puma 4.0.0 → 4.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b22a5ddb0ac910e28c3789564c70be998eaa0dec5eca7c668c6a4478ab35012b
-  data.tar.gz: b98d67fb71305279ee8169c80546e46d4b63a4be522462545023f8917d82fa72
+  metadata.gz: e85f11b3b0951de326c5bba3f9f11c77bd1f4b28d6bc82d0f33ba8c6f7ebfd2d
+  data.tar.gz: 481c1977d845730e2fe5f1186861b6e31f6fe5141f9b90b1d5269a4fcb293657
 SHA512:
-  metadata.gz: 1f7186d10e0783ffd899b65b25fdda553346074b3bad7416726a99a0f77709318a275e67856beb101ff75c9b75dba48af917d48504bf6f5fc15b64dd7c8a190a
-  data.tar.gz: 1881c9c149c4e631c9bec14cd92344785933c81bf4fb997721c61081d4a3f6f9a5bf4cbf0f8faca44110deaa7331b6177a67d734af3006b1e0b677a7782fc5f9
+  metadata.gz: 25f5a271f646bb1d4695279a5fa21a5be43639a01bcd6647adc484f84e84fc2a227097278da57456bf81de4996c749c0f6c80f9fd249e24a79555e44431bb19b
+  data.tar.gz: 2defc82769f5c36810f21aaf3f93aaad52e9073e55cb8f19aa0dbc4cfc2dcab37fd0cf458aef58b2025626ff4a59174aff7fa0faa9ebe5a3333fa7dd69ff5df7

data/History.md

@@ -1,11 +1,56 @@
 ## Master
 
-x features
-x bugfixes
+* Features
+  * Your feature goes here (#Github Number)
+
+* Bugfixes
+  * Your bugfix goes here (#Github Number)
+
+## 4.1.1 / 2019-09-05
+
+* 3 bugfixes
+  * Revert our attempt to not dup STDOUT/STDERR (#1946)
+  * Fix socket close on error (#1941)
+  * Fix workers not shutting down correctly (#1908)
+
+## 4.1.0 / 2019-08-08
+
+* 4 features 
+  * Add REQUEST_PATH on parse error message (#1831)
+  * You can now easily add custom log formatters with the `log_formatter` config option (#1816)
+  * Puma.stats now provides process start times (#1844)
+  * Add support for disabling TLSv1.1 (#1836)
+
+* 7 bugfixes
+  * Fix issue where Puma was creating zombie process entries (#1887)
+  * Fix bugs with line-endings and chunked encoding (#1812)
+  * RACK_URL_SCHEME is now set correctly in all conditions (#1491)
+  * We no longer mutate global STDOUT/STDERR, particularly the sync setting (#1837)
+  * SSL read_nonblock no longer blocks (#1857)
+  * Swallow connection errors when sending early hints (#1822)
+  * Backtrace no longer dumped when invalid pumactl commands are run (#1863)
+  
+* 5 other 
+  * Avoid casting worker_timeout twice (#1838)
+  * Removed a call to private that wasn't doing anything (#1882)
+  * README, Rakefile, docs and test cleanups (#1848, #1847, #1846, #1853, #1859, #1850, #1866, #1870, #1872, #1833, #1888)
+  * Puma.io has proper documentation now (https://puma.io/puma/)
+  * Added the Contributor Covenant CoC
+  
+* 1 known issue 
+  * Some users are still experiencing issues surrounding socket activation and Unix sockets (#1842)
+  
+## 4.0.1 / 2019-07-11
+
+* 2 bugfixes
+  * Fix socket removed after reload - should fix problems with systemd socket activation. (#1829)
+  * Add extconf tests for DTLS_method & TLS_server_method, use in minissl.rb. Should fix "undefined symbol: DTLS_method" when compiling against old OpenSSL versions. (#1832)
+* 1 other
+  * Removed unnecessary RUBY_VERSION checks. (#1827)
 
