falcon 0.33.6 → 0.33.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0ae48adc2da7423f9a80fbe9d8cbf4baa941e7dfcde0375078c78d4d07734be8
-  data.tar.gz: 63ed9a1a2e5a12d77efbb5e1a139f5fd4c0b0e2735787f4f482fed7ef7af6275
+  metadata.gz: b160c1d16bc68ba43ddf9c3b29b94ff409d8574369640bb77bd0318f11f39bfc
+  data.tar.gz: fd449ff09cb4dc3fe071ed8cf225371f4d183102af3c44c2a7a4c1f6c8af9528
 SHA512:
-  metadata.gz: 6b06a2aa3fb7663e369cbe83f3997c8250030ac5b45a5e5e7109c41586d54a46305457dadf7cc949bf3befa2779d0c114db43e2c1260debbc2402cc50230a88b
-  data.tar.gz: 5419893f00dc42f3040fc211cde5e6af115df10da2bb6004aa0ca6f647e37469fa9d67ec00c178f1cdb3b2385cf0d653f4e11fe8a02af4bba739793c77fc78b5
+  metadata.gz: 600d0288267ec4528a412cba8ccb13d494280d3a24c6dbeed7256fb510ff49955f5fd5aceb41c6ad07325d3e84650261163170963bb907aa34990c3c68c980cb
+  data.tar.gz: d88b88e815c301f5ea4a2f7f8c51e772b9512576db4b6ace0daf4dbb11b1eb6db46e1140a53ce085912f74b925d96b50e2b18b05194bbc95e56075f4a78def63

data/README.md

@@ -42,6 +42,8 @@ Alternatively, install in terminal:
 
 ## Usage
 
+### Development
+
 You can run `falcon serve` directly. It will load the `config.ru` and start serving on https://localhost:9292. Please [try the interactive online tutorial](https://katacoda.com/ioquatix/scenarios/falcon-introduction).
 
 The `falcon serve` command has the following options for you to use:
@@ -77,6 +79,45 @@ To run on a different port:
 $ falcon serve --port 3000
 ```
 
+### Virtual Hosts
+
+Falcon can replace Nginx as a virtual server for Ruby applications. **This is an experimental feature**.
+
+```
+/--------------------\
+|   Client Browser   |
+\--------------------/
+          ||          
+  (TLS + HTTP/2 TCP)
+          ||          
+/--------------------\
+| Falcon Proxy (SNI) |
+\--------------------/
+          ||          
+  (HTTP/2 UNIX PIPE)
+          ||          
+/--------------------\
+| Application Server |   (Rack Compatible)
+\--------------------/	
+```
+
+You need to create a `falcon.rb` configuration in the root of your application, and start the virtual host:
+
+```
+$ cat /srv/http/example.com/falcon.rb
+#!/usr/bin/env -S falcon host
+
+load :rack, :lets_encrypt_tls, :supervisor
+
+rack 'hello.localhost', :lets_encrypt_tls
+
+supervisor
+
+% falcon virtual /srv/http/example.com/falcon.rb
+```
+
+The falcon virtual server is hard coded to redirect http traffic to https, and will serve each application using an internal SNI-based proxy.
+
 ### Integration with Rails
 
 Falcon works perfectly with `rails` apps.

data/lib/falcon/configurations/tls.rb

@@ -18,19 +18,23 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.
 
+require_relative '../extensions/openssl'
+
 add(:tls) do
 	ssl_session_id {"falcon"}
 	
 	ssl_certificate_path {File.expand_path("ssl/certificate.pem", root)}
-	ssl_certificate {OpenSSL::X509::Certificate.new(File.read(ssl_certificate_path))}
+	ssl_certificates {OpenSSL::X509.load_certificates(ssl_certificate_path)}
+	
+	ssl_certificate {ssl_certificates[0]}
+	ssl_certificate_chain {ssl_certificates[1..-1]}
 	
 	ssl_private_key_path {File.expand_path("ssl/private.key", root)}
 	ssl_private_key {OpenSSL::PKey::RSA.new(File.read(ssl_private_key_path))}
 	
 	ssl_context do
 		OpenSSL::SSL::SSLContext.new.tap do |context|
-			context.cert = ssl_certificate
-			context.key = ssl_private_key
+			context.add_certificate(ssl_certificate, ssl_private_key, ssl_certificate_chain)
 			
 			context.session_id_context = ssl_session_id
 			

data/lib/falcon/extensions/openssl.rb

@@ -0,0 +1,31 @@
+# Copyright, 2018, by Samuel G. D. Williams. <http://www.codeotaku.com>
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+require 'openssl/x509'
+
+module OpenSSL::X509
+	CERTIFICATE_PATTERN = /-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/m
+	
+	def self.load_certificates(path)
+		File.read(path).scan(CERTIFICATE_PATTERN).collect do |text|
+			Certificate.new(text)
+		end
+	end
+end

data/lib/falcon/version.rb

@@ -19,5 +19,5 @@
 # THE SOFTWARE.
 
 module Falcon
-	VERSION = "0.33.6"
+	VERSION = "0.33.7"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: falcon
 version: !ruby/object:Gem::Version
-  version: 0.33.6
+  version: 0.33.7
 platform: ruby
 authors:
 - Samuel Williams
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-06-12 00:00:00.000000000 Z
+date: 2019-06-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: async
@@ -277,6 +277,7 @@ files:
 - lib/falcon/configurations/supervisor.rb
 - lib/falcon/configurations/tls.rb
 - lib/falcon/endpoint.rb
+- lib/falcon/extensions/openssl.rb
 - lib/falcon/host.rb
 - lib/falcon/hosts.rb
 - lib/falcon/proxy.rb