puma 5.0.4 → 5.5.1

data/lib/puma/binder.rb

@@ -13,7 +13,7 @@ module Puma
     require 'puma/minissl'
     require 'puma/minissl/context_builder'
 
-    # Odd bug in 'pure Ruby' nio4r verion 2.5.2, which installs with Ruby 2.3.
+    # Odd bug in 'pure Ruby' nio4r version 2.5.2, which installs with Ruby 2.3.
     # NIO doesn't create any OpenSSL objects, but it rescues an OpenSSL error.
     # The bug was that it did not require openssl.
     # @todo remove when Ruby 2.3 support is dropped
@@ -41,6 +41,7 @@ module Puma
         "rack.multithread".freeze => conf.options[:max_threads] > 1,
         "rack.multiprocess".freeze => conf.options[:workers] >= 1,
         "rack.run_once".freeze => false,
+        RACK_URL_SCHEME => conf.options[:rack_url_scheme],
         "SCRIPT_NAME".freeze => ENV['SCRIPT_NAME'] || "",
 
         # I'd like to set a default CONTENT_TYPE here but some things
@@ -56,6 +57,7 @@ module Puma
 
       @envs = {}
       @ios = []
+      localhost_authority
     end
 
     attr_reader :ios
@@ -95,6 +97,7 @@ module Puma
     # @version 5.0.0
     #
     def create_activated_fds(env_hash)
+      @events.debug "ENV['LISTEN_FDS'] #{ENV['LISTEN_FDS'].inspect}  env_hash['LISTEN_PID'] #{env_hash['LISTEN_PID'].inspect}"
       return [] unless env_hash['LISTEN_FDS'] && env_hash['LISTEN_PID'].to_i == $$
       env_hash['LISTEN_FDS'].to_i.times do |index|
         sock = TCPServer.for_fd(socket_activation_fd(index))
@@ -111,6 +114,43 @@ module Puma
       ["LISTEN_FDS", "LISTEN_PID"] # Signal to remove these keys from ENV
     end
 
+    # Synthesize binds from systemd socket activation
+    #
+    # When systemd socket activation is enabled, it can be tedious to keep the
+    # binds in sync. This method can synthesize any binds based on the received
+    # activated sockets. Any existing matching binds will be respected.
+    #
+    # When only_matching is true in, all binds that do not match an activated
+    # socket is removed in place.
+    #
+    # It's a noop if no activated sockets were received.
+    def synthesize_binds_from_activated_fs(binds, only_matching)
+      return binds unless activated_sockets.any?
+
+      activated_binds = []
+
+      activated_sockets.keys.each do |proto, addr, port|
+        if port
+          tcp_url = "#{proto}://#{addr}:#{port}"
+          ssl_url = "ssl://#{addr}:#{port}"
+          ssl_url_prefix = "#{ssl_url}?"
+
+          existing = binds.find { |bind| bind == tcp_url || bind == ssl_url || bind.start_with?(ssl_url_prefix) }
+
+          activated_binds << (existing || tcp_url)
+        else
+          # TODO: can there be a SSL bind without a port?
+          activated_binds << "#{proto}://#{addr}"
+        end
+      end
+
+      if only_matching
+        activated_binds
+      else
+        binds | activated_binds
+      end
+    end
+
     def parse(binds, logger, log_msg = 'Listening')
       binds.each do |str|
         uri = URI.parse str
@@ -123,21 +163,16 @@ module Puma
             io = inherit_tcp_listener uri.host, uri.port, sock
             logger.log "* Activated #{str}"
           else
+            ios_len = @ios.length
             params = Util.parse_query uri.query
 
-            opt = params.key?('low_latency')
+            opt = params.key?('low_latency') && params['low_latency'] != 'false'
             bak = params.fetch('backlog', 1024).to_i
 
             io = add_tcp_listener uri.host, uri.port, opt, bak
 
-            @ios.each do |i|
-              next unless TCPServer === i
-              addr = if i.local_address.ipv6?
-                "[#{i.local_address.ip_unpack[0]}]:#{i.local_address.ip_unpack[1]}"
-              else
-                i.local_address.ip_unpack.join(':')
-              end
-
+            @ios[ios_len..-1].each do |i|
+              addr = loc_addr_str i
               logger.log "* #{log_msg} on http://#{addr}"
             end
           end
@@ -145,11 +180,20 @@ module Puma
           @listeners << [str, io] if io
         when "unix"
           path = "#{uri.host}#{uri.path}".gsub("%20", " ")
+          abstract = false
+          if str.start_with? 'unix://@'
+            raise "OS does not support abstract UNIXSockets" unless Puma.abstract_unix_socket?
+            abstract = true
+            path = "@#{path}"
+          end
 
