falcon 0.35.0 → 0.35.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5c3bb4c2f18d6b7005093348a0a91bb477ce212a286fef49179f8b3ad9f429b7
4
- data.tar.gz: 7571194deea1618ee129e8e70361758b3af7eb843ef68669a6c1adc839ae756e
3
+ metadata.gz: 162695de84edbd4350ed3dcddbeaeb96d138cc79ce76fae9bf9423098787eb9d
4
+ data.tar.gz: ff4105b570dde008f0986b57501b67d1dca71b3d3593e43d94c74f8b0126be7e
5
5
  SHA512:
6
- metadata.gz: 5b152cd97f1460687e7c6672347c96e66771fd66fabbd65d5220005c50b5f067aec3d05594e07389752d4e1ef7e2526b384a15b6d9b17b3449222e99909b186b
7
- data.tar.gz: 6d91a871d7b11010d3b4be9e9119346e401491ce087a8e0ee353b3eb9942e301136f1da02b92b3f575a4cc8d6b8d33b6dccc1fac03d49561ad330a44030990db
6
+ metadata.gz: cc21bec15739b6dd02525e1abb4d46f07f87101bd3fb0bc591e72869278441d014253e3fc819229e95002b94334407e4b66146304ff4e4b218ee00c6c08edfd4
7
+ data.tar.gz: c45bbc232136b8077f1bec1bce95801a8870233a8c33e85220d0b030304c09d4c868a0e63858430e75c984892c499959a9de92b55583f9979a6bb84f47459b2a
@@ -0,0 +1,13 @@
1
+ #!/usr/bin/env falcon-host
2
+
3
+ load :proxy, :self_signed_tls, :supervisor
4
+
5
+ supervisor
6
+
7
+ proxy "google.localhost", :self_signed_tls do
8
+ url 'https://www.google.com'
9
+ end
10
+
11
+ proxy "codeotaku.localhost", :self_signed_tls do
12
+ url 'https://www.codeotaku.com'
13
+ end
@@ -20,6 +20,7 @@
20
20
 
21
21
  require_relative '../controller/host'
22
22
  require_relative '../configuration'
23
+ require_relative '../version'
23
24
 
24
25
  require 'samovar'
25
26
 
@@ -54,7 +55,7 @@ module Falcon
54
55
  buffer.puts "Falcon Host v#{VERSION} taking flight!"
55
56
  buffer.puts "- Configuration: #{@paths.join(', ')}"
56
57
  buffer.puts "- To terminate: Ctrl-C or kill #{Process.pid}"
57
- buffer.puts "- To reload all sites: kill -HUP #{Process.pid}"
58
+ buffer.puts "- To reload: kill -HUP #{Process.pid}"
58
59
  end
59
60
 
60
61
  self.controller.run
@@ -29,8 +29,8 @@ module Falcon
29
29
  self.description = "Run one or more virtual hosts with a front-end proxy."
30
30
 
31
31
  options do
32
- option '--bind-insecure <address>', "Bind redirection to the given hostname/address", default: "http://[::]:8080"
33
- option '--bind-secure <address>', "Bind proxy to the given hostname/address", default: "https://[::]:8443"
32
+ option '--bind-insecure <address>', "Bind redirection to the given hostname/address", default: "http://[::]:80"
33
+ option '--bind-secure <address>', "Bind proxy to the given hostname/address", default: "https://[::]:443"
34
34
  end
35
35
 
36
36
  many :paths
@@ -40,7 +40,5 @@ add(:application) do
40
40
  )
41
41
  end
42
42
 
43
- service do
44
- ::Falcon::Service::Application
45
- end
43
+ service ::Falcon::Service::Application
46
44
  end
@@ -18,8 +18,8 @@
18
18
  # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
19
19
  # THE SOFTWARE.
20
20
 
21
- load(:application)
22
-
23
- add(:proxy, :application) do
21
+ add(:proxy) do
24
22
  endpoint {::Async::HTTP::Endpoint.parse(url)}
23
+
24
+ service ::Falcon::Service::Proxy
25
25
  end
@@ -19,9 +19,12 @@
19
19
  # THE SOFTWARE.
20
20
 
