puma 6.0.0 → 6.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (85) hide show
  1. checksums.yaml +4 -4
  2. data/History.md +392 -13
  3. data/LICENSE +0 -0
  4. data/README.md +135 -29
  5. data/bin/puma-wild +0 -0
  6. data/docs/architecture.md +0 -0
  7. data/docs/compile_options.md +0 -0
  8. data/docs/deployment.md +0 -0
  9. data/docs/fork_worker.md +11 -1
  10. data/docs/images/puma-connection-flow-no-reactor.png +0 -0
  11. data/docs/images/puma-connection-flow.png +0 -0
  12. data/docs/images/puma-general-arch.png +0 -0
  13. data/docs/java_options.md +54 -0
  14. data/docs/jungle/README.md +0 -0
  15. data/docs/jungle/rc.d/README.md +0 -0
  16. data/docs/jungle/rc.d/puma.conf +0 -0
  17. data/docs/kubernetes.md +12 -0
  18. data/docs/nginx.md +1 -1
  19. data/docs/plugins.md +4 -0
  20. data/docs/rails_dev_mode.md +0 -0
  21. data/docs/restart.md +1 -0
  22. data/docs/signals.md +2 -2
  23. data/docs/stats.md +8 -3
  24. data/docs/systemd.md +13 -7
  25. data/docs/testing_benchmarks_local_files.md +0 -0
  26. data/docs/testing_test_rackup_ci_files.md +0 -0
  27. data/ext/puma_http11/PumaHttp11Service.java +0 -0
  28. data/ext/puma_http11/ext_help.h +0 -0
  29. data/ext/puma_http11/extconf.rb +21 -14
  30. data/ext/puma_http11/http11_parser.c +0 -0
  31. data/ext/puma_http11/http11_parser.h +0 -0
  32. data/ext/puma_http11/http11_parser.java.rl +0 -0
  33. data/ext/puma_http11/http11_parser.rl +0 -0
  34. data/ext/puma_http11/http11_parser_common.rl +0 -0
  35. data/ext/puma_http11/mini_ssl.c +107 -10
  36. data/ext/puma_http11/no_ssl/PumaHttp11Service.java +0 -0
  37. data/ext/puma_http11/org/jruby/puma/Http11.java +30 -7
  38. data/ext/puma_http11/org/jruby/puma/Http11Parser.java +0 -0
  39. data/ext/puma_http11/org/jruby/puma/MiniSSL.java +2 -1
  40. data/ext/puma_http11/puma_http11.c +4 -1
  41. data/lib/puma/app/status.rb +1 -1
  42. data/lib/puma/binder.rb +26 -15
  43. data/lib/puma/cli.rb +13 -5
  44. data/lib/puma/client.rb +113 -26
  45. data/lib/puma/cluster/worker.rb +14 -6
  46. data/lib/puma/cluster/worker_handle.rb +4 -5
  47. data/lib/puma/cluster.rb +93 -22
  48. data/lib/puma/commonlogger.rb +21 -14
  49. data/lib/puma/configuration.rb +42 -22
  50. data/lib/puma/const.rb +149 -89
  51. data/lib/puma/control_cli.rb +16 -9
  52. data/lib/puma/detect.rb +5 -4
  53. data/lib/puma/dsl.rb +432 -40
  54. data/lib/puma/error_logger.rb +6 -5
  55. data/lib/puma/events.rb +0 -0
  56. data/lib/puma/io_buffer.rb +10 -0
  57. data/lib/puma/jruby_restart.rb +0 -16
  58. data/lib/puma/json_serialization.rb +0 -0
  59. data/lib/puma/launcher/bundle_pruner.rb +0 -0
  60. data/lib/puma/launcher.rb +29 -29
  61. data/lib/puma/log_writer.rb +23 -13
  62. data/lib/puma/minissl/context_builder.rb +4 -0
  63. data/lib/puma/minissl.rb +23 -0
  64. data/lib/puma/null_io.rb +42 -2
  65. data/lib/puma/plugin/systemd.rb +90 -0
  66. data/lib/puma/plugin/tmp_restart.rb +0 -0
  67. data/lib/puma/plugin.rb +0 -0
  68. data/lib/puma/rack/builder.rb +2 -2
  69. data/lib/puma/rack/urlmap.rb +1 -1
  70. data/lib/puma/rack_default.rb +18 -3
  71. data/lib/puma/reactor.rb +17 -8
  72. data/lib/puma/request.rb +207 -126
  73. data/lib/puma/runner.rb +26 -4
  74. data/lib/puma/sd_notify.rb +146 -0
  75. data/lib/puma/server.rb +121 -49
  76. data/lib/puma/single.rb +3 -1
  77. data/lib/puma/state_file.rb +2 -2
  78. data/lib/puma/thread_pool.rb +56 -9
  79. data/lib/puma/util.rb +1 -1
  80. data/lib/puma.rb +1 -3
  81. data/lib/rack/handler/puma.rb +116 -86
  82. data/tools/Dockerfile +2 -2
  83. data/tools/trickletest.rb +0 -0
  84. metadata +12 -13
  85. data/lib/puma/systemd.rb +0 -47
data/README.md CHANGED
@@ -12,11 +12,15 @@ Puma is a **simple, fast, multi-threaded, and highly parallel HTTP 1.1 server fo
12
12
 
