puma 6.4.2-java → 6.5.0-java

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1736c6dd01c94d6cf6a109965156ec60ec8a9deb17b42bdabc198f79d1b72c1a
4
- data.tar.gz: 58e70495466aa055fc76038a23cf394167ca393959ab7bfa8a55306a7506f1ac
3
+ metadata.gz: 98e214e6e7ef41283c44c5b17cce34c008171416e72f13dc94b3c948f69adb32
4
+ data.tar.gz: a2c9b766ace09e6875e3e44f40c30eebaf6ff8d1d2db108a2b4215a7efa8d8da
5
5
  SHA512:
6
- metadata.gz: 5ee67bed8910a53a217a6d9f799cf7a64f145d5a80a0cbea224949e3ae2fe76ae31dc5e5991a7983f71cbe34836ef568cab41a6d0ae5ca7d21cf0f87b8fac09e
7
- data.tar.gz: '0085fa5bd8492707be9c52b3618c0663a06a2aad62e5fe60b66521d51572f8159d22f5f14b265314c1a094bec0d506dabef74c514fb8813d9a31d9f5395bfd3d'
6
+ metadata.gz: 6bd3492005053361459468ed003c15b5e7d9d61fe2ae05eac2fd28fcac514b2a6619e72e90dbba6aab9a70818af86d44c478b29ab18337425f066641e3dcaa72
7
+ data.tar.gz: bb16c4a3ac2b95af52c24575c1affe75c8b6cc4b893e98e3bd0309fd90cd6fa26afaded01c2e306c2d4606bd78ec96615f13100d6ddeaeba8b7ae416523adf52
data/History.md CHANGED
@@ -1,3 +1,57 @@
1
+ ## 6.5.0 / 2024-11-23
2
+
3
+ * Features
4
+ * Print RUBY_DESCRIPTION when Puma starts ([#3407])
5
+ * Set the worker process count automatically when using WEB_CONCURRENCY=auto ([#3439], [#3437])
6
+ * Mark as ractor-safe ([#3486], [#3422])
7
+ * Add option `enable_keep_alive`. `true` mimics existing behavior, but now can use `false` to disable keepalive to reduce queue tail latency ([#3496])
8
+ * Add parameters to Puma methods to allow CI to change ENV in isolation ([#3485])
9
+ * Add `ssl_ciphersuites` option for TLSv1.3 ciphers ([#3359], [#3343])
10
+ * You can now use `--threads 5` or `threads 5` to config max/min threads with a single number (used to need to say `5:5`) ([#3309])
11
+ * Option to turn off systemd plugin ([#3425], [#3424])
12
+ * Add `on_stopped` hook ([#3411], [#3380])
13
+
14
+ * Bugfixes
15
+ * Handle blank environment variables when loading config ([#3539])
16
+ * lib/rack/handler/puma.rb - fix for rackup v1.0.1, adjust Gemfile ([#3532], [#3531])
17
+ * null_io.rb - add `external_encoding`, `set_encoding`, `binmode`, `binmode?` ([#3214])
18
+ * Implement NullIO#seek and #pos to mimic IO ([#3468])
19
+ * add support in rack handler & fix regression in binder for linux abstract namespace sockets ([#3508])
20
+ * Use actual thread local for `Puma::Server.current`. ([#3360])
21
+ * client.rb - fix request chunked body handling ([#3338], [#3337])
22
+ * Properly handle two requests seen in the initial buffer ([#3332])
23
+ * Fix response repeated status line when request is invalid or errors are raised ([#3308], [#3307])
24
+ * Fix child processes not being reaped when `Process.detach` used ([#3314], [#3313])
25
+
26
+ * JRuby
27
+ * Make HTTP length constants configurable ([#3518])
28
+ * Fixup jruby_restart.rb & launcher.rb to work with ARM64 macOS JRuby ([#3467])
29
+
30
+ * Performance
31
+ * Avoid checking if all workers reached timeout unless idle timeout is configured ([#3341])
32
+ * Request body - increase read size to 64 kB ([#3548])
33
+ * single mode skip wait_for_less_busy_worker ([#3325])
34
+
35
+ * Refactor
36
+ * A ton of CI/test improvements by @MSP-Greg, as usual.
37
+ * Add ThreadPool#stats and adjust Server#stats to use it ([#3527])
38
+ * normalize whitespace in worker stats string ([#3513])
39
+ * rack/handler/puma.rb - ssl - use `start_with?`, add test ([#3510])
40
+ * extconf.rb - add logging for OpenSSL versions ([#3370])
41
+ * Lazily require `Puma::Rack::Builder` ([#3340])
42
+ * Refactor: Constantize worker pipe request types ([#3318])
43
+
44
+ * Docs
45
+ * stats.md improvements ([#3514])
46
+ * control_cli.rb: Harmonize help message with bin/puma ([#3434])
47
+ * dsl.rb: Clarify a callback's argument ([#3435])
48
+ * lib/rack/handler/puma.rb - relocate and fixup module comment ([#3495])
49
+
50
+ ## 6.4.3 / 2024-09-19
51
+
52
+ * Security
53
+ * Discards any headers using underscores if the non-underscore version also exists. Without this, an attacker could overwrite values set by intermediate proxies (e.g. X-Forwarded-For). ([CVE-2024-45614](https://github.com/puma/puma/security/advisories/GHSA-9hf4-67fc-4vf4)/GHSA-9hf4-67fc-4vf4)
54
+
1
55
  ## 6.4.2 / 2024-01-08
2
56
 
3
57
  * Security
@@ -173,6 +227,14 @@
173
227
  * Ruby 3.2 will have native IO#wait_* methods, don't require io/wait ([#2903])
174
228
  * Various internal API refactorings ([#2942], [#2921], [#2922], [#2955])
175
229
 