21
21
  require_relative '../extensions/openssl'
22
+ require_relative '../controller/proxy'
23
+ require_relative '../tls'
22
24
 
23
25
  add(:tls) do
24
- ssl_session_id {"falcon"}
26
+ ssl_session_id "falcon"
27
+ ssl_ciphers Falcon::TLS::SERVER_CIPHERS
25
28
 
26
29
  ssl_certificate_path {File.expand_path("ssl/certificate.pem", root)}
27
30
  ssl_certificates {OpenSSL::X509.load_certificates(ssl_certificate_path)}
@@ -36,6 +39,7 @@ add(:tls) do
36
39
  OpenSSL::SSL::SSLContext.new.tap do |context|
37
40
  context.add_certificate(ssl_certificate, ssl_private_key, ssl_certificate_chain)
38
41
 
42
+ context.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT
39
43
  context.session_id_context = ssl_session_id
40
44
 
41
45
  context.alpn_select_cb = lambda do |protocols|
@@ -50,7 +54,11 @@ add(:tls) do
50
54
  end
51
55
  end
52
56
 
57
+ # TODO Ruby 2.4 requires using ssl_version.
58
+ context.ssl_version = :TLSv1_2_server
59
+
53
60
  context.set_params(
61
+ ciphers: ssl_ciphers,
54
62
  verify_mode: OpenSSL::SSL::VERIFY_NONE,
55
63
  )
56
64
 
@@ -22,11 +22,13 @@ require 'async/container/controller'
22
22
 
23
23
  require_relative 'serve'
24
24
  require_relative '../middleware/proxy'
25
+ require_relative '../service/proxy'
26
+
27
+ require_relative '../tls'
25
28
 
26
29
  module Falcon
27
30
  module Controller
28
31
  class Proxy < Serve
29
- SERVER_CIPHERS = "EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5".freeze
30
32
  DEFAULT_SESSION_ID = "falcon"
31
33
 
32
34
  def initialize(command, session_id: DEFAULT_SESSION_ID, **options)
@@ -66,8 +68,10 @@ module Falcon
66
68
 
67
69
  context.session_id_context = @session_id
68
70
 
71
+ context.ssl_version = :TLSv1_2_server
72
+
69
73
  context.set_params(
70
- ciphers: SERVER_CIPHERS,
74
+ ciphers: TLS::SERVER_CIPHERS,
71
75
  verify_mode: OpenSSL::SSL::VERIFY_NONE,
72
76
  )
73
77
 
@@ -90,7 +94,8 @@ module Falcon
90
94
  @hosts = {}
91
95
 
92
96
  services.each do |service|
93
- if service.is_a?(Service::Application)
97
+ if service.is_a?(Service::Proxy)
98
+ Async.logger.info(self) {"Proxying #{service.authority} to #{service.endpoint}"}
94
99
  @hosts[service.authority] = service
95
100
  end
96
101
  end
@@ -22,6 +22,7 @@ require 'async/container/controller'
22
22
 
23
23
  require_relative 'serve'
24
24
  require_relative '../middleware/redirect'
25
+ require_relative '../service/proxy'
25
26
 
26
27
  module Falcon
27
28
  module Controller
@@ -54,7 +55,7 @@ module Falcon
54
55
  @hosts = {}
55
56
 
56
57
  services.each do |service|
57
- if service.is_a?(Service::Application)
58
+ if service.is_a?(Service::Proxy)
58
59
  @hosts[service.authority] = service
59
60
  end
60
61
  end
@@ -18,52 +18,24 @@
18
18
  # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
19
19
  # THE SOFTWARE.
20
20
 
21
- require_relative 'generic'
21
+ require_relative 'proxy'
22
22
 
23
23
  require 'async/http/endpoint'
24
24
  require 'async/io/shared_endpoint'
25
25
 
26
26
  module Falcon
27
27
  module Service
28
- class Application < Generic
28
+ class Application < Proxy
29
29
  def initialize(environment)
30
30
  super
31
31
 
