puma 1.6.3 → 2.0.0.b1

data/History.txt

@@ -1,3 +1,16 @@
+=== 2.0.0.b1 / 2012-09-11
+
+* 1 major feature:
+  * Optional worker process mode (-w) to allow for process scaling in
+    addition to thread scaling
+
+* 1 bug fix:
+  * Introduce Puma::MiniSSL to be able to properly control doing
+    nonblocking SSL
+
+NOTE: SSL support in JRuby is not supported at present. Support will
+be added back in a future date when a java Puma::MiniSSL is added.
+
 === 1.6.3 / 2012-09-04
 
 * 1 bug fix:

data/Manifest.txt

@@ -9,6 +9,8 @@ Rakefile
 TODO
 bin/puma
 bin/pumactl
+docs/config.md
+docs/nginx.md
 examples/CA/cacert.pem
 examples/CA/newcerts/cert_1.pem
 examples/CA/newcerts/cert_2.pem
@@ -17,6 +19,7 @@ examples/CA/serial
 examples/config.rb
 examples/puma/cert_puma.pem
 examples/puma/csr_puma.pem
+examples/puma/keystore.jks
 examples/puma/puma_keypair.pem
 examples/qc_config.rb
 ext/puma_http11/PumaHttp11Service.java
@@ -27,21 +30,32 @@ ext/puma_http11/http11_parser.h
 ext/puma_http11/http11_parser.java.rl
 ext/puma_http11/http11_parser.rl
 ext/puma_http11/http11_parser_common.rl
+ext/puma_http11/io_buffer.c
+ext/puma_http11/mini_ssl.c
 ext/puma_http11/org/jruby/puma/Http11.java
 ext/puma_http11/org/jruby/puma/Http11Parser.java
+ext/puma_http11/org/jruby/puma/MiniSSL.java
 ext/puma_http11/puma_http11.c
 lib/puma.rb
+lib/puma/accept_nonblock.rb
 lib/puma/app/status.rb
+lib/puma/binder.rb
 lib/puma/cli.rb
 lib/puma/client.rb
 lib/puma/compat.rb
 lib/puma/configuration.rb
 lib/puma/const.rb
 lib/puma/control_cli.rb
+lib/puma/delegation.rb
 lib/puma/detect.rb
 lib/puma/events.rb
+lib/puma/io_buffer.rb
+lib/puma/java_io_buffer.rb
 lib/puma/jruby_restart.rb
+lib/puma/minissl.rb
 lib/puma/null_io.rb
+lib/puma/puma_http11.bundle
+lib/puma/puma_http11.jar
 lib/puma/rack_patch.rb
 lib/puma/reactor.rb
 lib/puma/server.rb
@@ -61,6 +75,7 @@ test/test_config.rb
 test/test_http10.rb
 test/test_http11.rb
 test/test_integration.rb
+test/test_iobuffer.rb
 test/test_null_io.rb
 test/test_persistent.rb
 test/test_puma_server.rb
@@ -70,4 +85,7 @@ test/test_thread_pool.rb
 test/test_unix_socket.rb
 test/test_ws.rb
 test/testhelp.rb
+tools/jungle/README.md
+tools/jungle/puma
+tools/jungle/run-puma
 tools/trickletest.rb

data/Rakefile

@@ -60,6 +60,8 @@ file 'ext/puma_http11/org/jruby/puma/Http11Parser.java' => ['ext/puma_http11/htt
 end
 task :ragel => ['ext/puma_http11/org/jruby/puma/Http11Parser.java']
 
+if !IS_JRUBY
+
 # compile extensions using rake-compiler
 # C (MRI, Rubinius)
 Rake::ExtensionTask.new("puma_http11", HOE.spec) do |ext|
@@ -77,11 +79,15 @@ Rake::ExtensionTask.new("puma_http11", HOE.spec) do |ext|
   CLEAN.include "lib/puma/puma_http11.rb"
 end
 
+else
+
 # Java (JRuby)
 Rake::JavaExtensionTask.new("puma_http11", HOE.spec) do |ext|
   ext.lib_dir = "lib/puma"
 end
 