230
+ ## 5.6.9 / 2024-09-19
231
+
232
+ * Security
233
+ * Discards any headers using underscores if the non-underscore version also exists. Without this, an attacker could overwrite values set by intermediate proxies (e.g. X-Forwarded-For). ([CVE-2024-45614](https://github.com/puma/puma/security/advisories/GHSA-9hf4-67fc-4vf4)/GHSA-9hf4-67fc-4vf4)
234
+ * JRuby
235
+ * Must use at least Java >= 9 to compile. You can no longer build from source on Java 8.
236
+
237
+
176
238
  ## 5.6.8 / 2024-01-08
177
239
 
178
240
  * Security
@@ -2063,6 +2125,49 @@ be added back in a future date when a java Puma::MiniSSL is added.
2063
2125
  * Bugfixes
2064
2126
  * Your bugfix goes here <Most recent on the top, like GitHub> (#Github Number)
2065
2127
 
2128
+ [#3407]:https://github.com/puma/puma/pull/3407 "PR by @JacobEvelyn, merged 2024-11-05"
2129
+ [#3439]:https://github.com/puma/puma/pull/3439 "PR by @codergeek121, merged 2024-11-04"
2130
+ [#3437]:https://github.com/puma/puma/issues/3437 "Issue by @rafaelfranca, closed 2024-11-04"
2131
+ [#3486]:https://github.com/puma/puma/pull/3486 "PR by @mohamedhafez, merged 2024-09-26"
2132
+ [#3422]:https://github.com/puma/puma/issues/3422 "Issue by @mohamedhafez, closed 2024-09-26"
2133
+ [#3496]:https://github.com/puma/puma/pull/3496 "PR by @slizco, merged 2024-09-26"
2134
+ [#3485]:https://github.com/puma/puma/pull/3485 "PR by @MSP-Greg, merged 2024-09-21"
2135
+ [#3359]:https://github.com/puma/puma/pull/3359 "PR by @willayton, merged 2024-04-11"
2136
+ [#3343]:https://github.com/puma/puma/issues/3343 "Issue by @willayton, closed 2024-04-11"
2137
+ [#3309]:https://github.com/puma/puma/pull/3309 "PR by @byroot, merged 2024-01-09"
2138
+ [#3425]:https://github.com/puma/puma/pull/3425 "PR by @mohamedhafez, merged 2024-07-14"
2139
+ [#3424]:https://github.com/puma/puma/issues/3424 "Issue by @mohamedhafez, closed 2024-07-14"
2140
+ [#3411]:https://github.com/puma/puma/pull/3411 "PR by @OuYangJinTing, merged 2024-06-15"
2141
+ [#3380]:https://github.com/puma/puma/pull/3380 "PR by @emilyst, closed 2024-06-15"
2142
+ [#3539]:https://github.com/puma/puma/pull/3539 "PR by @caius, merged 2024-11-20"
2143
+ [#3532]:https://github.com/puma/puma/pull/3532 "PR by @MSP-Greg, merged 2024-10-24"
2144
+ [#3531]:https://github.com/puma/puma/issues/3531 "Issue by @tagliala, closed 2024-10-24"
2145
+ [#3214]:https://github.com/puma/puma/pull/3214 "PR by @MSP-Greg, merged 2024-10-15"
2146
+ [#3468]:https://github.com/puma/puma/pull/3468 "PR by @foca, merged 2024-10-04"
2147
+ [#3508]:https://github.com/puma/puma/pull/3508 "PR by @MayCXC, merged 2024-10-02"
2148
+ [#3360]:https://github.com/puma/puma/pull/3360 "PR by @ioquatix, merged 2024-04-24"
2149
+ [#3338]:https://github.com/puma/puma/pull/3338 "PR by @MSP-Greg, merged 2024-04-11"
2150
+ [#3337]:https://github.com/puma/puma/issues/3337 "Issue by @skliew, closed 2024-04-11"
2151
+ [#3332]:https://github.com/puma/puma/pull/3332 "PR by @evanphx, merged 2024-02-18"
2152
+ [#3308]:https://github.com/puma/puma/pull/3308 "PR by @MSP-Greg, merged 2024-01-31"
2153
+ [#3307]:https://github.com/puma/puma/issues/3307 "Issue by @nateberkopec, closed 2024-01-31"
2154
+ [#3314]:https://github.com/puma/puma/pull/3314 "PR by @stanhu, merged 2024-01-26"
2155
+ [#3313]:https://github.com/puma/puma/issues/3313 "Issue by @stanhu, closed 2024-01-26"
2156
+ [#3518]:https://github.com/puma/puma/pull/3518 "PR by @roque86, merged 2024-11-15"
2157
+ [#3467]:https://github.com/puma/puma/pull/3467 "PR by @MSP-Greg, merged 2024-09-21"
2158
+ [#3341]:https://github.com/puma/puma/pull/3341 "PR by @joshuay03, merged 2024-03-11"
2159
+ [#3548]:https://github.com/puma/puma/pull/3548 "PR by @MSP-Greg, merged 2024-11-21"
2160
+ [#3325]:https://github.com/puma/puma/pull/3325 "PR by @OuYangJinTing, merged 2024-10-22"
2161
+ [#3527]:https://github.com/puma/puma/pull/3527 "PR by @MSP-Greg, merged 2024-10-26"
2162
+ [#3513]:https://github.com/puma/puma/pull/3513 "PR by @jjb, merged 2024-10-11"
2163
+ [#3510]:https://github.com/puma/puma/pull/3510 "PR by @MSP-Greg, merged 2024-10-03"
2164
+ [#3370]:https://github.com/puma/puma/pull/3370 "PR by @MSP-Greg, merged 2024-04-15"
2165
+ [#3340]:https://github.com/puma/puma/pull/3340 "PR by @joshuay03, merged 2024-03-10"
2166
+ [#3318]:https://github.com/puma/puma/pull/3318 "PR by @joshuay03, merged 2024-01-15"
2167
+ [#3514]:https://github.com/puma/puma/pull/3514 "PR by @jjb, merged 2024-10-11"
2168
+ [#3434]:https://github.com/puma/puma/pull/3434 "PR by @olleolleolle, merged 2024-09-19"
2169
+ [#3435]:https://github.com/puma/puma/pull/3435 "PR by @olleolleolle, merged 2024-09-19"
2170
+ [#3495]:https://github.com/puma/puma/pull/3495 "PR by @MSP-Greg, merged 2024-09-19"
2066
2171
  [#3256]:https://github.com/puma/puma/pull/3256 "PR by @MSP-Greg, merged 2023-10-16"
2067
2172
  [#3235]:https://github.com/puma/puma/pull/3235 "PR by @joshuay03, merged 2023-10-03"
2068
2173
  [#3228]:https://github.com/puma/puma/issues/3228 "Issue by @davidalejandroaguilar, closed 2023-10-03"
@@ -2672,7 +2777,7 @@ be added back in a future date when a java Puma::MiniSSL is added.
2672
2777
  [#845]:https://github.com/puma/puma/pull/845 "PR by @deepj, merged 2016-01-28"
2673
2778
  [#846]:https://github.com/puma/puma/pull/846 "PR by @sriedel, merged 2016-01-15"
2674
2779
  [#850]:https://github.com/puma/puma/pull/850 "PR by @deepj, merged 2016-01-15"
2675
- [#853]:https://github.com/puma/puma/pull/853 "PR by @Jeffrey6052, merged 2016-01-28"
2780
+ [#853]:https://github.com/puma/puma/pull/853 "PR by @xuqiyong666, merged 2016-01-28"
2676
2781
  [#857]:https://github.com/puma/puma/pull/857 "PR by @osheroff, merged 2016-01-15"
2677
2782
  [#858]:https://github.com/puma/puma/pull/858 "PR by @mlarraz, merged 2016-01-28"
2678
2783
  [#860]:https://github.com/puma/puma/pull/860 "PR by @osheroff, merged 2016-01-15"
data/README.md CHANGED
@@ -12,7 +12,7 @@ Puma is a **simple, fast, multi-threaded, and highly parallel HTTP 1.1 server fo
12
12
 