32
32
  @bound_endpoint = nil
33
33
  end
34
34
 
35
- def name
36
- "#{self.class} for #{self.authority}"
37
- end
38
-
39
- def authority
40
- @evaluator.authority
41
- end
42
-
43
- def endpoint
44
- @evaluator.endpoint
45
- end
46
-
47
- def ssl_context
48
- @evaluator.ssl_context
49
- end
50
-
51
- def root
52
- @evaluator.root
53
- end
54
-
55
35
  def middleware
56
36
  @evaluator.middleware
57
37
  end
58
38
 
59
- def protocol
60
- endpoint.protocol
61
- end
62
-
63
- def scheme
64
- endpoint.scheme
65
- end
66
-
67
39
  def preload!
68
40
  if scripts = @evaluator.preload
69
41
  scripts.each do |path|
@@ -74,10 +46,6 @@ module Falcon
74
46
  end
75
47
  end
76
48
 
77
- def to_s
78
- "#{self.class} #{@evaluator.authority}"
79
- end
80
-
81
49
  def start
82
50
  Async.logger.info(self) {"Binding to #{self.endpoint}..."}
83
51
 
@@ -86,6 +54,8 @@ module Falcon
86
54
  end.wait
87
55
 
88
56
  preload!
57
+
58
+ super
89
59
  end
90
60
 
91
61
  def setup(container)
@@ -102,11 +72,15 @@ module Falcon
102
72
  task.children.each(&:wait)
103
73
  end
104
74
  end
75
+
76
+ super
105
77
  end
106
78
 
107
79
  def stop
108
80
  @bound_endpoint&.close
109
81
  @bound_endpoint = nil
82
+
83
+ super
110
84
  end
111
85
  end
112
86
  end
@@ -45,8 +45,13 @@ module Falcon
45
45
  return Async.logger # .with(name: name)
46
46
  end
47
47
 
48
- def to_s
49
- self.class.name
48
+ def start
49
+ end
50
+
51
+ def setup(container)
52
+ end
53
+
54
+ def stop
50
55
  end
51
56
  end
52
57
  end
@@ -0,0 +1,58 @@
1
+ # Copyright, 2018, by Samuel G. D. Williams. <http://www.codeotaku.com>
2
+ #
3
+ # Permission is hereby granted, free of charge, to any person obtaining a copy
4
+ # of this software and associated documentation files (the "Software"), to deal
5
+ # in the Software without restriction, including without limitation the rights
6
+ # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
7
+ # copies of the Software, and to permit persons to whom the Software is
8
+ # furnished to do so, subject to the following conditions:
9
+ #
10
+ # The above copyright notice and this permission notice shall be included in
11
+ # all copies or substantial portions of the Software.
12
+ #
13
+ # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14
+ # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15
+ # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16
+ # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17
+ # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18
+ # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
19
+ # THE SOFTWARE.
20
+
21
+ require_relative 'generic'
22
+
23
+ require 'async/http/endpoint'
24
+ require 'async/io/shared_endpoint'
25
+
26
+ module Falcon
27
+ module Service
28
+ class Proxy < Generic
29
+ def name
30
+ "#{self.class} for #{self.authority}"
31
+ end
32
+
33
+ def authority
34
+ @evaluator.authority
35
+ end
36
+
37
+ def endpoint
38
+ @evaluator.endpoint
39
+ end
40
+
41
+ def ssl_context
42
+ @evaluator.ssl_context
43
+ end
44
+
45
+ def root
46
+ @evaluator.root
47
+ end
48
+
49
+ def protocol
50
+ endpoint.protocol
51
+ end
52
+
53
+ def scheme
54
+ endpoint.scheme
55
+ end
56
+ end
57
+ end
58
+ end
@@ -18,10 +18,12 @@
18
18
  # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
19
19
  # THE SOFTWARE.
20
20
 
21
- require 'async/io/endpoint'
22
21
  require 'process/metrics'
23
22
  require 'json'
24
23
 
