Normally, we don't have wait for child process to exit, since init can
take care of them. But in containerized environment, pid 0 init might
not be available, and defunct processes can be piled up. This commit
ensures that OCSP and neverbleed processes are waited for before
worker process exits.
Previously, we didn't retry request on connection failure. Sometimes
we hit the edge case where connection is about to lost just when we
write request. To avoid this situation, we now retry request to
failed attempt. We also add ConnectBlocker to MemcachedConnection not
to attempt to connect to memcached if connection could not be made
previously.
This change allows user to disable TLS per frontend address using
no-tls keyword in --frontend option. We removed --frontend-no-tls in
favor of this new feature.
To keep ipc channel being read from worker process, default loop
should not be stopped. To join all worker threads, now we use
dedicated thread to do this. When all worker threads are joined,
ev_async_send sends message to default loop, and it is finally
stopped.
The control process handles signals, reads configuration, reads
private keys, and bind port (which may be privileged one). It never
drop privileges, so that it can execute new binary with the same
privilege. It forks worker process. The worker process handles all
incoming connections. It drops privilege.