13
13
  ## Built For Speed & Parallelism
14
14
 
15
- Puma processes requests using a C-optimized Ragel extension (inherited from Mongrel) that provides fast, accurate HTTP 1.1 protocol parsing in a portable way. Puma then serves the request using a thread pool. Each request is served in a separate thread, so truly parallel Ruby implementations (JRuby, Rubinius) will use all available CPU cores.
15
+ Puma is a server for [Rack](https://github.com/rack/rack)-powered HTTP applications written in Ruby. It is:
16
+ * **Multi-threaded**. Each request is served in a separate thread. This helps you serve more requests per second with less memory use.
17
+ * **Multi-process**. "Pre-forks" in cluster mode, using less memory per-process thanks to copy-on-write memory.
18
+ * **Standalone**. With SSL support, zero-downtime rolling restarts and a built-in request bufferer, you can deploy Puma without any reverse proxy.
19
+ * **Battle-tested**. Our HTTP parser is inherited from Mongrel and has over 15 years of production use. Puma is currently the most popular Ruby webserver, and is the default server for Ruby on Rails.
16
20
 
17
21
  Originally designed as a server for [Rubinius](https://github.com/rubinius/rubinius), Puma also works well with Ruby (MRI) and JRuby.
18
22
 
19
- On MRI, there is a Global VM Lock (GVL) that ensures only one thread can run Ruby code at a time. But if you're doing a lot of blocking IO (such as HTTP calls to external APIs like Twitter), Puma still improves MRI's throughput by allowing IO waiting to be done in parallel.
23
+ On MRI, there is a Global VM Lock (GVL) that ensures only one thread can run Ruby code at a time. But if you're doing a lot of blocking IO (such as HTTP calls to external APIs like Twitter), Puma still improves MRI's throughput by allowing IO waiting to be done in parallel. Truly parallel Ruby implementations (TruffleRuby, JRuby) don't have this limitation.
20
24
 
21
25
  ## Quick Start
22
26
 
@@ -114,6 +118,10 @@ $ WEB_CONCURRENCY=3 puma -t 8:32
114
118
 
115
119
  Note that threads are still used in clustered mode, and the `-t` thread flag setting is per worker, so `-w 2 -t 16:16` will spawn 32 threads in total, with 16 in each worker process.
116
120
 
121
+ If the `WEB_CONCURRENCY` environment variable is set to `"auto"` and the `concurrent-ruby` gem is available in your application, Puma will set the worker process count to the result of [available processors](https://ruby-concurrency.github.io/concurrent-ruby/master/Concurrent.html#available_processor_count-class_method).
122
+
123
+ For an in-depth discussion of the tradeoffs of thread and process count settings, [see our docs](https://github.com/puma/puma/blob/9282a8efa5a0c48e39c60d22ca70051a25df9f55/docs/kubernetes.md#workers-per-pod-and-other-config-issues).
124
+
117
125
  In clustered mode, Puma can "preload" your application. This loads all the application code *prior* to forking. Preloading reduces total memory usage of your application via an operating system feature called [copy-on-write](https://en.wikipedia.org/wiki/Copy-on-write).
118
126
 
119
127
  If the `WEB_CONCURRENCY` environment variable is set to a value > 1 (and `--prune-bundler` has not been specified), preloading will be enabled by default. Otherwise, you can use the `--preload` flag from the command line:
@@ -132,42 +140,101 @@ preload_app!
132
140
 
133
141
  Preloading can’t be used with phased restart, since phased restart kills and restarts workers one-by-one, and preloading copies the code of master into the workers.
134
142
 
135
- When using clustered mode, you can specify a block in your configuration file that will be run on boot of each worker:
143
+ #### Clustered mode hooks
144
+
145
+ When using clustered mode, Puma's configuration DSL provides `before_fork` and `on_worker_boot`
146
+ hooks to run code when the master process forks and child workers are booted respectively.
147
+
148
+ It is recommended to use these hooks with `preload_app!`, otherwise constants loaded by your
149
+ application (such as `Rails`) will not be available inside the hooks.
136
150
 
137
151
  ```ruby
138
152
  # config/puma.rb
153
+ before_fork do
154
+ # Add code to run inside the Puma master process before it forks a worker child.
155
+ end
156
+
139
157
  on_worker_boot do
140
- # configuration here
158
+ # Add code to run inside the Puma worker process after forking.
141
159
  end
142
160
  ```
143
161
 
144
- This code can be used to setup the process before booting the application, allowing
145
- you to do some Puma-specific things that you don't want to embed in your application.
146
- For instance, you could fire a log notification that a worker booted or send something to statsd. This can be called multiple times.
162
+ In addition, there is an `on_refork` and `after_refork` hooks which are used only in [`fork_worker` mode](docs/fork_worker.md),
163
+ when the worker 0 child process forks a grandchild worker:
147
164
 
148
- Constants loaded by your application (such as `Rails`) will not be available in `on_worker_boot`
149
- unless preloading is enabled.
165
+ ```ruby
166
+ on_refork do
167
+ # Used only when fork_worker mode is enabled. Add code to run inside the Puma worker 0
168
+ # child process before it forks a grandchild worker.
169
+ end
170
+ ```
171
+
172
+ ```ruby
173
+ after_refork do
174
+ # Used only when fork_worker mode is enabled. Add code to run inside the Puma worker 0
175
+ # child process after it forks a grandchild worker.
176
+ end
177
+ ```
150
178
 