24
+ require 'async/io/endpoint'
25
+ require 'async/io/shared_endpoint'
26
+
25
27
  module Falcon
26
28
  module Service
27
29
  class Supervisor < Generic
@@ -67,6 +69,8 @@ module Falcon
67
69
  @bound_endpoint = Async::Reactor.run do
68
70
  Async::IO::SharedEndpoint.bound(self.endpoint)
69
71
  end.wait
72
+
73
+ super
70
74
  end
71
75
 
72
76
  def setup(container)
@@ -84,11 +88,15 @@ module Falcon
84
88
  instance.ready!
85
89
  end
86
90
  end
91
+
92
+ super
87
93
  end
88
94
 
89
95
  def stop
90
96
  @bound_endpoint&.close
91
97
  @bound_endpoint = nil
98
+
99
+ super
92
100
  end
93
101
  end
94
102
  end
@@ -0,0 +1,44 @@
1
+ # Copyright, 2018, by Samuel G. D. Williams. <http://www.codeotaku.com>
2
+ #
3
+ # Permission is hereby granted, free of charge, to any person obtaining a copy
4
+ # of this software and associated documentation files (the "Software"), to deal
5
+ # in the Software without restriction, including without limitation the rights
6
+ # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
7
+ # copies of the Software, and to permit persons to whom the Software is
8
+ # furnished to do so, subject to the following conditions:
9
+ #
10
+ # The above copyright notice and this permission notice shall be included in
11
+ # all copies or substantial portions of the Software.
12
+ #
13
+ # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14
+ # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15
+ # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16
+ # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17
+ # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18
+ # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
19
+ # THE SOFTWARE.
20
+
21
+ require_relative 'extensions/openssl'
22
+
23
+ module Falcon
24
+ module TLS
25
+ # We follow "Intermediate compatibility"
26
+ # https://wiki.mozilla.org/Security/Server_Side_TLS
27
+ SERVER_CIPHERS = [
28
+ # TLS 1.3:
29
+ "TLS_AES_128_GCM_SHA256",
30
+ "TLS_AES_256_GCM_SHA384",
31
+ "TLS_CHACHA20_POLY1305_SHA256",
32
+
33
+ # TLS 1.2:
34
+ "ECDHE-ECDSA-AES128-GCM-SHA256",
35
+ "ECDHE-RSA-AES128-GCM-SHA256",
36
+ "ECDHE-ECDSA-AES256-GCM-SHA384",
37
+ "ECDHE-RSA-AES256-GCM-SHA384",
38
+ "ECDHE-ECDSA-CHACHA20-POLY1305",
39
+ "ECDHE-RSA-CHACHA20-POLY1305",
40
+ "DHE-RSA-AES128-GCM-SHA256",
41
+ "DHE-RSA-AES256-GCM-SHA384"
42
+ ].freeze
43
+ end
44
+ end
@@ -19,5 +19,5 @@
19
19
  # THE SOFTWARE.
20
20
 
21
21
  module Falcon
22
- VERSION = "0.35.0"
22
+ VERSION = "0.35.1"
23
23
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: falcon
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.35.0
4
+ version: 0.35.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Samuel Williams
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-01-30 00:00:00.000000000 Z
11
+ date: 2020-01-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: async
@@ -259,6 +259,7 @@ files:
259
259
  - examples/benchmark/config.ru
260
260
  - examples/benchmark/falcon.rb
261
261
  - examples/csv/config.ru
262
+ - examples/google/falcon.rb
262
263
  - examples/hello/config.ru
263
264
  - examples/hello/falcon.rb
264
265
  - examples/hello/preload.rb
@@ -317,8 +318,10 @@ files:
317
318
  - lib/falcon/server.rb
318
319
  - lib/falcon/service/application.rb
319
320
  - lib/falcon/service/generic.rb
321
+ - lib/falcon/service/proxy.rb
320
322
  - lib/falcon/service/supervisor.rb
321
323
  - lib/falcon/services.rb
324
+ - lib/falcon/tls.rb
322
325
  - lib/falcon/verbose.rb
323
326
  - lib/falcon/version.rb
324
327
  - lib/rack/handler/falcon.rb