           if fd = @inherited_fds.delete(str)
+            @unix_paths << path unless abstract
             io = inherit_unix_listener path, fd
             logger.log "* Inherited #{str}"
-          elsif sock = @activated_sockets.delete([ :unix, path ])
+          elsif sock = @activated_sockets.delete([ :unix, path ]) ||
+              @activated_sockets.delete([ :unix, File.realdirpath(path) ])
+            @unix_paths << path unless abstract || File.exist?(path)
             io = inherit_unix_listener path, sock
             logger.log "* Activated #{str}"
           else
@@ -173,6 +217,7 @@ module Puma
               end
             end
 
+            @unix_paths << path unless abstract || File.exist?(path)
             io = add_unix_listener path, umask, mode, backlog
             logger.log "* #{log_msg} on #{str}"
           end
@@ -183,7 +228,13 @@ module Puma
           raise "Puma compiled without SSL support" unless HAS_SSL
 
           params = Util.parse_query uri.query
-          ctx = MiniSSL::ContextBuilder.new(params, @events).context
+
+          # If key and certs are not defined and localhost gem is required.
+          # localhost gem will be used for self signed
+          # Load localhost authority if not loaded.
+          ctx = localhost_authority && localhost_authority_context if params.empty?
+
+          ctx ||= MiniSSL::ContextBuilder.new(params, @events).context
 
           if fd = @inherited_fds.delete(str)
             logger.log "* Inherited #{str}"
@@ -192,8 +243,13 @@ module Puma
             io = inherit_ssl_listener sock, ctx
             logger.log "* Activated #{str}"
           else
+            ios_len = @ios.length
             io = add_ssl_listener uri.host, uri.port, ctx
-            logger.log "* Listening on #{str}"
+
+            @ios[ios_len..-1].each do |i|
+              addr = loc_addr_str i
+              logger.log "* #{log_msg} on ssl://#{addr}?#{uri.query}"
+            end
           end
 
           @listeners << [str, io] if io
@@ -221,17 +277,37 @@ module Puma
       end
 
       # Also close any unused activated sockets
-      @activated_sockets.each do |key, sock|
-        logger.log "* Closing unused activated socket: #{key.join ':'}"
-        begin
-          sock.close
-        rescue SystemCallError
+      unless @activated_sockets.empty?
+        fds = @ios.map(&:to_i)
+        @activated_sockets.each do |key, sock|
+          next if fds.include? sock.to_i
+          logger.log "* Closing unused activated socket: #{key.first}://#{key[1..-1].join ':'}"
+          begin
+            sock.close
+          rescue SystemCallError
+          end
+          # We have to unlink a unix socket path that's not being used
+          File.unlink key[1] if key.first == :unix
         end
-        # We have to unlink a unix socket path that's not being used
-        File.unlink key[1] if key[0] == :unix
       end
     end
 
+    def localhost_authority
+      @localhost_authority ||= Localhost::Authority.fetch if defined?(Localhost::Authority) && !Puma::IS_JRUBY
+    end
+
+    def localhost_authority_context
+      return unless localhost_authority
+
+      key_path, crt_path = if [:key_path, :certificate_path].all? { |m| localhost_authority.respond_to?(m) }
+        [localhost_authority.key_path, localhost_authority.certificate_path]
+      else
+        local_certificates_path = File.expand_path("~/.localhost")
+        [File.join(local_certificates_path, "localhost.key"), File.join(local_certificates_path, "localhost.crt")]
+      end
+      MiniSSL::ContextBuilder.new({ "key" => key_path, "cert" => crt_path }, @events).context
+    end
+
     # Tell the server to listen on host +host+, port +port+.
     # If +optimize_for_latency+ is true (the default) then clients connecting
     # will be optimized for latency over throughput.
@@ -249,6 +325,7 @@ module Puma
 
       host = host[1..-2] if host and host[0..0] == '['
       tcp_server = TCPServer.new(host, port)
+
       if optimize_for_latency
         tcp_server.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1)
       end
@@ -260,11 +337,7 @@ module Puma
     end
 
     def inherit_tcp_listener(host, port, fd)
-      if fd.kind_of? TCPServer
-        s = fd
-      else
-        s = TCPServer.for_fd(fd)
-      end
+      s = fd.kind_of?(::TCPServer) ? fd : ::TCPServer.for_fd(fd)
 