13
13
  ## Built For Speed &amp; Parallelism
14
14
 
15
- Puma is a server for [Rack](https://github.com/rack/rack)-powered HTTP applications written in Ruby. It is:
15
+ Puma is a server for [Rack](https://github.com/rack/rack)-powered HTTP applications written in Ruby. It is:
16
16
  * **Multi-threaded**. Each request is served in a separate thread. This helps you serve more requests per second with less memory use.
17
17
  * **Multi-process**. "Pre-forks" in cluster mode, using less memory per-process thanks to copy-on-write memory.
18
18
  * **Standalone**. With SSL support, zero-downtime rolling restarts and a built-in request bufferer, you can deploy Puma without any reverse proxy.
@@ -118,6 +118,8 @@ $ WEB_CONCURRENCY=3 puma -t 8:32
118
118
 
119
119
  Note that threads are still used in clustered mode, and the `-t` thread flag setting is per worker, so `-w 2 -t 16:16` will spawn 32 threads in total, with 16 in each worker process.
120
120
 
121
+ If the `WEB_CONCURRENCY` environment variable is set to `"auto"` and the `concurrent-ruby` gem is available in your application, Puma will set the worker process count to the result of [available processors](https://ruby-concurrency.github.io/concurrent-ruby/master/Concurrent.html#available_processor_count-class_method).
122
+
121
123
  For an in-depth discussion of the tradeoffs of thread and process count settings, [see our docs](https://github.com/puma/puma/blob/9282a8efa5a0c48e39c60d22ca70051a25df9f55/docs/kubernetes.md#workers-per-pod-and-other-config-issues).
122
124
 
123
125
  In clustered mode, Puma can "preload" your application. This loads all the application code *prior* to forking. Preloading reduces total memory usage of your application via an operating system feature called [copy-on-write](https://en.wikipedia.org/wiki/Copy-on-write).
@@ -138,51 +140,93 @@ preload_app!
138
140
 
139
141
  Preloading can’t be used with phased restart, since phased restart kills and restarts workers one-by-one, and preloading copies the code of master into the workers.
140
142
 
141
- When using clustered mode, you can specify a block in your configuration file that will be run on boot of each worker:
143
+ #### Clustered mode hooks
144
+
145
+ When using clustered mode, Puma's configuration DSL provides `before_fork` and `on_worker_boot`
146
+ hooks to run code when the master process forks and child workers are booted respectively.
147
+
148
+ It is recommended to use these hooks with `preload_app!`, otherwise constants loaded by your
149
+ application (such as `Rails`) will not be available inside the hooks.
142
150
 
143
151
  ```ruby
144
152
  # config/puma.rb
153
+ before_fork do
154
+ # Add code to run inside the Puma master process before it forks a worker child.
155
+ end
156
+
145
157
  on_worker_boot do
146
- # configuration here
158
+ # Add code to run inside the Puma worker process after forking.
147
159
  end
148
160
  ```
149
161
 
