OnixGH
OnixGH
Many things can go wrong with serious issues like being out of file descriptors (or for example being out of memory). See if there are some things that can be...
`SamlClient.decodeAndValidateSamlResponse()` fails if the response doesn't contain `NameID`. It seems like the field used to be required, but isn't anymore at the moment. Although most IDPs probably do send it,...
Currently it logs to a [file](https://github.com/phusion/passenger-docker/blob/master/image/config/redis.conf#L108), which we could change to an empty string (`""`) for logging to `stdout`.
As mentioned in https://github.com/phusion/passenger-docker/issues/111, we currently forward only error.log to stdout. Consider forwarding access.log too.
Now it's only implicitely mentioned via the connection to the nginx proxy module, which also filters underscores.
Things like: - slow client protection and integration with battle-tested webservers (Nginx/Apache). - documented security options (besides user switching you can also turn off the header version, etc.). - Passenger...
Passenger doesn't support zero-downtime upgrades at this time, but it would be good to mention somewhere that the usual way to do this is via loadbalancer removal / upgrade /...
https://www.phusionpassenger.com/library/config/nginx/reference/#passenger_core_file_descriptor_ulimit Should mention something about whether Nginx is run as root, etc.
The [deployment walkthrough](https://www.phusionpassenger.com/library/walkthroughs/deploy/meteor/ownserver/integration_mode.html) already warns about websockets, but there are [more places]([https://www.phusionpassenger.com/library/deploy/apache/deploy/meteor/) where you can arrive via Google. Since meteor relies heavily on websockets, maybe these sections should be emptied...
When checking http://domain/library/\* then all links to http://domain/somethingelse are seen as external and ignored. However, this causes a specific error case not to be seen: url_for links that have a...