geofiltering-thruster 0.1.17-x86_64-linux

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: a677a18bc873d8745b6fc94f762bd5bee878abb166e8abe620361bbae0da432b
+  data.tar.gz: 323d42a72042f9418296e77c579156014168eb1beea8461bb534df0a88fa166f
+SHA512:
+  metadata.gz: 85f051ab08b0f3c77325c4641aa6a70a6536470d04cb40ab108707632e1617b7ad66f3dd33e75ccecdc491b6833bbdc523bfc0b604e4eabde4bb9beacfc525f3
+  data.tar.gz: '0579b7d1911c740c452f976765ac7a966250a52afc8345a92f15f3e887905d760bbacc3ef65e90db0998717a3fdd2058a6d14fe2fbaefafceaf555f29a5a40b1'

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 37signals, LLC
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,125 @@
+# GeoFiltering-Thruster
+
+This fork adds IP based GeoFiltering capability to Thruster. 
+
+==> **I'm a golang novice and these changes were made with ample help from Claude. Use it at your own risk.** <==
+
+Thruster is an HTTP/2 proxy for simple production-ready deployments of Rails
+applications. It runs alongside the Puma webserver to provide a few additional
+features that help your app run efficiently and safely on the open Internet:
+
+- HTTP/2 support
+- Automatic TLS certificate management with Let's Encrypt
+- Basic HTTP caching of public assets
+- X-Sendfile support and compression, to efficiently serve static files
+
+Thruster aims to be as zero-config as possible. It has no configuration file,
+and most features are automatically enabled with sensible defaults. The goal is
+that simply running your Puma server with Thruster should be enough to get a
+production-ready setup.
+
+The only exception to this is TLS provisioning: in order for Thruster to
+provision TLS certificates, it needs to know which domain those certificates
+should be for. So to use TLS, you need to set the `TLS_DOMAIN` environment
+variable. If you don't set this variable, Thruster will run in HTTP-only mode.
+
+Thruster also wraps the Puma process so that you can use it without managing
+multiple processes yourself. This is particularly useful when running in a
+containerized environment, where you typically won't have a process manager
+available to coordinate the processes. Instead you can use Thruster as your
+`CMD`, and it will manage Puma for you.
+
+Thruster was originally created for the [ONCE](https://once.com) project, where
+we wanted a no-fuss way to serve a Rails application from a single container,
+directly on the open Internet. We've since found it useful for simple
+deployments of other Rails applications.
+
+
+## Installation
+
+Thruster is distributed as a Ruby gem. Because Thruster is written in Go, we
+provide several pre-built platform-specific binaries. Installing the gem will
+automatically fetch the appropriate binary for your platform.
+
+To install it, add it to your application's Gemfile:
+
+```ruby
+gem 'thruster'
+```
+
+Or install it globally:
+
+```sh
+$ gem install thruster
+```
+
+
+## Usage
+
+To run your Puma application inside Thruster, prefix your usual command string
+with `thrust`. For example:
+
+```sh
+$ thrust bin/rails server
+```
+
+Or with automatic TLS:
+
+```sh
+$ TLS_DOMAIN=myapp.example.com thrust bin/rails server
+```
+
+
+## Custom configuration
+
+In most cases, Thruster should work out of the box with no additional
+configuration. But if you need to customize its behavior, there are a few
+environment variables that you can set.
+
+| Variable Name         | Description                                             | Default Value |
+|-----------------------------|---------------------------------------------------------|---------------|
+| `TLS_DOMAIN`                | Comma-separated list of domain names to use for TLS provisioning. If not set, TLS will be disabled. | None |
+| `TARGET_PORT`               | The port that your Puma server should run on. Thruster will set `PORT` to this value when starting your server. | 3000 |
+| `CACHE_SIZE`                | The size of the HTTP cache in bytes. | 64MB |
+| `MAX_CACHE_ITEM_SIZE`       | The maximum size of a single item in the HTTP cache in bytes. | 1MB |
+| `GZIP_COMPRESSION_ENABLED`  | Whether to enable gzip compression for static assets. Set to `0` or `false` to disable. | Enabled |
+| `X_SENDFILE_ENABLED`        | Whether to enable X-Sendfile support. Set to `0` or `false` to disable. | Enabled |
+| `MAX_REQUEST_BODY`          | The maximum size of a request body in bytes. Requests larger than this size will be refused; `0` means no maximum size is enforced. | `0` |
+| `STORAGE_PATH`              | The path to store Thruster's internal state. Provisioned TLS certificates will be stored here, so that they will not need to be requested every time your application is started. | `./storage/thruster` |
+| `BAD_GATEWAY_PAGE`          | Path to an HTML file to serve when the backend server returns a 502 Bad Gateway error. If there is no file at the specific path, Thruster will serve an empty 502 response instead. Because Thruster boots very quickly, a custom page can be a useful way to show that your application is starting up. | `./public/502.html` |
+| `HTTP_PORT`                 | The port to listen on for HTTP traffic. | 80 |
+| `HTTPS_PORT`                | The port to listen on for HTTPS traffic. | 443 |
+| `HTTP_IDLE_TIMEOUT`         | The maximum time in seconds that a client can be idle before the connection is closed. | 60 |
+| `HTTP_READ_TIMEOUT`         | The maximum time in seconds that a client can take to send the request headers and body. | 30 |
+| `HTTP_WRITE_TIMEOUT`        | The maximum time in seconds during which the client must read the response. | 30 |
+| `ACME_DIRECTORY`            | The URL of the ACME directory to use for TLS certificate provisioning. | `https://acme-v02.api.letsencrypt.org/directory` (Let's Encrypt production) |
+| `EAB_KID`                   | The EAB key identifier to use when provisioning TLS certificates, if required. | None |
+| `EAB_HMAC_KEY`              | The Base64-encoded EAB HMAC key to use when provisioning TLS certificates, if required. | None |
+| `FORWARD_HEADERS`           | Whether to forward X-Forwarded-* headers from the client. | Disabled when running with TLS; enabled otherwise |
+| `LOG_REQUESTS`              | Log all requests. Set to `0` or `false` to disable request logging | Enabled |
+| `DEBUG`                     | Set to `1` or `true` to enable debug logging. | Disabled |
+| `ALLOW_COUNTRIES`           | Comma-separated list of ISO country codes to allow (e.g., "US,CA,GB"). Requests from other countries will be blocked. Automatically enables GeoIP2. | None |
+| `BLOCK_COUNTRIES`           | Comma-separated list of ISO country codes to block (e.g., "CN,RU"). Requests from these countries will be blocked. Automatically enables GeoIP2. | None |
+
+To prevent naming clashes with your application's own environment variables,
+Thruster's environment variables can optionally be prefixed with `THRUSTER_`.
+For example, `TLS_DOMAIN` can also be written as `THRUSTER_TLS_DOMAIN`. Whenever
+a prefixed variable is set, it will take precedence over the unprefixed version.
+
+## GeoIP2 Integration
+
+Thruster includes optional GeoIP2 support for geographic location detection based on client IP addresses. When enabled, Thruster adds geographic information to request headers that can be accessed by your application.
+
+### Enabling GeoIP2
+
+GeoIP2 functionality is automatically enabled when you configure country filtering (`ALLOW_COUNTRIES` or `BLOCK_COUNTRIES`). The GeoIP2 database file should be placed in one of these common locations:
+   - `./GeoLite2-Country.mmdb`
+   - `./data/GeoLite2-Country.mmdb`
+   - `./storage/GeoLite2-Country.mmdb`
+
+When a request is processed with GeoIP2 enabled, Thruster will add the following header to the request:
+- `X-GeoIP-Country`: ISO country code (e.g., "US", "CA")
+
+Your Rails application can then access this information via `request.headers['X-GeoIP-Country']`.
+
+**Note:** You'll need to obtain a GeoIP2 database file from MaxMind. The free GeoLite2 databases are available at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data.