151
- You can also specify a block to be run before workers are forked, using `before_fork`:
179
+ Importantly, note the following considerations when Ruby forks a child process:
180
+
181
+ 1. File descriptors such as network sockets **are** copied from the parent to the forked
182
+ child process. Dual-use of the same sockets by parent and child will result in I/O conflicts
183
+ such as `SocketError`, `Errno::EPIPE`, and `EOFError`.
184
+ 2. Background Ruby threads, including threads used by various third-party gems for connection
185
+ monitoring, etc., are **not** copied to the child process. Often this does not cause
186
+ immediate problems until a third-party connection goes down, at which point there will
187
+ be no supervisor to reconnect it.
188
+
189
+ Therefore, we recommend the following:
190
+
191
+ 1. If possible, do not establish any socket connections (HTTP, database connections, etc.)
192
+ inside Puma's master process when booting.
193
+ 2. If (1) is not possible, use `before_fork` and `on_refork` to disconnect the parent's socket
194
+ connections when forking, so that they are not accidentally copied to the child process.
195
+ 3. Use `on_worker_boot` to restart any background threads on the forked child.
196
+ 4. Use `after_refork` to restart any background threads on the parent.
197
+
198
+ #### Master process lifecycle hooks
199
+
200
+ Puma's configuration DSL provides master process lifecycle hooks `on_booted`, `on_restart`, and `on_stopped`
201
+ which may be used to specify code blocks to run on each event:
152
202
 
153
203
  ```ruby
154
204
  # config/puma.rb
155
- before_fork do
156
- # configuration here
205
+ on_booted do
206
+ # Add code to run in the Puma master process after it boots,
207
+ # and also after a phased restart completes.
208
+ end
209
+
210
+ on_restart do
211
+ # Add code to run in the Puma master process when it receives
212
+ # a restart command but before it restarts.
213
+ end
214
+
215
+ on_stopped do
216
+ # Add code to run in the Puma master process when it receives
217
+ # a stop command but before it shuts down.
157
218
  end
158
219
  ```
159
220
 
160
221
  ### Error handling
161
222
 
162
- If puma encounters an error outside of the context of your application, it will respond with a 500 and a simple
223
+ If Puma encounters an error outside of the context of your application, it will respond with a 400/500 and a simple
163
224
  textual error message (see `Puma::Server#lowlevel_error` or [server.rb](https://github.com/puma/puma/blob/master/lib/puma/server.rb)).
164
225
  You can specify custom behavior for this scenario. For example, you can report the error to your third-party
165
226
  error-tracking service (in this example, [rollbar](https://rollbar.com)):
166
227
 
167
228
  ```ruby
168
- lowlevel_error_handler do |e|
169
- Rollbar.critical(e)
170
- [500, {}, ["An error has occurred, and engineers have been informed. Please reload the page. If you continue to have problems, contact support@example.com\n"]]
229
+ lowlevel_error_handler do |e, env, status|
230
+ if status == 400
231
+ message = "The server could not process the request due to an error, such as an incorrectly typed URL, malformed syntax, or a URL that contains illegal characters.\n"
232
+ else
233
+ message = "An error has occurred, and engineers have been informed. Please reload the page. If you continue to have problems, contact support@example.com\n"
234
+ Rollbar.critical(e)
235
+ end
236
+
237
+ [status, {}, [message]]
171
238
  end
172
239
  ```
173
240
 
@@ -202,36 +269,39 @@ Puma supports the [`localhost`] gem for self-signed certificates. This is partic
202
269
 
203
270
  Puma automatically configures SSL when the [`localhost`] gem is loaded in a `development` environment:
204
271
 
272
+ Add the gem to your Gemfile:
205
273
  ```ruby
206
- # Add the gem to your Gemfile
207
274
  group(:development) do
208
275
  gem 'localhost'
209
276
  end
277
+ ```
210
278
 
211
- # And require it implicitly using bundler
279
+ And require it implicitly using bundler:
280
+ ```ruby
212
281
  require "bundler"
213
282
  Bundler.require(:default, ENV["RACK_ENV"].to_sym)
283
+ ```
214
284
 
215
- # Alternatively, you can require the gem in config.ru:
216
- require './app'
285
+ Alternatively, you can require the gem in your configuration file, either `config/puma/development.rb`, `config/puma.rb`, or set via the `-C` cli option:
286
+ ```ruby
217
287
  require 'localhost'
218
- run Sinatra::Application
288
+ # configuration methods (from Puma::DSL) as needed
219
289
  ```
220
290
 
221
291
  Additionally, Puma must be listening to an SSL socket:
222
292
 
223
293
  ```shell
224
- $ puma -b 'ssl://localhost:9292' config.ru
294
+ $ puma -b 'ssl://localhost:9292' -C config/use_local_host.rb
225
295
 
226
296
  # The following options allow you to reach Puma over HTTP as well:
227
- $ puma -b ssl://localhost:9292 -b tcp://localhost:9393 config.ru
297
+ $ puma -b ssl://localhost:9292 -b tcp://localhost:9393 -C config/use_local_host.rb
228
298
  ```
229
299
 
230
300
  [`localhost`]: https://github.com/socketry/localhost
231
301
 
232
302
  #### Controlling SSL Cipher Suites
233
303
 
234
- To use or avoid specific SSL cipher suites, use `ssl_cipher_filter` or `ssl_cipher_list` options.
304
+ To use or avoid specific SSL ciphers for TLSv1.2 and below, use `ssl_cipher_filter` or `ssl_cipher_list` options.
235
305
 