150
- This code can be used to setup the process before booting the application, allowing
151
- you to do some Puma-specific things that you don't want to embed in your application.
152
- For instance, you could fire a log notification that a worker booted or send something to statsd. This can be called multiple times.
153
-
154
- Constants loaded by your application (such as `Rails`) will not be available in `on_worker_boot`
155
- unless preloading is enabled.
156
-
157
- You can also specify a block to be run before workers are forked, using `before_fork`:
162
+ In addition, there is an `on_refork` hook which is used only in [`fork_worker` mode](docs/fork_worker.md),
163
+ when the worker 0 child process forks a grandchild worker:
158
164
 
159
165
  ```ruby
160
- # config/puma.rb
161
- before_fork do
162
- # configuration here
166
+ on_refork do
167
+ # Used only when fork_worker mode is enabled. Add code to run inside the Puma worker 0
168
+ # child process before it forks a grandchild worker.
163
169
  end
164
170
  ```
165
171
 
166
- You can also specify a block to be run after puma is booted using `on_booted`:
172
+ Importantly, note the following considerations when Ruby forks a child process:
173
+
174
+ 1. File descriptors such as network sockets **are** copied from the parent to the forked
175
+ child process. Dual-use of the same sockets by parent and child will result in I/O conflicts
176
+ such as `SocketError`, `Errno::EPIPE`, and `EOFError`.
177
+ 2. Background Ruby threads, including threads used by various third-party gems for connection
178
+ monitoring, etc., are **not** copied to the child process. Often this does not cause
179
+ immediate problems until a third-party connection goes down, at which point there will
180
+ be no supervisor to reconnect it.
181
+
182
+ Therefore, we recommend the following:
183
+
184
+ 1. If possible, do not establish any socket connections (HTTP, database connections, etc.)
185
+ inside Puma's master process when booting.
186
+ 2. If (1) is not possible, use `before_fork` and `on_refork` to disconnect the parent's socket
187
+ connections when forking, so that they are not accidentally copied to the child process.
188
+ 3. Use `on_worker_boot` to restart any background threads on the forked child.
189
+
190
+ #### Master process lifecycle hooks
191
+
192
+ Puma's configuration DSL provides master process lifecycle hooks `on_booted`, `on_restart`, and `on_stopped`
193
+ which may be used to specify code blocks to run on each event:
167
194
 
168
195
  ```ruby
169
196
  # config/puma.rb
170
197
  on_booted do
171
- # configuration here
198
+ # Add code to run in the Puma master process after it boots,
199
+ # and also after a phased restart completes.
200
+ end
201
+
202
+ on_restart do
203
+ # Add code to run in the Puma master process when it receives
204
+ # a restart command but before it restarts.
205
+ end
206
+
207
+ on_stopped do
208
+ # Add code to run in the Puma master process when it receives
209
+ # a stop command but before it shuts down.
172
210
  end
173
211
  ```
174
212
 
175
213
  ### Error handling
176
214
 
177
- If puma encounters an error outside of the context of your application, it will respond with a 500 and a simple
215
+ If Puma encounters an error outside of the context of your application, it will respond with a 400/500 and a simple
178
216
  textual error message (see `Puma::Server#lowlevel_error` or [server.rb](https://github.com/puma/puma/blob/master/lib/puma/server.rb)).
179
217
  You can specify custom behavior for this scenario. For example, you can report the error to your third-party
180
218
  error-tracking service (in this example, [rollbar](https://rollbar.com)):
181
219
 
182
220
  ```ruby
183
- lowlevel_error_handler do |e|
184
- Rollbar.critical(e)
185
- [500, {}, ["An error has occurred, and engineers have been informed. Please reload the page. If you continue to have problems, contact support@example.com\n"]]
221
+ lowlevel_error_handler do |e, env, status|
222
+ if status == 400
223
+ message = "The server could not process the request due to an error, such as an incorrectly typed URL, malformed syntax, or a URL that contains illegal characters.\n"
224
+ else
225
+ message = "An error has occurred, and engineers have been informed. Please reload the page. If you continue to have problems, contact support@example.com\n"
226
+ Rollbar.critical(e)
227
+ end
228
+
229
+ [status, {}, [message]]
186
230
  end
187
231
  ```
188
232
 
@@ -249,7 +293,7 @@ $ puma -b ssl://localhost:9292 -b tcp://localhost:9393 -C config/use_local_host.
249
293
 
250
294
  #### Controlling SSL Cipher Suites
251
295
 
252
- To use or avoid specific SSL cipher suites, use `ssl_cipher_filter` or `ssl_cipher_list` options.
296
+ To use or avoid specific SSL ciphers for TLSv1.2 and below, use `ssl_cipher_filter` or `ssl_cipher_list` options.
253
297
 
254
298
  ##### Ruby:
255
299
 
@@ -263,6 +307,14 @@ $ puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert&ssl_cipher_fil
263
307
  $ puma -b 'ssl://127.0.0.1:9292?keystore=path_to_keystore&keystore-pass=keystore_password&ssl_cipher_list=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA'
264
308
  ```
265
309
 
310
+ To configure the available TLSv1.3 ciphersuites, use `ssl_ciphersuites` option (not available for JRuby).
311
+
312
+ ##### Ruby:
313
+
314
+ ```
315
+ $ puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert&ssl_ciphersuites=TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256'
316
+ ```
317
+
266
318
  See https://www.openssl.org/docs/man1.1.1/man1/ciphers.html for cipher filter format and full list of cipher suites.
267
319
 
268
320
  Disable TLS v1 with the `no_tlsv1` option:
@@ -279,7 +331,7 @@ To enable verification flags offered by OpenSSL, use `verification_flags` (not a
279
331
  $ puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert&verification_flags=PARTIAL_CHAIN'
280
332
  ```
281
333
 