 ## 4.0.0 / 2019-06-25
 
-9 features
+* 9 features
   * Add support for disabling TLSv1.0 (#1562)
   * Request body read time metric (#1569)
   * Add out_of_band hook (#1648)
@@ -14,7 +59,9 @@ x bugfixes
   * Add option to suppress SignalException on SIGTERM (#1690)
   * Allow mutual TLS CA to be set using `ssl_bind` DSL (#1689)
   * Reactor now uses nio4r instead of `select` (#1728)
-9 x bugfixes
+  * Add status to pumactl with pidfile (#1824)
+
+* 9 bugfixes
   * Do not accept new requests on shutdown (#1685, #1808)
   * Fix 3 corner cases when request body is chunked (#1508)
   * Change pid existence check's condition branches (#1650)
@@ -1431,3 +1478,12 @@ be added back in a future date when a java Puma::MiniSSL is added.
 ## 1.0.0 / 2012-03-29
 
 * Released!
+
+## Ignore - this is for maintainers to copy-paste during release
+## Master
+
+* Features
+  * Your feature goes here (#Github Number)
+
+* Bugfixes
+  * Your bugfix goes here (#Github Number)

data/README.md

@@ -10,36 +10,38 @@
 [![Code Climate](https://codeclimate.com/github/puma/puma.svg)](https://codeclimate.com/github/puma/puma)
 [![SemVer](https://api.dependabot.com/badges/compatibility_score?dependency-name=puma&package-manager=bundler&version-scheme=semver)](https://dependabot.com/compatibility-score.html?dependency-name=puma&package-manager=bundler&version-scheme=semver)
 
-Puma is a **simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications** in development and production.
+Puma is a **simple, fast, multi-threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications**.
 
 ## Built For Speed & Concurrency
 
-Under the hood, Puma processes requests using a C-optimized Ragel extension (inherited from Mongrel) that provides fast, accurate HTTP 1.1 protocol parsing in a portable way. Puma then serves the request in a thread from an internal thread pool. Since each request is served in a separate thread, truly concurrent Ruby implementations (JRuby, Rubinius) will use all available CPU cores.
+Puma processes requests using a C-optimized Ragel extension (inherited from Mongrel) that provides fast, accurate HTTP 1.1 protocol parsing in a portable way. Puma then serves the request using a thread pool. Each request is served in a separate thread, so truly concurrent Ruby implementations (JRuby, Rubinius) will use all available CPU cores.
 
 Puma was designed to be the go-to server for [Rubinius](https://rubini.us), but also works well with JRuby and MRI.
 
-On MRI, there is a Global VM Lock (GVL) that ensures only one thread can run Ruby code at a time. But if you're doing a lot of blocking IO (such as HTTP calls to external APIs like Twitter), Puma still improves MRI's throughput by allowing blocking IO to be run concurrently.
+On MRI, there is a Global VM Lock (GVL) that ensures only one thread can run Ruby code at a time. But if you're doing a lot of blocking IO (such as HTTP calls to external APIs like Twitter), Puma still improves MRI's throughput by allowing IO waiting to be done in parallel.
 
 ## Quick Start
 
 ```
 $ gem install puma
-$ puma <any rackup (*.ru) file>
+$ puma
 ```
 
+Without arguments, puma will look for a rackup (.ru) file in the current working directory called `config.ru`.
+
 ## Frameworks
 
 ### Rails
 
-Puma is the default server for Rails, and should already be included in your Gemfile.
+Puma is the default server for Rails, included in the generated Gemfile.
 
-Then start your server with the `rails` command:
+Start your server with the `rails` command:
 
 ```
-$ rails s
+$ rails server
 ```
 
-Many configuration options are not available when using `rails s`. It is recommended that you use Puma's executable instead:
+Many configuration options and Puma features are not available when using `rails server`. It is recommended that you use Puma's executable instead:
 
 ```
 $ bundle exec puma
@@ -53,7 +55,7 @@ You can run your Sinatra application with Puma from the command line like this:
 $ ruby app.rb -s Puma
 ```
 