       @ios << s
       s
@@ -274,6 +347,8 @@ module Puma
                          optimize_for_latency=true, backlog=1024)
 
       raise "Puma compiled without SSL support" unless HAS_SSL
+      # Puma will try to use local authority context if context is supplied nil
+      ctx ||= localhost_authority_context
 
       if host == "localhost"
         loopback_addresses.each do |addr|
@@ -301,12 +376,11 @@ module Puma
 
     def inherit_ssl_listener(fd, ctx)
       raise "Puma compiled without SSL support" unless HAS_SSL
+      # Puma will try to use local authority context if context is supplied nil
+      ctx ||= localhost_authority_context
+
+      s = fd.kind_of?(::TCPServer) ? fd : ::TCPServer.for_fd(fd)
 
-      if fd.kind_of? TCPServer
-        s = fd
-      else
-        s = TCPServer.for_fd(fd)
-      end
       ssl = MiniSSL::Server.new(s, ctx)
 
       env = @proto_env.dup
@@ -321,8 +395,6 @@ module Puma
     # Tell the server to listen on +path+ as a UNIX domain socket.
     #
     def add_unix_listener(path, umask=nil, mode=nil, backlog=1024)
-      @unix_paths << path unless File.exist? path
-
       # Let anyone connect by default
       umask ||= 0
 
@@ -339,8 +411,7 @@ module Puma
             raise "There is already a server bound to: #{path}"
           end
         end
-
-        s = UNIXServer.new(path)
+        s = UNIXServer.new path.sub(/\A@/, "\0") # check for abstract UNIXSocket
         s.listen backlog
         @ios << s
       ensure
@@ -359,13 +430,8 @@ module Puma
     end
 
     def inherit_unix_listener(path, fd)
-      @unix_paths << path unless File.exist? path
+      s = fd.kind_of?(::TCPServer) ? fd : ::UNIXServer.for_fd(fd)
 
-      if fd.kind_of? TCPServer
-        s = fd
-      else
-        s = UNIXServer.for_fd fd
-      end
       @ios << s
 
       env = @proto_env.dup
@@ -376,24 +442,24 @@ module Puma
     end
 
     def close_listeners
-      listeners.each do |l, io|
-        io.close unless io.closed? # Ruby 2.2 issue
-        uri = URI.parse(l)
+      @listeners.each do |l, io|
+        io.close unless io.closed?
+        uri = URI.parse l
         next unless uri.scheme == 'unix'
         unix_path = "#{uri.host}#{uri.path}"
-        File.unlink unix_path if unix_paths.include? unix_path
+        File.unlink unix_path if @unix_paths.include?(unix_path) && File.exist?(unix_path)
       end
     end
 
     def redirects_for_restart
-      redirects = listeners.map { |a| [a[1].to_i, a[1].to_i] }.to_h
+      redirects = @listeners.map { |a| [a[1].to_i, a[1].to_i] }.to_h
       redirects[:close_others] = true
       redirects
     end
 
     # @version 5.0.0
     def redirects_for_restart_env
-      listeners.each_with_object({}).with_index do |(listen, memo), i|
+      @listeners.each_with_object({}).with_index do |(listen, memo), i|
         memo["PUMA_INHERIT_#{i}"] = "#{listen[1].to_i}:#{listen[0]}"
       end
     end
@@ -407,6 +473,15 @@ module Puma
       end.map { |addrinfo| addrinfo.ip_address }.uniq
     end
 
+    def loc_addr_str(io)
+      loc_addr = io.to_io.local_address
+      if loc_addr.ipv6?
+        "[#{loc_addr.ip_unpack[0]}]:#{loc_addr.ip_unpack[1]}"
+      else
+        loc_addr.ip_unpack.join(':')
+      end
+    end
+
     # @version 5.0.0
     def socket_activation_fd(int)
       int + 3 # 3 is the magic number you add to follow the SA protocol

data/lib/puma/cli.rb

@@ -104,10 +104,19 @@ module Puma
             user_config.bind arg
           end
 
+          o.on "--bind-to-activated-sockets [only]", "Bind to all activated sockets" do |arg|
+            user_config.bind_to_activated_sockets(arg || true)
+          end
+
           o.on "-C", "--config PATH", "Load PATH as a config file" do |arg|
             file_config.load arg
           end
 
+          # Identical to supplying --config "-", but more semantic
+          o.on "--no-config", "Prevent Puma from searching for a config file" do |arg|
+            file_config.load "-"
+          end
+
           o.on "--control-url URL", "The bind url to use for the control server. Use 'auto' to use temp unix server" do |arg|
             configure_control_url(arg)
           end

data/lib/puma/client.rb

@@ -56,6 +56,7 @@ module Puma
       @parser = HttpParser.new
       @parsed_bytes = 0
       @read_header = true
+      @read_proxy = false
       @ready = false
 
       @body = nil
@@ -69,7 +70,9 @@ module Puma
       @hijacked = false
 
       @peerip = nil
+      @listener = nil
       @remote_addr_header = nil
+      @expect_proxy_proto = false
 
       @body_remain = 0
 
@@ -81,7 +84,7 @@ module Puma
 
     attr_writer :peerip
 
-    attr_accessor :remote_addr_header
+    attr_accessor :remote_addr_header, :listener
 
     def_delegators :@io, :closed?
 