282
- You can also set multiple verification flags (by separating them with coma):
334
+ You can also set multiple verification flags (by separating them with a comma):
283
335
 
284
336
  ```
285
337
  $ puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert&verification_flags=PARTIAL_CHAIN,CRL_CHECK'
data/docs/fork_worker.md CHANGED
@@ -22,10 +22,14 @@ The `fork_worker` option allows your application to be initialized only once for
22
22
 
23
23
  You can trigger a refork by sending the cluster the `SIGURG` signal or running the `pumactl refork` command at any time. A refork will also automatically trigger once, after a certain number of requests have been processed by worker 0 (default 1000). To configure the number of requests before the auto-refork, pass a positive integer argument to `fork_worker` (e.g., `fork_worker 1000`), or `0` to disable.
24
24
 
25
+ ### Usage Considerations
26
+
27
+ - `fork_worker` introduces a new `on_refork` configuration hook. If you were using the `before_fork` hook previously, we generally recommend to copy its logic to `on_refork`. Note that `fork_worker` triggers the `before_fork` configuration hook *only* when initially forking the master process to worker 0, and triggers the `on_refork` hook on all subsequent forks from worker 0 to additional workers.
28
+
25
29
  ### Limitations
26
30
 
27
31
  - This mode is still very experimental so there may be bugs or edge-cases, particularly around expected behavior of existing hooks. Please open a [bug report](https://github.com/puma/puma/issues/new?template=bug_report.md) if you encounter any issues.
28
32
 
29
33
  - In order to fork new workers cleanly, worker 0 shuts down its server and stops serving requests so there are no open file descriptors or other kinds of shared global state between processes, and to maximize copy-on-write efficiency across the newly-forked workers. This may temporarily reduce total capacity of the cluster during a phased restart / refork.
30
34
 
31
- In a cluster with `n` workers, a normal phased restart stops and restarts workers one by one while the application is loaded in each process, so `n-1` workers are available serving requests during the restart. In a phased restart in fork-worker mode, the application is first loaded in worker 0 while `n-1` workers are available, then worker 0 remains stopped while the rest of the workers are reloaded one by one, leaving only `n-2` workers to be available for a brief period of time. Reloading the rest of the workers should be quick because the application is preloaded at that point, but there may be situations where it can take longer (slow clients, long-running application code, slow worker-fork hooks, etc).
35
+ - In a cluster with `n` workers, a normal phased restart stops and restarts workers one by one while the application is loaded in each process, so `n-1` workers are available serving requests during the restart. In a phased restart in fork-worker mode, the application is first loaded in worker 0 while `n-1` workers are available, then worker 0 remains stopped while the rest of the workers are reloaded one by one, leaving only `n-2` workers to be available for a brief period of time. Reloading the rest of the workers should be quick because the application is preloaded at that point, but there may be situations where it can take longer (slow clients, long-running application code, slow worker-fork hooks, etc).
@@ -0,0 +1,48 @@
1
+ # Java Options
2
+
3
+ `System Properties` or `Environment Variables` can be used to change Puma's
4
+ default configuration for its Java extension. The provided values are evaluated
5
+ during initialization, and changes while running the app have no effect.
6
+ Moreover, default values may be used in case of invalid inputs.
7
+
8
+ ## Supported Options
9
+
10
+ | ENV Name | Default Value | Validation |
11
+ |------------------------------|:-------------:|:------------------------:|
12
+ | PUMA_QUERY_STRING_MAX_LENGTH | 1024 * 10 | Positive natural number |
13
+ | PUMA_REQUEST_PATH_MAX_LENGTH | 8192 | Positive natural number |
14
+ | PUMA_REQUEST_URI_MAX_LENGTH | 1024 * 12 | Positive natural number |
15
+
16
+ ## Examples
17
+
18
+ ### Invalid inputs
19
+
20
+ An empty string will be handled as missing, and the default value will be used instead.
21
+ Puma will print an error message for other invalid values.
22
+
23
+ ```
24
+ foo@bar:~/puma$ PUMA_QUERY_STRING_MAX_LENGTH=abc PUMA_REQUEST_PATH_MAX_LENGTH='' PUMA_REQUEST_URI_MAX_LENGTH=0 bundle exec bin/puma test/rackup/hello.ru
25
+
26
+ The value 0 for PUMA_REQUEST_URI_MAX_LENGTH is invalid. Using default value 12288 instead.
27
+ The value abc for PUMA_QUERY_STRING_MAX_LENGTH is invalid. Using default value 10240 instead.
28
+ Puma starting in single mode...
29
+ ```
30
+
31
+ ### Valid inputs
32
+
33
+ ```
34
+ foo@bar:~/puma$ PUMA_REQUEST_PATH_MAX_LENGTH=9 bundle exec bin/puma test/rackup/hello.ru
35
+
36
+ Puma starting in single mode...
37
+ ```
38
+ ```
39
+ foo@bar:~ export path=/123456789 # 10 chars
40
+ foo@bar:~ curl "http://localhost:9292${path}"
41
+
42
+ Puma caught this error: HTTP element REQUEST_PATH is longer than the 9 allowed length. (Puma::HttpParserError)
43
+
44
+ foo@bar:~ export path=/12345678 # 9 chars
45
+ foo@bar:~ curl "http://localhost:9292${path}"
46
+ Hello World
47
+ ```
48
+
data/docs/signals.md CHANGED
@@ -17,13 +17,13 @@ $ ps aux | grep tail
17
17
  schneems 87152 0.0 0.0 2432772 492 s032 S+ 12:46PM 0:00.00 tail -f my.log
18
18
  ```
19
19
 
