restart the process. For more information on process restart behavior see:
54
+
55
+ - [Ruby Application Restart Behavior](https://devcenter.heroku.com/articles/what-happens-to-ruby-apps-when-they-are-restarted)
56
+ - [License to SIGKILL](https://www.sitepoint.com/license-to-sigkill/)
57
+
58
+ **Puma SIGTERM behavior** When a Puma worker receives a `SIGTERM` it will begin to shut down, but not exit right away. It stops accepting new requests and waits for any existing requests to finish before fully shutting down. This means that only the request that experiences a timeout will be interupted, all other in-flight requests will be allowed to run until they return or also are timed out.
59
+
60
+ After the worker process exists will Puma's parent process know to boot a replacement worker. While one process is restarting, another can still serve requests (if you have more than 1 worker process per server/dyno). Between when a process exits and when a new process boots, there will be a reduction in throughput. If all processes are restarting, then incoming requests will be blocked while new processes boot.
61
+
62
+ **How to enable** To enable this behavior you can set `term_on_timeout: 1` to an integer value. If you set it to zero or one, then the first time the process encounters a timeout, it will receive a SIGTERM.
63
+
64
+ To enable on Heroku run:
65
+
66
+ ```
67
+ $ heroku config:set RACK_TIMEOUT_TERM_ON_TIMEOUT=1
68
+ ```
69
+
70
+ **Caution** If you use this setting inside of a webserver without enabling multi-process mode, then it will exit the entire server when it fires:
71
+
72
+ - ✅ `puma -w 2 -t 5` This is OKAY
73
+ - ❌ `puma -t 5` This is NOT OKAY
74
+
75
+ If you're using a `config/puma.rb` file then make sure you are calling `workers` configuration DSL. You should see multiple workers when the server boots:
76
+
77
+ ```
78
+ [3922] Puma starting in cluster mode...
79
+ [3922] * Version 4.3.0 (ruby 2.6.5-p114), codename: Mysterious Traveller
80
+ [3922] * Min threads: 0, max threads: 16
81
+ [3922] * Environment: development
82
+ [3922] * Process workers: 2
83
+ [3922] * Phased restart available
84
+ [3922] * Listening on tcp://0.0.0.0:9292
85
+ [3922] Use Ctrl-C to stop
86
+ [3922] - Worker 0 (pid: 3924) booted, phase: 0
87
+ [3922] - Worker 1 (pid: 3925) booted, phase: 0
88
+ ```
89
+
90
+ > ✅ Notice how it says it is booting in "cluster mode" and how it gives PIDs for two worker processes at the bottom.
91
+
92
+ **How to decide the term_on_timeout value** If you set to a higher value such as `5` then rack-timeout will wait until the process has experienced five timeouts before restarting the process. Setting this value to a higher number means the application restarts processes less frequently, so throughput will be less impacted. If you set it to too high of a number, then the underlying issue of the application being put into a bad state will not be effectively mitigated.
93
+
94
+
95
+ **How do I know when a process is being restarted by rack-timeout?** This exception error should be visible in the logs:
96
+
97
+ ```
98
+ Request ran for longer than 1000ms, sending SIGTERM to process 3925
99
+ ```
100
+
101
+ > Note: Since the worker waits for all in-flight requests to finish (with puma) you may see multiple SIGTERMs to the same PID before it exits, this means that multiple requests timed out.