236
306
  ##### Ruby:
237
307
 
@@ -245,6 +315,14 @@ $ puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert&ssl_cipher_fil
245
315
  $ puma -b 'ssl://127.0.0.1:9292?keystore=path_to_keystore&keystore-pass=keystore_password&ssl_cipher_list=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA'
246
316
  ```
247
317
 
318
+ To configure the available TLSv1.3 ciphersuites, use `ssl_ciphersuites` option (not available for JRuby).
319
+
320
+ ##### Ruby:
321
+
322
+ ```
323
+ $ puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert&ssl_ciphersuites=TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256'
324
+ ```
325
+
248
326
  See https://www.openssl.org/docs/man1.1.1/man1/ciphers.html for cipher filter format and full list of cipher suites.
249
327
 
250
328
  Disable TLS v1 with the `no_tlsv1` option:
@@ -261,7 +339,7 @@ To enable verification flags offered by OpenSSL, use `verification_flags` (not a
261
339
  $ puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert&verification_flags=PARTIAL_CHAIN'
262
340
  ```
263
341
 
264
- You can also set multiple verification flags (by separating them with coma):
342
+ You can also set multiple verification flags (by separating them with a comma):
265
343
 
266
344
  ```
267
345
  $ puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert&verification_flags=PARTIAL_CHAIN,CRL_CHECK'
@@ -270,6 +348,30 @@ $ puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert&verification_f
270
348
  List of available flags: `USE_CHECK_TIME`, `CRL_CHECK`, `CRL_CHECK_ALL`, `IGNORE_CRITICAL`, `X509_STRICT`, `ALLOW_PROXY_CERTS`, `POLICY_CHECK`, `EXPLICIT_POLICY`, `INHIBIT_ANY`, `INHIBIT_MAP`, `NOTIFY_POLICY`, `EXTENDED_CRL_SUPPORT`, `USE_DELTAS`, `CHECK_SS_SIGNATURE`, `TRUSTED_FIRST`, `SUITEB_128_LOS_ONLY`, `SUITEB_192_LOS`, `SUITEB_128_LOS`, `PARTIAL_CHAIN`, `NO_ALT_CHAINS`, `NO_CHECK_TIME`
271
349
  (see https://www.openssl.org/docs/manmaster/man3/X509_VERIFY_PARAM_set_hostflags.html#VERIFICATION-FLAGS).
272
350
 
351
+ #### Controlling OpenSSL Password Decryption
352
+
353
+ To enable runtime decryption of an encrypted SSL key (not available for JRuby), use `key_password_command`:
354
+
355
+ ```
356
+ $ puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert&key_password_command=/path/to/command.sh'
357
+ ```
358
+
359
+ `key_password_command` must:
360
+
361
+ 1. Be executable by Puma.
362
+ 2. Print the decryption password to stdout.
363
+
364
+ For example:
365
+
366
+ ```shell
367
+ #!/bin/sh
368
+
369
+ echo "this is my password"
370
+ ```
371
+
372
+ `key_password_command` can be used with `key` or `key_pem`. If the key
373
+ is not encrypted, the executable will not be called.
374
+
273
375
  ### Control/Status Server
274
376
 
275
377
  Puma has a built-in status and control app that can be used to query and control Puma.
@@ -345,11 +447,13 @@ end
345
447
 
346
448
  ## Deployment
347
449
 
348
- Puma has support for Capistrano with an [external gem](https://github.com/seuros/capistrano-puma).
450
+ * Puma has support for Capistrano with an [external gem](https://github.com/seuros/capistrano-puma).
451
+
452
+ * Additionally, Puma has support for built-in daemonization via the [puma-daemon](https://github.com/kigster/puma-daemon) ruby gem. The gem restores the `daemonize` option that was removed from Puma starting version 5, but only for MRI Ruby.
453
+
349
454
 
350
455
  It is common to use process monitors with Puma. Modern process monitors like systemd or rc.d
351
- provide continuous monitoring and restarts for increased
352
- reliability in production environments:
456
+ provide continuous monitoring and restarts for increased reliability in production environments:
353
457
 
354
458
  * [rc.d](docs/jungle/rc.d/README.md)
355
459
  * [systemd](docs/systemd.md)
@@ -364,7 +468,9 @@ Community guides:
364
468
 
365
469
  * [puma-metrics](https://github.com/harmjanblok/puma-metrics) — export Puma metrics to Prometheus
366
470
  * [puma-plugin-statsd](https://github.com/yob/puma-plugin-statsd) — send Puma metrics to statsd
367
- * [puma-plugin-systemd](https://github.com/sj26/puma-plugin-systemd) — deeper integration with systemd for notify, status and watchdog
471
+ * [puma-plugin-systemd](https://github.com/sj26/puma-plugin-systemd) — deeper integration with systemd for notify, status and watchdog. Puma 5.1.0 integrated notify and watchdog, which probably conflicts with this plugin. Puma 6.1.0 added status support which obsoletes the plugin entirely.
472
+ * [puma-plugin-telemetry](https://github.com/babbel/puma-plugin-telemetry) - telemetry plugin for Puma offering various targets to publish
473
+ * [puma-acme](https://github.com/anchordotdev/puma-acme) - automatic SSL/HTTPS certificate provisioning and setup
368
474
 
369
475
  ### Monitoring
370
476
 
data/bin/puma-wild CHANGED
File without changes
data/docs/architecture.md CHANGED
File without changes
File without changes
data/docs/deployment.md CHANGED
File without changes
data/docs/fork_worker.md CHANGED
@@ -22,10 +22,20 @@ The `fork_worker` option allows your application to be initialized only once for
22
22
 
23
23
  You can trigger a refork by sending the cluster the `SIGURG` signal or running the `pumactl refork` command at any time. A refork will also automatically trigger once, after a certain number of requests have been processed by worker 0 (default 1000). To configure the number of requests before the auto-refork, pass a positive integer argument to `fork_worker` (e.g., `fork_worker 1000`), or `0` to disable.
24
24
 
25
+ ### Usage Considerations
26
+
27
+ - `fork_worker` introduces new `on_refork` and `after_refork` configuration hooks. Note the following:
28