20
- You can send a signal in Ruby using the [Process module](https://www.ruby-doc.org/core-2.1.1/Process.html#kill-method):
20
+ You can send a signal in Ruby using the [Process module](https://ruby-doc.org/3.2.2/Process.html#method-c-kill):
21
21
 
22
22
  ```
23
23
  $ irb
24
24
  > puts pid
25
25
  => 87152
26
- Process.detach(pid) # https://ruby-doc.org/core-2.1.1/Process.html#method-c-detach
26
+ Process.detach(pid) # https://ruby-doc.org/3.2.2/Process.html#method-c-detach
27
27
  Process.kill("TERM", pid)
28
28
  ```
29
29
 
data/docs/stats.md CHANGED
@@ -56,7 +56,8 @@ end
56
56
  When Puma runs in single mode, these stats are available at the top level. When Puma runs in cluster mode, these stats are available within the `worker_status` array in a hash labeled `last_status`, in an array of hashes where one hash represents each worker.
57
57
 
58
58
  * backlog: requests that are waiting for an available thread to be available. if this is above 0, you need more capacity [always true?]
59
- * running: how many threads are running
59
+ * running: how many threads are spawned. A spawned thread may be busy processing a request or waiting for a new request. If `min_threads` and `max_threads` are set to the same number,
60
+ this will be a never-changing number (other than rare cases when a thread dies, etc).
60
61
  * pool_capacity: the number of requests that the server is capable of taking right now. For example, if the number is 5, then it means there are 5 threads sitting idle ready to take a request. If one request comes in, then the value would be 4 until it finishes processing. If the minimum threads allowed is zero, this number will still have a maximum value of the maximum threads allowed.
61
62
  * max_threads: the maximum number of threads Puma is configured to spool per worker
62
63
  * requests_count: the number of requests this worker has served since starting
data/docs/systemd.md CHANGED
@@ -99,9 +99,11 @@ ListenStream=0.0.0.0:9293
99
99
  # ListenStream=/run/puma.sock
100
100
 
101
101
  # Socket options matching Puma defaults
102
- NoDelay=true
103
102
  ReusePort=true
104
103
  Backlog=1024
104
+ # Enable this if you're using Puma with the "low_latency" option, read more in Puma DSL docs and systemd docs:
105
+ # https://www.freedesktop.org/software/systemd/man/latest/systemd.socket.html#NoDelay=
106
+ # NoDelay=true
105
107
 
