4

What are the benefits of running a app server in user space, like Unicorn, as opposed to as sudo?

view full story
linux-howto

http://serverfault.com – I've been using Phusion Passenger + Rails/Sinatra for a lot of projects. Passenger runs under the main Nginx or Apache process. But I'm interested in Unicorn, partly because it runs in user space. You just set up Nginx to proxy_pass requests to a unix socket that is connected to Unicorn processes that you fire up under a normal user account. Is there anything to be said as far as advantages and disadvantages of these two alternative approaches to running an web app? I mean in terms of ease of administration, stability, simplicity, etc. (HowTos)

xskl's picture
Submitted by xskl on 07/03/2012 – Made popular on 07/03/2012

Stories similar to What are the benefits of running a app server in user space, like Unicorn, as opposed to as sudo?

I have few Unicorn servers running on Ubuntu 12.04 and I am looking to secure them against exploits which give remote shell.

My main concern is, if it makes sense to deploy ModSecurity?

Another thing is, that I have seen Unicorn typically runs from port 8080, and it's forwarded to Apache/NginX server port 80 which serves as reverse-proxy.

I was thinking that I could employ the following:

ModS

I'm building a service-based web application. It consists of one primary rails app purely meant to handle requests, and a lot of other sinatra services running to actually process these requests.

I've decided to go with unicorn for the actual webserver for my rails app.

My dilemma is in picking the right stack to go with.

Our server is showing a lot of 500 internal error pages for random requests. We know the app is working because our code is unit tested. The server setup is Nginx with Unicorn running a single Rails apps on an Ubuntu 10.4 LTS.

I'm developing a rails app and in general just running service nginx stop will cause the Phusion Passenger processes to be killed. But I'm having an instance where this isn't happending (see top -c screenshot). Have I been doing this wrong? I though these processes were tied to our nginx process and would die in this scenario?

thx

In the process of deploying multiple EC2 instances running a Rails app over Unicorn.

I tried to deploy my app on EC2 (opened port: 22, 80, 443)

App: Rails 3.2.2

Server:

nginx 1.2.1 unicorn gem (latest) ubuntu 12.04

Deployer: Capistrano

I tried to follow the instruction in Railscasts : http://railscasts.com/episodes/335-deploying-to-a-vps (Sorry, it's a Pro Episode)

Anything fine with normal port 80 http but i got Error 102 after trying to use SSL, here is the nginx.conf co

I want to supervise my Rails application running on unicorn with monit.

Running following two from shell when logged in as root would fail:

"/srv/app/current/config/unicorn.sh start" su -c "/srv/app/current/config/unicorn.sh start" app

What does work is:

su -c "/srv/app/current/config/unicorn.sh start" - app

It does not suprise me, I'm using rbenv which requires some alterations in $PATH

Im trying to catch a 502 bad gataway for nginx with unicorn. This error is thrown when unicorn is not running. Im trying to use a custom error page instead for when unicorn is not running to no avail.

What did I miss?

I've created an nginx/unicorn/capistrato setup on Ubuntu (Amazon EC2) by following mostly this guide.