+ - When initially forking the parent process to the worker 0 child, `before_fork` will trigger on the parent process and `on_worker_boot` will trigger on the worker 0 child as normal.
29
+ - When forking the worker 0 child to grandchild workers, `on_refork` and `after_refork` will trigger on the worker 0 child, and `on_worker_boot` will trigger on each grandchild worker.
30
+ - For clarity, `before_fork` does not trigger on worker 0, and `after_refork` does not trigger on the grandchild.
31
+ - As a general migration guide:
32
+ - Copy any logic within your existing `before_fork` hook to the `on_refork` hook.
33
+ - Consider to copy logic from your `on_worker_boot` hook to the `after_refork` hook, if it is needed to reset the state of worker 0 after it forks.
34
+
25
35
  ### Limitations
26
36
 
27
37
  - This mode is still very experimental so there may be bugs or edge-cases, particularly around expected behavior of existing hooks. Please open a [bug report](https://github.com/puma/puma/issues/new?template=bug_report.md) if you encounter any issues.
28
38
 
29
39
  - In order to fork new workers cleanly, worker 0 shuts down its server and stops serving requests so there are no open file descriptors or other kinds of shared global state between processes, and to maximize copy-on-write efficiency across the newly-forked workers. This may temporarily reduce total capacity of the cluster during a phased restart / refork.
30
40
 
31
- In a cluster with `n` workers, a normal phased restart stops and restarts workers one by one while the application is loaded in each process, so `n-1` workers are available serving requests during the restart. In a phased restart in fork-worker mode, the application is first loaded in worker 0 while `n-1` workers are available, then worker 0 remains stopped while the rest of the workers are reloaded one by one, leaving only `n-2` workers to be available for a brief period of time. Reloading the rest of the workers should be quick because the application is preloaded at that point, but there may be situations where it can take longer (slow clients, long-running application code, slow worker-fork hooks, etc).
41
+ - In a cluster with `n` workers, a normal phased restart stops and restarts workers one by one while the application is loaded in each process, so `n-1` workers are available serving requests during the restart. In a phased restart in fork-worker mode, the application is first loaded in worker 0 while `n-1` workers are available, then worker 0 remains stopped while the rest of the workers are reloaded one by one, leaving only `n-2` workers to be available for a brief period of time. Reloading the rest of the workers should be quick because the application is preloaded at that point, but there may be situations where it can take longer (slow clients, long-running application code, slow worker-fork hooks, etc).
File without changes
File without changes
File without changes
@@ -0,0 +1,54 @@
1
+ # Java Options
2
+
3
+ `System Properties` or `Environment Variables` can be used to change Puma's
4
+ default configuration for its Java extension. The provided values are evaluated
5
+ during initialization, and changes while running the app have no effect.
6
+ Moreover, default values may be used in case of invalid inputs.
7
+
8
+ ## Supported Options
9
+
10
+ | ENV Name | Default Value | Validation |
11
+ |------------------------------|:-------------:|:------------------------:|
12
+ | PUMA_QUERY_STRING_MAX_LENGTH | 1024 * 10 | Positive natural number |
13
+ | PUMA_REQUEST_PATH_MAX_LENGTH | 8192 | Positive natural number |
14
+ | PUMA_REQUEST_URI_MAX_LENGTH | 1024 * 12 | Positive natural number |
15
+ | PUMA_SKIP_SIGUSR2 | nil | n/a |
16
+
17
+ ## Examples
18
+
19
+ ### Invalid inputs
20
+
21
+ An empty string will be handled as missing, and the default value will be used instead.
22
+ Puma will print an error message for other invalid values.
23
+
24
+ ```
25
+ foo@bar:~/puma$ PUMA_QUERY_STRING_MAX_LENGTH=abc PUMA_REQUEST_PATH_MAX_LENGTH='' PUMA_REQUEST_URI_MAX_LENGTH=0 bundle exec bin/puma test/rackup/hello.ru
26
+
27
+ The value 0 for PUMA_REQUEST_URI_MAX_LENGTH is invalid. Using default value 12288 instead.
28
+ The value abc for PUMA_QUERY_STRING_MAX_LENGTH is invalid. Using default value 10240 instead.
29
+ Puma starting in single mode...
30
+ ```
31
+
32
+ ### Valid inputs
33
+
34
+ ```
35
+ foo@bar:~/puma$ PUMA_REQUEST_PATH_MAX_LENGTH=9 bundle exec bin/puma test/rackup/hello.ru
36
+
37
+ Puma starting in single mode...
38
+ ```
39
+ ```
40
+ foo@bar:~ export path=/123456789 # 10 chars
41
+ foo@bar:~ curl "http://localhost:9292${path}"
42
+
43
+ Puma caught this error: HTTP element REQUEST_PATH is longer than the 9 allowed length. (Puma::HttpParserError)
44
+
45
+ foo@bar:~ export path=/12345678 # 9 chars
46
+ foo@bar:~ curl "http://localhost:9292${path}"
47
+ Hello World
48
+ ```
49
+
50
+ ### Java Flight Recorder Compatibility
51
+
52
+ Unfortunately Java Flight Recorder uses `SIGUSR2` internally. If you wish to
53
+ use JFR, turn off Puma's trapping of `SIGUSR2` by setting the environment variable
54
+ `PUMA_SKIP_SIGUSR2` to any value.
File without changes
File without changes
File without changes
data/docs/kubernetes.md CHANGED
@@ -64,3 +64,15 @@ There is a subtle race condition between step 2 and 3: The replication controlle
64
64