106
108
  [Install]
107
109
  WantedBy=sockets.target
@@ -239,6 +241,13 @@ cap $stage puma:start --dry-run
239
241
  cap $stage puma:stop --dry-run
240
242
  ~~~~
241
243
 
244
+ ### Disabling Puma Systemd Integration
245
+
246
+ If you would like to disable Puma's systemd integration, for example if you handle it elsewhere
247
+ in your code yourself, simply set the the environment variable `PUMA_SKIP_SYSTEMD` to any value.
248
+
249
+
250
+
242
251
  [Restart]: https://www.freedesktop.org/software/systemd/man/systemd.service.html#Restart=
243
252
  [#1367]: https://github.com/puma/puma/issues/1367
244
253
  [#1499]: https://github.com/puma/puma/issues/1499
@@ -10,15 +10,13 @@ end
10
10
 
11
11
  unless ENV["PUMA_DISABLE_SSL"]
12
12
  # don't use pkg_config('openssl') if '--with-openssl-dir' is used
13
- # also looks within the Ruby build for directory info
14
13
  has_openssl_dir = dir_config('openssl').any? ||
15
- RbConfig::CONFIG['configure_args']&.include?('openssl') ||
16
- Dir.exist?("#{RbConfig::TOPDIR}/src/main/c/openssl") # TruffleRuby
14
+ RbConfig::CONFIG['configure_args']&.include?('openssl')
17
15
 
18
16
  found_pkg_config = !has_openssl_dir && pkg_config('openssl')
19
17
 
20
18
  found_ssl = if !$mingw && found_pkg_config
21
- puts 'using OpenSSL pkgconfig (openssl.pc)'
19
+ puts '──── Using OpenSSL pkgconfig (openssl.pc) ────'
22
20
  true
23
21
  elsif have_library('libcrypto', 'BIO_read') && have_library('libssl', 'SSL_CTX_new')
24
22
  true
@@ -33,22 +31,27 @@ unless ENV["PUMA_DISABLE_SSL"]
33
31
  if found_ssl
34
32
  have_header "openssl/bio.h"
35
33
 
36
- # below is yes for 1.0.2 & later
37
- have_func "DTLS_method" , "openssl/ssl.h"
38
- have_func "SSL_CTX_set_session_cache_mode(NULL, 0)", "openssl/ssl.h"
34
+ ssl_h = "openssl/ssl.h".freeze
39
35
 
40
- # below are yes for 1.1.0 & later
41
- have_func "TLS_server_method" , "openssl/ssl.h"
42
- have_func "SSL_CTX_set_min_proto_version(NULL, 0)" , "openssl/ssl.h"
36
+ puts "\n──── Below are yes for 1.0.2 & later ────"
37
+ have_func "DTLS_method" , ssl_h
38
+ have_func "SSL_CTX_set_session_cache_mode(NULL, 0)", ssl_h
43
39
 
44
- have_func "X509_STORE_up_ref"
45
- have_func "SSL_CTX_set_ecdh_auto(NULL, 0)" , "openssl/ssl.h"
40
+ puts "\n──── Below are yes for 1.1.0 & later ────"
41
+ have_func "TLS_server_method" , ssl_h
42
+ have_func "SSL_CTX_set_min_proto_version(NULL, 0)" , ssl_h
46
43
 
47
- # below exists in 1.1.0 and later, but isn't documented until 3.0.0
48
- have_func "SSL_CTX_set_dh_auto(NULL, 0)" , "openssl/ssl.h"
44
+ puts "\n──── Below is yes for 1.1.0 and later, but isn't documented until 3.0.0 ────"
45
+ # https://github.com/openssl/openssl/blob/OpenSSL_1_1_0/include/openssl/ssl.h#L1159
46
+ have_func "SSL_CTX_set_dh_auto(NULL, 0)" , ssl_h
49
47
 
50
- # below is yes for 3.0.0 & later
51
- have_func "SSL_get1_peer_certificate" , "openssl/ssl.h"
48
+ puts "\n──── Below is yes for 1.1.1 & later ────"
49
+ have_func "SSL_CTX_set_ciphersuites(NULL, \"\")" , ssl_h
50
+
51
+ puts "\n──── Below is yes for 3.0.0 & later ────"
52
+ have_func "SSL_get1_peer_certificate" , ssl_h
53
+
54
+ puts ''
52
55
 
53
56
  # Random.bytes available in Ruby 2.5 and later, Random::DEFAULT deprecated in 3.0
54
57
  if Random.respond_to?(:bytes)
@@ -229,7 +229,7 @@ VALUE
229
229
  sslctx_initialize(VALUE self, VALUE mini_ssl_ctx) {
230
230
  SSL_CTX* ctx;
231
231
  int ssl_options;
232
- VALUE key, cert, ca, verify_mode, ssl_cipher_filter, no_tlsv1, no_tlsv1_1,
232
+ VALUE key, cert, ca, verify_mode, ssl_cipher_filter, ssl_ciphersuites, no_tlsv1, no_tlsv1_1,
233
233
  verification_flags, session_id_bytes, cert_pem, key_pem, key_password_command, key_password;
234
234
  BIO *bio;
235
235
  X509 *x509 = NULL;
@@ -269,6 +269,8 @@ sslctx_initialize(VALUE self, VALUE mini_ssl_ctx) {
269
269
 
270
270
  ssl_cipher_filter = rb_funcall(mini_ssl_ctx, rb_intern_const("ssl_cipher_filter"), 0);
271
271
 
272
+ ssl_ciphersuites = rb_funcall(mini_ssl_ctx, rb_intern_const("ssl_ciphersuites"), 0);
273
+
272
274
  no_tlsv1 = rb_funcall(mini_ssl_ctx, rb_intern_const("no_tlsv1"), 0);
273
275
 
274
276
  no_tlsv1_1 = rb_funcall(mini_ssl_ctx, rb_intern_const("no_tlsv1_1"), 0);
@@ -444,6 +446,14 @@ sslctx_initialize(VALUE self, VALUE mini_ssl_ctx) {
444
446
  SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL@STRENGTH");
445
447
  }
446
448
 
449
+ #if HAVE_SSL_CTX_SET_CIPHERSUITES
450
+ // Only override OpenSSL default ciphersuites if config option is supplied.
451
+ if (!NIL_P(ssl_ciphersuites)) {
452
+ StringValue(ssl_ciphersuites);
453
+ SSL_CTX_set_ciphersuites(ctx, RSTRING_PTR(ssl_ciphersuites));
454
+ }
455
+ #endif
456
+
447
457
  #if OPENSSL_VERSION_NUMBER < 0x10002000L
448
458
  // Remove this case if OpenSSL 1.0.1 (now EOL) support is no longer needed.
449
459
  ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
@@ -26,14 +26,14 @@ public class Http11 extends RubyObject {
26
26
  public final static String MAX_FIELD_NAME_LENGTH_ERR = "HTTP element FIELD_NAME is longer than the 256 allowed length.";
27
27
  public final static int MAX_FIELD_VALUE_LENGTH = 80 * 1024;
28
28
  public final static String MAX_FIELD_VALUE_LENGTH_ERR = "HTTP element FIELD_VALUE is longer than the 81920 allowed length.";
29
- public final static int MAX_REQUEST_URI_LENGTH = 1024 * 12;
30
- public final static String MAX_REQUEST_URI_LENGTH_ERR = "HTTP element REQUEST_URI is longer than the 12288 allowed length.";
29