@@ -105,7 +108,7 @@ module Puma
 
     # @!attribute [r] in_data_phase
     def in_data_phase
-      !@read_header
+      !(@read_header || @read_proxy)
     end
 
     def set_timeout(val)
@@ -120,16 +123,19 @@ module Puma
     def reset(fast_check=true)
       @parser.reset
       @read_header = true
+      @read_proxy = !!@expect_proxy_proto
       @env = @proto_env.dup
       @body = nil
       @tempfile = nil
       @parsed_bytes = 0
       @ready = false
       @body_remain = 0
-      @peerip = nil
+      @peerip = nil if @remote_addr_header
       @in_last_chunk = false
 
       if @buffer
+        return false unless try_to_parse_proxy_protocol
+
         @parsed_bytes = @parser.execute(@env, @buffer, @parsed_bytes)
 
         if @parser.finished?
@@ -142,8 +148,7 @@ module Puma
         return false
       else
         begin
-          if fast_check &&
-              IO.select([@to_io], nil, nil, FAST_TRACK_KA_TIMEOUT)
+          if fast_check && @to_io.wait_readable(FAST_TRACK_KA_TIMEOUT)
             return try_to_finish
           end
         rescue IOError
@@ -157,12 +162,36 @@ module Puma
       begin
         @io.close
       rescue IOError
-        Thread.current.purge_interrupt_queue if Thread.current.respond_to? :purge_interrupt_queue
+        Puma::Util.purge_interrupt_queue
+      end
+    end
+
+    # If necessary, read the PROXY protocol from the buffer. Returns
+    # false if more data is needed.
+    def try_to_parse_proxy_protocol
+      if @read_proxy
+        if @expect_proxy_proto == :v1
+          if @buffer.include? "\r\n"
+            if md = PROXY_PROTOCOL_V1_REGEX.match(@buffer)
+              if md[1]
+                @peerip = md[1].split(" ")[0]
+              end
+              @buffer = md.post_match
+            end
+            # if the buffer has a \r\n but doesn't have a PROXY protocol
+            # request, this is just HTTP from a non-PROXY client; move on
+            @read_proxy = false
+            return @buffer.size > 0
+          else
+            return false
+          end
+        end
       end
+      true
     end
 
     def try_to_finish
-      return read_body unless @read_header
+      return read_body if in_data_phase
 
       begin
         data = @io.read_nonblock(CHUNK_SIZE)
@@ -187,6 +216,8 @@ module Puma
         @buffer = data
       end
 
+      return false unless try_to_parse_proxy_protocol
+
       @parsed_bytes = @parser.execute(@env, @buffer, @parsed_bytes)
 
       if @parser.finished?
@@ -201,13 +232,13 @@ module Puma
 
     def eagerly_finish
       return true if @ready
-      return false unless IO.select([@to_io], nil, nil, 0)
+      return false unless @to_io.wait_readable(0)
       try_to_finish
     end
 
     def finish(timeout)
       return if @ready
-      IO.select([@to_io], nil, nil, timeout) || timeout! until try_to_finish
+      @to_io.wait_readable(timeout) || timeout! until try_to_finish
     end
 
     def timeout!
@@ -239,13 +270,19 @@ module Puma
     # @version 5.0.0
     #
     def can_close?
-      # Allow connection to close if it's received at least one full request
-      # and hasn't received any data for a future request.
-      #
-      # From RFC 2616 section 8.1.4:
-      # Servers SHOULD always respond to at least one request per connection,
-      # if at all possible.
-      @requests_served > 0 && @parsed_bytes == 0
+      # Allow connection to close if we're not in the middle of parsing a request.
+      @parsed_bytes == 0
+    end
+
+    def expect_proxy_proto=(val)
+      if val
+        if @read_header
+          @read_proxy = true
+        end
+      else
+        @read_proxy = false
+      end
+      @expect_proxy_proto = val
     end
 
     private
@@ -300,6 +337,7 @@ module Puma
 
       if remain > MAX_BODY
         @body = Tempfile.new(Const::PUMA_TMP_BASE)
+        @body.unlink
         @body.binmode
         @tempfile = @body
       else
@@ -312,7 +350,7 @@ module Puma
 