  The way Kubernetes works this way, rather than handling step 2 synchronously, is due to the CAP theorem: in a distributed system there is no way to guarantee that any message will arrive promptly. In particular, waiting for all Service controllers to report back might get stuck for an indefinite time if one of them has already been terminated or if there has been a net split. A way to work around this is to add a sleep to the pre-stop hook of the same time as the `terminationGracePeriodSeconds` time. This will allow the Puma process to keep serving new requests during the entire grace period, although it will no longer receive new requests after all Service controllers have propagated the removal of the pod from their endpoint lists. Then, after `terminationGracePeriodSeconds`, the pod receives `SIGKILL` and closes down. If your process can't handle SIGKILL properly, for example because it needs to release locks in different services, you can also sleep for a shorter period (and/or increase `terminationGracePeriodSeconds`) as long as the time slept is longer than the time that your Service controllers take to propagate the pod removal. The downside of this workaround is that all pods will take at minimum the amount of time slept to shut down and this will increase the time required for your rolling deploy.
65
65
 
66
66
  More discussions and links to relevant articles can be found in https://github.com/puma/puma/issues/2343.
67
+
68
+ ## Workers Per Pod, and Other Config Issues
69
+
70
+ With containerization, you will have to make a decision about how "big" to make each pod. Should you run 2 pods with 50 workers each? 25 pods, each with 4 workers? 100 pods, with each Puma running in single mode? Each scenario represents the same total amount of capacity (100 Puma processes that can respond to requests), but there are tradeoffs to make.
71
+
72
+ * Worker counts should be somewhere between 4 and 32 in most cases. You want more than 4 in order to minimize time spent in request queueing for a free Puma worker, but probably less than ~32 because otherwise autoscaling is working in too large of an increment or they probably won't fit very well into your nodes. In any queueing system, queue time is proportional to 1/n, where n is the number of things pulling from the queue. Each pod will have its own request queue (i.e., the socket backlog). If you have 4 pods with 1 worker each (4 request queues), wait times are, proportionally, about 4 times higher than if you had 1 pod with 4 workers (1 request queue).
73
+ * Unless you have a very I/O-heavy application (50%+ time spent waiting on IO), use the default thread count (5 for MRI). Using higher numbers of threads with low I/O wait (<50%) will lead to additional request queueing time (latency!) and additional memory usage.
74
+ * More processes per pod reduces memory usage per process, because of copy-on-write memory and because the cost of the single master process is "amortized" over more child processes.
75
+ * Don't run less than 4 processes per pod if you can. Low numbers of processes per pod will lead to high request queueing, which means you will have to run more pods.
76
+ * If multithreaded, allocate 1 CPU per worker. If single threaded, allocate 0.75 cpus per worker. Most web applications spend about 25% of their time in I/O - but when you're running multi-threaded, your Puma process will have higher CPU usage and should be able to fully saturate a CPU core.
77
+ * Most Puma processes will use about ~512MB-1GB per worker, and about 1GB for the master process. However, you probably shouldn't bother with setting memory limits lower than around 2GB per process, because most places you are deploying will have 2GB of RAM per CPU. A sensible memory limit for a Puma configuration of 4 child workers might be something like 8 GB (1 GB for the master, 7GB for the 4 children).
78
+
data/docs/nginx.md CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  This is a very common setup using an upstream. It was adapted from some Capistrano recipe I found on the Internet a while ago.
4
4
 
5
- ```
5
+ ```nginx
6
6
  upstream myapp {
7
7
  server unix:///myapp/tmp/puma.sock;
8
8
  }
data/docs/plugins.md CHANGED
@@ -36,3 +36,7 @@ object that is useful for additional configuration.
36
36
 
37
37
  Public methods in [`Puma::Plugin`](../lib/puma/plugin.rb) are treated as a
38
38
  public API for plugins.
39
+
40
+ ## Binder hooks
41
+
42
+ There's `Puma::Binder#before_parse` method that allows to add proc to run before the body of `Puma::Binder#parse`. Example of usage can be found in [that repository](https://github.com/anchordotdev/puma-acme/blob/v0.1.3/lib/puma/acme/plugin.rb#L97-L118) (`before_parse_hook` could be renamed `before_parse`, making monkey patching of [binder.rb](https://github.com/anchordotdev/puma-acme/blob/v0.1.3/lib/puma/acme/binder.rb) is unnecessary).
File without changes
data/docs/restart.md CHANGED
@@ -27,6 +27,7 @@ Any of the following will cause a Puma server to perform a hot restart:
27
27
 
28
28
  ### Additional notes
29
29
 
30
+ * The newly started Puma process changes its current working directory to the directory specified by the `directory` option. If `directory` is set to symlink, this is automatically re-evaluated, so this mechanism can be used to upgrade the application.
30
31
  * Only one version of the application is running at a time.
31
32
  * `on_restart` is invoked just before the server shuts down. This can be used to clean up resources (like long-lived database connections) gracefully. Since Ruby 2.0, it is not typically necessary to explicitly close file descriptors on restart. This is because any file descriptor opened by Ruby will have the `FD_CLOEXEC` flag set, meaning that file descriptors are closed on `exec`. `on_restart` is useful, though, if your application needs to perform any more graceful protocol-specific shutdown procedures before closing connections.
32
33
 
data/docs/signals.md CHANGED
@@ -17,13 +17,13 @@ $ ps aux | grep tail
17
17
  schneems 87152 0.0 0.0 2432772 492 s032 S+ 12:46PM 0:00.00 tail -f my.log
18
18
  ```
19
19
 