+ public final static int MAX_REQUEST_URI_LENGTH = getConstLength("PUMA_REQUEST_URI_MAX_LENGTH", 1024 * 12);
30
+ public final static String MAX_REQUEST_URI_LENGTH_ERR = "HTTP element REQUEST_URI is longer than the " + MAX_REQUEST_URI_LENGTH + " allowed length.";
31
31
  public final static int MAX_FRAGMENT_LENGTH = 1024;
32
32
  public final static String MAX_FRAGMENT_LENGTH_ERR = "HTTP element REQUEST_PATH is longer than the 1024 allowed length.";
33
- public final static int MAX_REQUEST_PATH_LENGTH = 8192;
34
- public final static String MAX_REQUEST_PATH_LENGTH_ERR = "HTTP element REQUEST_PATH is longer than the 8192 allowed length.";
35
- public final static int MAX_QUERY_STRING_LENGTH = 1024 * 10;
36
- public final static String MAX_QUERY_STRING_LENGTH_ERR = "HTTP element QUERY_STRING is longer than the 10240 allowed length.";
33
+ public final static int MAX_REQUEST_PATH_LENGTH = getConstLength("PUMA_REQUEST_PATH_MAX_LENGTH", 8192);
34
+ public final static String MAX_REQUEST_PATH_LENGTH_ERR = "HTTP element REQUEST_PATH is longer than the " + MAX_REQUEST_PATH_LENGTH + " allowed length.";
35
+ public final static int MAX_QUERY_STRING_LENGTH = getConstLength("PUMA_QUERY_STRING_MAX_LENGTH", 10 * 1024);
36
+ public final static String MAX_QUERY_STRING_LENGTH_ERR = "HTTP element QUERY_STRING is longer than the " + MAX_QUERY_STRING_LENGTH +" allowed length.";
37
37
  public final static int MAX_HEADER_LENGTH = 1024 * (80 + 32);
38
38
  public final static String MAX_HEADER_LENGTH_ERR = "HTTP element HEADER is longer than the 114688 allowed length.";
39
39
 
@@ -48,6 +48,27 @@ public class Http11 extends RubyObject {
48
48
  public static final ByteList QUERY_STRING_BYTELIST = new ByteList(ByteList.plain("QUERY_STRING"));
49
49
  public static final ByteList SERVER_PROTOCOL_BYTELIST = new ByteList(ByteList.plain("SERVER_PROTOCOL"));
50
50
 
51
+ public static String getEnvOrProperty(String name) {
52
+ String envValue = System.getenv(name);
53
+ return (envValue != null) ? envValue : System.getProperty(name);
54
+ }
55
+
56
+ public static int getConstLength(String name, Integer defaultValue) {
57
+ String stringValue = getEnvOrProperty(name);
58
+ if (stringValue == null || stringValue.isEmpty()) return defaultValue;
59
+
60
+ try {
61
+ int value = Integer.parseUnsignedInt(stringValue);
62
+ if (value <= 0) {
63
+ throw new NumberFormatException("The number is not positive.");
64
+ }
65
+ return value;
66
+ } catch (NumberFormatException e) {
67
+ System.err.println(String.format("The value %s for %s is invalid. Using default value %d instead.", stringValue, name, defaultValue));
68
+ return defaultValue;
69
+ }
70
+ }
71
+
51
72
  private static ObjectAllocator ALLOCATOR = new ObjectAllocator() {
52
73
  public IRubyObject allocate(Ruby runtime, RubyClass klass) {
53
74
  return new Http11(runtime, klass);
@@ -99,6 +120,8 @@ public class Http11 extends RubyObject {
99
120
  int bite = b.get(i) & 0xFF;
100
121
  if(bite == '-') {
101
122
  b.set(i, (byte)'_');
123
+ } else if(bite == '_') {
124
+ b.set(i, (byte)',');
102
125
  } else {
103
126
  b.set(i, (byte)Character.toUpperCase(bite));
104
127
  }
@@ -461,6 +461,9 @@ void Init_mini_ssl(VALUE mod);
461
461
 
462
462
  void Init_puma_http11(void)
463
463
  {
464
+ #ifdef HAVE_RB_EXT_RACTOR_SAFE
465
+ rb_ext_ractor_safe(true);
466
+ #endif
464
467
 
465
468
  VALUE mPuma = rb_define_module("Puma");
466
469
  VALUE cHttpParser = rb_define_class_under(mPuma, "HttpParser", rb_cObject);
data/lib/puma/binder.rb CHANGED
@@ -19,13 +19,14 @@ module Puma
19
19
 
20
20
  RACK_VERSION = [1,6].freeze
21
21
 
22
- def initialize(log_writer, conf = Configuration.new)
22
+ def initialize(log_writer, conf = Configuration.new, env: ENV)
23
23
  @log_writer = log_writer
24
24
  @conf = conf
25
25
  @listeners = []
26
26
  @inherited_fds = {}
27
27
  @activated_sockets = {}
28
28
  @unix_paths = []
29
+ @env = env
29
30
 
30
31
  @proto_env = {
31
32
  "rack.version".freeze => RACK_VERSION,
@@ -34,7 +35,7 @@ module Puma
34
35
  "rack.multiprocess".freeze => conf.options[:workers] >= 1,
35
36
  "rack.run_once".freeze => false,
36
37
  RACK_URL_SCHEME => conf.options[:rack_url_scheme],
37
- "SCRIPT_NAME".freeze => ENV['SCRIPT_NAME'] || "",
38
+ "SCRIPT_NAME".freeze => env['SCRIPT_NAME'] || "",
38
39
 
39
40
  # I'd like to set a default CONTENT_TYPE here but some things
40
41
  # depend on their not being a default set and inferring
@@ -87,7 +88,7 @@ module Puma
87
88
  # @version 5.0.0
88
89
  #
89
90
  def create_activated_fds(env_hash)
90
- @log_writer.debug "ENV['LISTEN_FDS'] #{ENV['LISTEN_FDS'].inspect} env_hash['LISTEN_PID'] #{env_hash['LISTEN_PID'].inspect}"
91
+ @log_writer.debug "ENV['LISTEN_FDS'] #{@env['LISTEN_FDS'].inspect} env_hash['LISTEN_PID'] #{env_hash['LISTEN_PID'].inspect}"
91
92
  return [] unless env_hash['LISTEN_FDS'] && env_hash['LISTEN_PID'].to_i == $$
92
93
  env_hash['LISTEN_FDS'].to_i.times do |index|
93
94
  sock = TCPServer.for_fd(socket_activation_fd(index))
@@ -183,7 +184,7 @@ module Puma
183
184
  io = inherit_unix_listener path, fd
184
185
  log_writer.log "* Inherited #{str}"
185
186
  elsif sock = @activated_sockets.delete([ :unix, path ]) ||
186
- @activated_sockets.delete([ :unix, File.realdirpath(path) ])
187
+ !abstract && @activated_sockets.delete([ :unix, File.realdirpath(path) ])
187
188
  @unix_paths << path unless abstract || File.exist?(path)
188
189
  io = inherit_unix_listener path, sock
189
190
  log_writer.log "* Activated #{str}"