data/exe/thrust

@@ -0,0 +1,11 @@
+#! /usr/bin/env ruby
+
+PLATFORM = [ :cpu, :os ].map { |m| Gem::Platform.local.send(m) }.join("-")
+EXECUTABLE = File.expand_path(File.join(__dir__, PLATFORM, "thrust"))
+
+if File.exist?(EXECUTABLE)
+  exec(EXECUTABLE, *ARGV)
+else
+  STDERR.puts("ERROR: Unsupported platform: #{PLATFORM}")
+  exit 1
+end

data/lib/thruster/version.rb

@@ -0,0 +1,3 @@
+module Thruster
+  VERSION = "0.1.17"
+end

data/lib/thruster.rb

@@ -0,0 +1,4 @@
+module Thruster
+end
+
+require_relative "thruster/version"

metadata

@@ -0,0 +1,50 @@
+--- !ruby/object:Gem::Specification
+name: geofiltering-thruster
+version: !ruby/object:Gem::Version
+  version: 0.1.17
+platform: x86_64-linux
+authors:
+- Kevin McConnell
+- Bhal Agashe
+bindir: exe
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies: []
+description: A zero-config HTTP/2 proxy for lightweight production deployments with
+  country-based request filtering
+email: kevin@37signals.com
+executables:
+- thrust
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- exe/thrust
+- exe/x86_64-linux/thrust
+- lib/thruster.rb
+- lib/thruster/version.rb
+homepage: https://github.com/bagashe/geofiltering-thruster
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/bagashe/geofiltering-thruster
+  rubygems_mfa_required: 'true'
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.9
+specification_version: 4
+summary: Zero-config HTTP/2 proxy with GeoIP filtering
+test_files: []