       @body_remain = remain
 
-      return false
+      false
     end
 
     def read_body
@@ -379,7 +417,7 @@ module Puma
         end
 
         if decode_chunk(chunk)
-          @env[CONTENT_LENGTH] = @chunked_content_length
+          @env[CONTENT_LENGTH] = @chunked_content_length.to_s
           return true
         end
       end
@@ -391,12 +429,13 @@ module Puma
       @prev_chunk = ""
 
       @body = Tempfile.new(Const::PUMA_TMP_BASE)
+      @body.unlink
       @body.binmode
       @tempfile = @body
       @chunked_content_length = 0
 
       if decode_chunk(body)
-        @env[CONTENT_LENGTH] = @chunked_content_length
+        @env[CONTENT_LENGTH] = @chunked_content_length.to_s
         return true
       end
     end

data/lib/puma/cluster/worker.rb

@@ -33,9 +33,9 @@ module Puma
         Signal.trap "SIGINT", "IGNORE"
         Signal.trap "SIGCHLD", "DEFAULT"
 
-        Thread.new do
+       Thread.new do
           Puma.set_thread_name "worker check pipe"
-          IO.select [@check_pipe]
+          @check_pipe.wait_readable
           log "! Detected parent died, dying"
           exit! 1
         end
@@ -54,7 +54,14 @@ module Puma
         # things in shape before booting the app.
         @launcher.config.run_hooks :before_worker_boot, index, @launcher.events
 
+        begin
         server = @server ||= start_server
+        rescue Exception => e
+          log "! Unable to start worker"
+          log e.backtrace[0]
+          exit 1
+        end
+
         restart_server = Queue.new << true << false
 
         fork_worker = @options[:fork_worker] && index == 0
@@ -99,7 +106,7 @@ module Puma
         begin
           @worker_write << "b#{Process.pid}:#{index}\n"
         rescue SystemCallError, IOError
-          Thread.current.purge_interrupt_queue if Thread.current.respond_to? :purge_interrupt_queue
+          Puma::Util.purge_interrupt_queue
           STDERR.puts "Master seems to have exited, exiting."
           return
         end
@@ -108,13 +115,19 @@ module Puma
           server_thread = server.run
           stat_thread ||= Thread.new(@worker_write) do |io|
             Puma.set_thread_name "stat payload"
+            base_payload = "p#{Process.pid}"
 
             while true
               begin
-                require 'json'
-                io << "p#{Process.pid}#{server.stats.to_json}\n"
+                b = server.backlog || 0
+                r = server.running || 0
+                t = server.pool_capacity || 0
+                m = server.max_threads || 0
+                rc = server.requests_count || 0
+                payload = %Q!#{base_payload}{ "backlog":#{b}, "running":#{r}, "pool_capacity":#{t}, "max_threads": #{m}, "requests_count": #{rc} }\n!
+                io << payload
               rescue IOError
-                Thread.current.purge_interrupt_queue if Thread.current.respond_to? :purge_interrupt_queue
+                Puma::Util.purge_interrupt_queue
                 break
               end
               sleep Const::WORKER_CHECK_INTERVAL
@@ -155,16 +168,6 @@ module Puma
         @launcher.config.run_hooks :after_worker_fork, idx, @launcher.events
         pid
       end
-
-      def wakeup!
-        return unless @wakeup
-
-        begin
-          @wakeup.write "!" unless @wakeup.closed?
-        rescue SystemCallError, IOError
-          Thread.current.purge_interrupt_queue if Thread.current.respond_to? :purge_interrupt_queue
-        end
-      end
     end
   end
 end

data/lib/puma/cluster/worker_handle.rb

@@ -31,6 +31,10 @@ module Puma
         @stage == :booted
       end
 
+      def uptime
+        Time.now - started_at
+      end
+
       def boot!
         @last_checkin = Time.now
         @stage = :booted
@@ -42,8 +46,11 @@ module Puma
 
       def ping!(status)
         @last_checkin = Time.now
-        require 'json'
-        @last_status = JSON.parse(status, symbolize_names: true)
+        captures = status.match(/{ "backlog":(?<backlog>\d*), "running":(?<running>\d*), "pool_capacity":(?<pool_capacity>\d*), "max_threads": (?<max_threads>\d*), "requests_count": (?<requests_count>\d*) }/)
+        @last_status = captures.names.inject({}) do |hash, key|
+          hash[key.to_sym] = captures[key].to_i
+          hash
+        end
       end
 
       # @see Puma::Cluster#check_workers