-Or you can configure your application to always use Puma:
+Or you can configure your Sinatra application to always use Puma:
 
 ```ruby
 require 'sinatra'
@@ -64,6 +66,9 @@ configure { set :server, :puma }
 
 Puma provides numerous options. Consult `puma -h` (or `puma --help`) for a full list of CLI options, or see [dsl.rb](https://github.com/puma/puma/blob/master/lib/puma/dsl.rb).
 
+You can also find several configuration examples as part of the
+[test](test/config) suite.
+
 ### Thread Pool
 
 Puma uses a thread pool. You can set the minimum and maximum number of threads that are available in the pool with the `-t` (or `--threads`) flag:
@@ -72,9 +77,9 @@ Puma uses a thread pool. You can set the minimum and maximum number of threads t
 $ puma -t 8:32
 ```
 
-Puma will automatically scale the number of threads, from the minimum until it caps out at the maximum, based on how much traffic is present. The current default is `0:16`. Feel free to experiment, but be careful not to set the number of maximum threads to a large number, as you may exhaust resources on the system (or hit resource limits).
+Puma will automatically scale the number of threads, from the minimum until it caps out at the maximum, based on how much traffic is present. The current default is `0:16`. Feel free to experiment, but be careful not to set the number of maximum threads to a large number, as you may exhaust resources on the system (or cause contention for the Global VM Lock, when using MRI).
 
-Be aware that additionally Puma creates threads on its own for internal purposes (e.g. handling slow clients). So even if you specify -t 1:1, expect around 7 threads created in your application.
+Be aware that additionally Puma creates threads on its own for internal purposes (e.g. handling slow clients). So, even if you specify -t 1:1, expect around 7 threads created in your application.
 
 ### Clustered mode
 
@@ -84,9 +89,9 @@ Puma also offers "clustered mode". Clustered mode `fork`s workers from a master
 $ puma -t 8:32 -w 3
 ```
 
-Note that threads are still used in clustered mode, and the `-t` thread flag setting is per worker, so `-w 2 -t 16:16` will spawn 32 threads in total.
+Note that threads are still used in clustered mode, and the `-t` thread flag setting is per worker, so `-w 2 -t 16:16` will spawn 32 threads in total, with 16 in each worker process.
 
-In clustered mode, Puma may "preload" your application. This loads all the application code *prior* to forking. Preloading reduces total memory usage of your application via an operating system feature called [copy-on-write](https://en.wikipedia.org/wiki/Copy-on-write) (Ruby 2.0+ only). Use the `--preload` flag from the command line:
+In clustered mode, Puma can "preload" your application. This loads all the application code *prior* to forking. Preloading reduces total memory usage of your application via an operating system feature called [copy-on-write](https://en.wikipedia.org/wiki/Copy-on-write) (Ruby 2.0+ only). Use the `--preload` flag from the command line:
 
 ```
 $ puma -w 3 --preload
@@ -111,8 +116,7 @@ end
 
 This code can be used to setup the process before booting the application, allowing
 you to do some Puma-specific things that you don't want to embed in your application.
-For instance, you could fire a log notification that a worker booted or send something to statsd.
-This can be called multiple times.
+For instance, you could fire a log notification that a worker booted or send something to statsd. This can be called multiple times.
 
 If you're preloading your application and using ActiveRecord, it's recommended that you setup your connection pool here:
 
@@ -125,7 +129,7 @@ on_worker_boot do
 end
 ```
 
-On top of that, you can specify a block in your configuration file that will be run before workers are forked:
+`before_fork` specifies a block to be run before workers are forked:
 
 ```ruby
 # config/puma.rb
@@ -136,15 +140,29 @@ end
 
 Preloading can’t be used with phased restart, since phased restart kills and restarts workers one-by-one, and preload_app copies the code of master into the workers.
 