20
- You can send a signal in Ruby using the [Process module](https://www.ruby-doc.org/core-2.1.1/Process.html#kill-method):
20
+ You can send a signal in Ruby using the [Process module](https://ruby-doc.org/3.2.2/Process.html#method-c-kill):
21
21
 
22
22
  ```
23
23
  $ irb
24
24
  > puts pid
25
25
  => 87152
26
- Process.detach(pid) # https://ruby-doc.org/core-2.1.1/Process.html#method-c-detach
26
+ Process.detach(pid) # https://ruby-doc.org/3.2.2/Process.html#method-c-detach
27
27
  Process.kill("TERM", pid)
28
28
  ```
29
29
 
data/docs/stats.md CHANGED
@@ -55,9 +55,14 @@ end
55
55
 
56
56
  When Puma runs in single mode, these stats are available at the top level. When Puma runs in cluster mode, these stats are available within the `worker_status` array in a hash labeled `last_status`, in an array of hashes where one hash represents each worker.
57
57
 
58
- * backlog: requests that are waiting for an available thread to be available. if this is above 0, you need more capacity [always true?]
59
- * running: how many threads are running
60
- * pool_capacity: the number of requests that the server is capable of taking right now. For example, if the number is 5, then it means there are 5 threads sitting idle ready to take a request. If one request comes in, then the value would be 4 until it finishes processing. If the minimum threads allowed is zero, this number will still have a maximum value of the maximum threads allowed.
58
+ * backlog: requests that are waiting for an available thread to be available. if this is frequently above 0, you need more capacity.
59
+ * running: how many threads are spawned. A spawned thread may be busy processing a request or waiting for a new request. If `min_threads` and `max_threads` are set to the same number,
60
+ this will be a never-changing number (other than rare cases when a thread dies, etc).
61
+ * busy_threads: `running` - `how many threads are waiting to receive work` + `how many requests are waiting for a thread to pick them up`.
62
+ this is a "wholistic" stat reflecting the overall current state of work to be done and the capacity to do it.
63
+ * pool_capacity: `how many threads are waiting to receive work` + `max_threads` - `running`. In a typical configuration where `min_threads`
64
+ and `max_threads` are configured to the same number, this is simply `how many threads are waiting to receive work`. This number exists only as a stat
65
+ and is not used for any internal decisions, unlike `busy_theads`, which is usually a more useful stat.
61
66
  * max_threads: the maximum number of threads Puma is configured to spool per worker
62
67
  * requests_count: the number of requests this worker has served since starting
63
68
 
data/docs/systemd.md CHANGED
@@ -24,8 +24,7 @@ After=network.target
24
24
 
25
25
  [Service]
26
26
  # Puma supports systemd's `Type=notify` and watchdog service
27
- # monitoring, if the [sd_notify](https://github.com/agis/ruby-sdnotify) gem is installed,
28
- # as of Puma 5.1 or later.
27
+ # monitoring, as of Puma 5.1 or later.
29
28
  # On earlier versions of Puma or JRuby, change this to `Type=simple` and remove
30
29
  # the `WatchdogSec` line.
31
30
  Type=notify
@@ -52,7 +51,7 @@ ExecStart=/<FULLPATH>/bin/puma -C <YOUR_APP_PATH>/puma.rb
52
51
  # Variant: Rails start.
53
52
  # ExecStart=/<FULLPATH>/bin/puma -C <YOUR_APP_PATH>/config/puma.rb ../config.ru
54
53
 
55
- # Variant: Use `bundle exec --keep-file-descriptors puma` instead of binstub
54
+ # Variant: Use `bundle exec puma` instead of binstub
56
55
  # Variant: Specify directives inline.
57
56
  # ExecStart=/<FULLPATH>/puma -b tcp://0.0.0.0:9292 -b ssl://0.0.0.0:9293?key=key.pem&cert=cert.pem
58
57
 
@@ -77,9 +76,7 @@ compatible with both clustered mode and application preload.
77
76
 