+### Error handling
+
+If puma encounters an error outside of the context of your application, it will respond with a 500 and a simple
+textual error message (see `lowlevel_error` in [this file](https://github.com/puma/puma/blob/master/lib/puma/server.rb)).
+You can specify custom behavior for this scenario. For example, you can report the error to your third-party
+error-tracking service (in this example, [rollbar](http://rollbar.com)):
+
+```ruby
+lowlevel_error_handler do |e|
+  Rollbar.critical(e)
+  [500, {}, ["An error has occurred, and engineers have been informed. Please reload the page. If you continue to have problems, contact support@example.com\n"]]
+end
+```
+
 ### Binding TCP / Sockets
 
-In contrast to many other server configs which require multiple flags, Puma simply uses one URI parameter with the `-b` (or `--bind`) flag:
+Bind Puma to a socket with the `-b` (or `--bind`) flag:
 
 ```
 $ puma -b tcp://127.0.0.1:9292
 ```
 
-Want to use UNIX Sockets instead of TCP (which can provide a 5-10% performance boost)?
+To use a UNIX Socket instead of TCP:
 
 ```
 $ puma -b unix:///var/run/puma.sock
@@ -157,13 +175,14 @@ $ puma -b 'unix:///var/run/puma.sock?umask=0111'
 ```
 
 Need a bit of security? Use SSL sockets:
+
 ```
 $ puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert'
 ```
 
 #### Controlling SSL Cipher Suites
 
-Need to use or avoid specific SSL cipher suites? Use `ssl_cipher_filter` or `ssl_cipher_list` options.
+To use or avoid specific SSL cipher suites, use `ssl_cipher_filter` or `ssl_cipher_list` options.
 
 ##### Ruby:
 
@@ -179,7 +198,7 @@ $ puma -b 'ssl://127.0.0.1:9292?keystore=path_to_keystore&keystore-pass=keystore
 
 See https://www.openssl.org/docs/man1.0.2/apps/ciphers.html for cipher filter format and full list of cipher suites.
 
-Don't want to use insecure TLSv1.0 ?
+Disable TLS v1 with the `no_tlsv1` option:
 
 ```
 $ puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert&no_tlsv1=true'
@@ -187,13 +206,13 @@ $ puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert&no_tlsv1=true'
 
 ### Control/Status Server
 
-Puma has a built-in status/control app that can be used to query and control Puma itself.
+Puma has a built-in status and control app that can be used to query and control Puma.
 
 ```
 $ puma --control-url tcp://127.0.0.1:9293 --control-token foo
 ```
 
-Puma will start the control server on localhost port 9293. All requests to the control server will need to include `token=foo` as a query parameter. This allows for simple authentication. Check out [status.rb](https://github.com/puma/puma/blob/master/lib/puma/app/status.rb) to see what the app has available.
+Puma will start the control server on localhost port 9293. All requests to the control server will need to include control token (in this case, `token=foo`) as a query parameter. This allows for simple authentication. Check out [status.rb](https://github.com/puma/puma/blob/master/lib/puma/app/status.rb) to see what the status app has available.
 
 You can also interact with the control server via `pumactl`. This command will restart Puma:
 
@@ -205,13 +224,13 @@ To see a list of `pumactl` options, use `pumactl --help`.
 
 ### Configuration File
 
-You can also provide a configuration file which Puma will use with the `-C` (or `--config`) flag:
+You can also provide a configuration file with the `-C` (or `--config`) flag:
 
 ```
 $ puma -C /path/to/config
 ```
 
-If no configuration file is specified, Puma will look for a configuration file at `config/puma.rb`. If an environment is specified, either via the `-e` and `--environment` flags, or through the `RACK_ENV` environment variable, the default file location will be `config/puma/environment_name.rb`.
+If no configuration file is specified, Puma will look for a configuration file at `config/puma.rb`. If an environment is specified, either via the `-e` and `--environment` flags, or through the `RACK_ENV` environment variable, Puma looks for configuration at `config/puma/<environment_name>.rb`.
 
 If you want to prevent Puma from looking for a configuration file in those locations, provide a dash as the argument to the `-C` (or `--config`) flag:
 
@@ -219,7 +238,7 @@ If you want to prevent Puma from looking for a configuration file in those locat
 $ puma -C "-"
 ```
 
-Take the following [sample configuration](https://github.com/puma/puma/blob/master/examples/config.rb) as inspiration or check out [dsl.rb](https://github.com/puma/puma/blob/master/lib/puma/dsl.rb) to see all available options.
+Check out [dsl.rb](https://github.com/puma/puma/blob/master/lib/puma/dsl.rb) to see all available options.
 
 ## Restart
 
@@ -236,7 +255,7 @@ Puma responds to several signals. A detailed guide to using UNIX signals with Pu
 Some platforms do not support all Puma features.
 
   * **JRuby**, **Windows**: server sockets are not seamless on restart, they must be closed and reopened. These platforms have no way to pass descriptors into a new process that is exposed to Ruby. Also, cluster mode is not supported due to a lack of fork(2).
-  * **Windows**: daemon mode is not supported due to a lack of fork(2).
+  * **Windows**: Cluster mode is not supported due to a lack of fork(2).
 
 ## Known Bugs
 
@@ -278,6 +297,24 @@ $ bundle install
 $ bundle exec rake
 ```
 
+To run a single test file, use the `TEST` environment variable:
+
+```bash
+$ TEST=test/test_binder.rb bundle exec rake test
+```
+
+Or use [`m`](https://github.com/qrush/m):
+
+```
+$ bundle exec m test/test_binder.rb
+```
+
+Which can also be used to run a single test case:
+
+```
+$ bundle exec m test/test_binder.rb:37
+```
+
 ## License
 
 Puma is copyright Evan Phoenix and contributors, licensed under the BSD 3-Clause license. See the included LICENSE file for details.

data/ext/puma_http11/extconf.rb

@@ -9,6 +9,14 @@ unless ENV["DISABLE_SSL"]
       %w'ssl ssleay32'.find {|ssl| have_library(ssl, 'SSL_CTX_new')}
 
     have_header "openssl/bio.h"
+
+    # below is  yes for 1.0.2 & later
+    have_func  "DTLS_method"                  , "openssl/ssl.h"
+
+    # below are yes for 1.1.0 & later, may need to check func rather than macro
+    # with versions after 1.1.1
+    have_func  "TLS_server_method"            , "openssl/ssl.h"
+    have_macro "SSL_CTX_set_min_proto_version", "openssl/ssl.h"
   end
 end
 

data/ext/puma_http11/mini_ssl.c

@@ -142,7 +142,7 @@ VALUE engine_init_server(VALUE self, VALUE mini_ssl_ctx) {
   VALUE obj;
   SSL_CTX* ctx;
   SSL* ssl;
-  int ssl_options;
+  int min, ssl_options;
 
   ms_conn* conn = engine_alloc(self, &obj);
 
@@ -168,8 +168,14 @@ VALUE engine_init_server(VALUE self, VALUE mini_ssl_ctx) {
   ID sym_no_tlsv1 = rb_intern("no_tlsv1");
   VALUE no_tlsv1 = rb_funcall(mini_ssl_ctx, sym_no_tlsv1, 0);
 
+  ID sym_no_tlsv1_1 = rb_intern("no_tlsv1_1");
+  VALUE no_tlsv1_1 = rb_funcall(mini_ssl_ctx, sym_no_tlsv1_1, 0);
 
+#ifdef HAVE_TLS_SERVER_METHOD
+  ctx = SSL_CTX_new(TLS_server_method());
+#else
   ctx = SSL_CTX_new(SSLv23_server_method());
+#endif
   conn->ctx = ctx;
 
   SSL_CTX_use_certificate_chain_file(ctx, RSTRING_PTR(cert));
@@ -180,12 +186,36 @@ VALUE engine_init_server(VALUE self, VALUE mini_ssl_ctx) {
     SSL_CTX_load_verify_locations(ctx, RSTRING_PTR(ca), NULL);
   }
 
-  ssl_options  = SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_SINGLE_DH_USE | SSL_OP_SINGLE_ECDH_USE | SSL_OP_NO_COMPRESSION;
+  ssl_options = SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_SINGLE_ECDH_USE | SSL_OP_NO_COMPRESSION;
+