78
77
  **Note:** Any wrapper scripts which `exec`, or other indirections in `ExecStart`
79
78
  may result in activated socket file descriptors being closed before reaching the
80
- puma master process. For example, if using `bundle exec`, pass the
81
- `--keep-file-descriptors` flag. `bundle exec` can be avoided by using a `puma`
82
- executable generated by `bundle binstubs puma`. This is tracked in [#1499].
79
+ puma master process.
83
80
 
84
81
  **Note:** Socket activation doesn't currently work on JRuby. This is tracked in
85
82
  [#1367].
@@ -102,9 +99,11 @@ ListenStream=0.0.0.0:9293
102
99
  # ListenStream=/run/puma.sock
103
100
 
104
101
  # Socket options matching Puma defaults
105
- NoDelay=true
106
102
  ReusePort=true
107
103
  Backlog=1024
104
+ # Enable this if you're using Puma with the "low_latency" option, read more in Puma DSL docs and systemd docs:
105
+ # https://www.freedesktop.org/software/systemd/man/latest/systemd.socket.html#NoDelay=
106
+ # NoDelay=true
108
107
 
109
108
  [Install]
110
109
  WantedBy=sockets.target
@@ -242,6 +241,13 @@ cap $stage puma:start --dry-run
242
241
  cap $stage puma:stop --dry-run
243
242
  ~~~~
244
243
 
244
+ ### Disabling Puma Systemd Integration
245
+
246
+ If you would like to disable Puma's systemd integration, for example if you handle it elsewhere
247
+ in your code yourself, simply set the the environment variable `PUMA_SKIP_SYSTEMD` to any value.
248
+
249
+
250
+
245
251
  [Restart]: https://www.freedesktop.org/software/systemd/man/systemd.service.html#Restart=
246
252
  [#1367]: https://github.com/puma/puma/issues/1367
247
253
  [#1499]: https://github.com/puma/puma/issues/1499
File without changes
File without changes
File without changes
File without changes
@@ -10,11 +10,13 @@ end
10
10
 
11
11
  unless ENV["PUMA_DISABLE_SSL"]
12
12
  # don't use pkg_config('openssl') if '--with-openssl-dir' is used
13
- has_openssl_dir = dir_config('openssl').any?
13
+ has_openssl_dir = dir_config('openssl').any? ||
14
+ RbConfig::CONFIG['configure_args']&.include?('openssl')
15
+
14
16
  found_pkg_config = !has_openssl_dir && pkg_config('openssl')
15
17
 
16
18
  found_ssl = if !$mingw && found_pkg_config
17
- puts 'using OpenSSL pkgconfig (openssl.pc)'
19
+ puts '──── Using OpenSSL pkgconfig (openssl.pc) ────'
18
20
  true
19
21
  elsif have_library('libcrypto', 'BIO_read') && have_library('libssl', 'SSL_CTX_new')
20
22
  true
@@ -29,22 +31,27 @@ unless ENV["PUMA_DISABLE_SSL"]
29
31
  if found_ssl
30
32
  have_header "openssl/bio.h"
31
33
 
32
- # below is yes for 1.0.2 & later
33
- have_func "DTLS_method" , "openssl/ssl.h"
34
- have_func "SSL_CTX_set_session_cache_mode(NULL, 0)", "openssl/ssl.h"
34
+ ssl_h = "openssl/ssl.h".freeze
35
+
36
+ puts "\n──── Below are yes for 1.0.2 & later ────"
37
+ have_func "DTLS_method" , ssl_h
38
+ have_func "SSL_CTX_set_session_cache_mode(NULL, 0)", ssl_h
39
+
40
+ puts "\n──── Below are yes for 1.1.0 & later ────"
41
+ have_func "TLS_server_method" , ssl_h
42
+ have_func "SSL_CTX_set_min_proto_version(NULL, 0)" , ssl_h
35
43
 
36
- # below are yes for 1.1.0 & later
37
- have_func "TLS_server_method" , "openssl/ssl.h"
38
- have_func "SSL_CTX_set_min_proto_version(NULL, 0)" , "openssl/ssl.h"
44
+ puts "\n──── Below is yes for 1.1.0 and later, but isn't documented until 3.0.0 ────"
45
+ # https://github.com/openssl/openssl/blob/OpenSSL_1_1_0/include/openssl/ssl.h#L1159
46
+ have_func "SSL_CTX_set_dh_auto(NULL, 0)" , ssl_h
39
47
 
40
- have_func "X509_STORE_up_ref"
41
- have_func "SSL_CTX_set_ecdh_auto(NULL, 0)" , "openssl/ssl.h"
48
+ puts "\n──── Below is yes for 1.1.1 & later ────"
49
+ have_func "SSL_CTX_set_ciphersuites(NULL, \"\")" , ssl_h
42
50
 
43
- # below exists in 1.1.0 and later, but isn't documented until 3.0.0
44
- have_func "SSL_CTX_set_dh_auto(NULL, 0)" , "openssl/ssl.h"
51
+ puts "\n──── Below is yes for 3.0.0 & later ────"
52
+ have_func "SSL_get1_peer_certificate" , ssl_h
45
53
 
46
- # below is yes for 3.0.0 & later
47
- have_func "SSL_get1_peer_certificate" , "openssl/ssl.h"
54
+ puts ''
48
55
 
49
56
  # Random.bytes available in Ruby 2.5 and later, Random::DEFAULT deprecated in 3.0
50
57
  if Random.respond_to?(:bytes)
File without changes
File without changes
File without changes
File without changes
File without changes