+#ifdef HAVE_SSL_CTX_SET_MIN_PROTO_VERSION
+  if (RTEST(no_tlsv1_1)) {
+    min = TLS1_2_VERSION;
+  }
+  else if (RTEST(no_tlsv1)) {
+    min = TLS1_1_VERSION;
+  }
+  else {
+    min = TLS1_VERSION;
+  }
+  
+  SSL_CTX_set_min_proto_version(ctx, min);
+
+  SSL_CTX_set_options(ctx, ssl_options);
 
-  if(RTEST(no_tlsv1)) {
+#else
+  /* As of 1.0.2f, SSL_OP_SINGLE_DH_USE key use is always on */
+  ssl_options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_SINGLE_DH_USE;
+
+  if (RTEST(no_tlsv1)) {
     ssl_options |= SSL_OP_NO_TLSv1;
   }
+  if(RTEST(no_tlsv1_1)) {
+    ssl_options |= SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1;
+  }
   SSL_CTX_set_options(ctx, ssl_options);
+#endif
+
   SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
 
   if (!NIL_P(ssl_cipher_filter)) {
@@ -232,8 +262,11 @@ VALUE engine_init_server(VALUE self, VALUE mini_ssl_ctx) {
 VALUE engine_init_client(VALUE klass) {
   VALUE obj;
   ms_conn* conn = engine_alloc(klass, &obj);
-
+#ifdef HAVE_DTLS_METHOD
   conn->ctx = SSL_CTX_new(DTLS_method());
+#else
+  conn->ctx = SSL_CTX_new(DTLSv1_method());
+#endif
   conn->ssl = SSL_new(conn->ctx);
   SSL_set_app_data(conn->ssl, NULL);
   SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL);
@@ -452,14 +485,35 @@ void Init_mini_ssl(VALUE puma) {
   // OpenSSL Build / Runtime/Load versions
 
   /* Version of OpenSSL that Puma was compiled with */
-	rb_define_const(mod, "OPENSSL_VERSION", rb_str_new2(OPENSSL_VERSION_TEXT));
+  rb_define_const(mod, "OPENSSL_VERSION", rb_str_new2(OPENSSL_VERSION_TEXT));
 
 #if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000
-	/* Version of OpenSSL that Puma loaded with */
-	rb_define_const(mod, "OPENSSL_LIBRARY_VERSION", rb_str_new2(OpenSSL_version(OPENSSL_VERSION)));
+  /* Version of OpenSSL that Puma loaded with */
+  rb_define_const(mod, "OPENSSL_LIBRARY_VERSION", rb_str_new2(OpenSSL_version(OPENSSL_VERSION)));
 #else
-	rb_define_const(mod, "OPENSSL_LIBRARY_VERSION", rb_str_new2(SSLeay_version(SSLEAY_VERSION)));
+  rb_define_const(mod, "OPENSSL_LIBRARY_VERSION", rb_str_new2(SSLeay_version(SSLEAY_VERSION)));
 #endif
+ 
+#if defined(OPENSSL_NO_SSL3) || defined(OPENSSL_NO_SSL3_METHOD) 
+  /* True if SSL3 is not available */ 
+  rb_define_const(mod, "OPENSSL_NO_SSL3", Qtrue); 
+#else 
+  rb_define_const(mod, "OPENSSL_NO_SSL3", Qfalse); 
+#endif 
+
+#if defined(OPENSSL_NO_TLS1) || defined(OPENSSL_NO_TLS1_METHOD) 
+  /* True if TLS1 is not available */ 
+  rb_define_const(mod, "OPENSSL_NO_TLS1", Qtrue); 
+#else 
+  rb_define_const(mod, "OPENSSL_NO_TLS1", Qfalse); 
+#endif 
+
+#if defined(OPENSSL_NO_TLS1_1) || defined(OPENSSL_NO_TLS1_1_METHOD) 
+  /* True if TLS1_1 is not available */ 
+  rb_define_const(mod, "OPENSSL_NO_TLS1_1", Qtrue); 
+#else 
+  rb_define_const(mod, "OPENSSL_NO_TLS1_1", Qfalse); 
+#endif 
 
   rb_define_singleton_method(mod, "check", noop, 0);