+end
+
 # the following is a fat-binary stub that will be used when
 # require 'puma/puma_http11' and will use either 1.8 or 1.9 version depending
 # on RUBY_VERSION

data/docs/nginx.md

@@ -0,0 +1,85 @@
+# Nginx configuration example file
+
+This is a very common setup using an upstream. It was adapted from some Capistrano recipe I found on the Internet a while ago.
+
+```
+upstream myapp {
+  server unix:///myapp/tmp/puma.sock;
+}
+
+server {
+  listen 80;
+  server_name myapp.com;
+
+  # ~2 seconds is often enough for most folks to parse HTML/CSS and
+  # retrieve needed images/icons/frames, connections are cheap in
+  # nginx so increasing this is generally safe...
+  keepalive_timeout 5;
+
+  # path for static files
+  root /myapp/public;
+  access_log /myapp/log/nginx.access.log;
+  error_log /myapp/log/nginx.error.log info;
+
+  # this rewrites all the requests to the maintenance.html
+  # page if it exists in the doc root. This is for capistrano's
+  # disable web task
+  if (-f $document_root/maintenance.html) {
+    rewrite  ^(.*)$  /maintenance.html last;
+    break;
+  }
+
+  location / {
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host $http_host;
+
+    # If the file exists as a static file serve it directly without
+    # running all the other rewite tests on it
+    if (-f $request_filename) {
+      break;
+    }
+
+    # check for index.html for directory index
+    # if its there on the filesystem then rewite
+    # the url to add /index.html to the end of it
+    # and then break to send it to the next config rules.
+    if (-f $request_filename/index.html) {
+      rewrite (.*) $1/index.html break;
+    }
+
+    # this is the meat of the rack page caching config
+    # it adds .html to the end of the url and then checks
+    # the filesystem for that file. If it exists, then we
+    # rewite the url to have explicit .html on the end
+    # and then send it on its way to the next config rule.
+    # if there is no file on the fs then it sets all the
+    # necessary headers and proxies to our upstream mongrels
+    if (-f $request_filename.html) {
+      rewrite (.*) $1.html break;
+    }
+
+    if (!-f $request_filename) {
+      proxy_pass http://myapp;
+      break;
+    }
+  }
+
+  # Now this supposedly should work as it gets the filenames with querystrings that Rails provides.
+  # BUT there's a chance it could break the ajax calls.
+  location ~* \.(ico|css|gif|jpe?g|png)(\?[0-9]+)?$ {
+     expires max;
+     break;
+  }
+
+  location ~ ^/javascripts/.*\.js(\?[0-9]+)?$ {
+     expires max;
+     break;
+  }
+
+  # Error pages
+  # error_page 500 502 503 504 /500.html;
+  location = /500.html {
+    root /myapp/current/public;
+  }
+}
+```

data/ext/puma_http11/PumaHttp11Service.java

@@ -6,10 +6,12 @@ import org.jruby.Ruby;
 import org.jruby.runtime.load.BasicLibraryService;
 
 import org.jruby.puma.Http11;
+import org.jruby.puma.MiniSSL;
 
 public class PumaHttp11Service implements BasicLibraryService { 
     public boolean basicLoad(final Ruby runtime) throws IOException {
         Http11.createHttp11(runtime);
+        MiniSSL.createMiniSSL(runtime);
         return true;
     }
 }

data/ext/puma_http11/extconf.rb

@@ -2,4 +2,7 @@ require 'mkmf'
 
 dir_config("puma_http11")
 
+$defs.push "-Wno-deprecated-declarations"
+$libs += " -lssl -lcrypto "
+
 create_makefile("puma/puma_http11")

data/ext/puma_http11/io_buffer.c

@@ -0,0 +1,146 @@
+#include "ruby.h"
+
+#include <sys/types.h>
+
+struct buf_int {
+  uint8_t* top;
+  uint8_t* cur;
+
+  size_t size;
+};
+
+#define BUF_DEFAULT_SIZE 4096
+#define BUF_TOLERANCE 32
+
+static void buf_free(struct buf_int* internal) {
+  free(internal->top);
+  free(internal);
+}
+
+static VALUE buf_alloc(VALUE self) {
+  VALUE buf;
+  struct buf_int* internal;
+
+  buf = Data_Make_Struct(self, struct buf_int, 0, buf_free, internal);
+
+  internal->size = BUF_DEFAULT_SIZE;
+  internal->top = malloc(BUF_DEFAULT_SIZE);
+  internal->cur = internal->top;
+
+  return buf;
+}
+
+static VALUE buf_append(VALUE self, VALUE str) {
+  struct buf_int* b;
+  size_t used, str_len, new_size;
+
+  Data_Get_Struct(self, struct buf_int, b);
+
+  used = b->cur - b->top;
+
+  StringValue(str);
+  str_len = RSTRING_LEN(str);
+
+  new_size = used + str_len;
+
+  if(new_size > b->size) {
+    size_t n = b->size + (b->size / 2);
+    uint8_t* top;
+
+    new_size = (n > new_size ? n : new_size + BUF_TOLERANCE);
+
+    top = malloc(new_size);
+    memcpy(top, b->top, used);
+    b->top = top;
+    b->cur = top + used;
+    b->size = new_size;
+  }
+
+  memcpy(b->cur, RSTRING_PTR(str), str_len);
+  b->cur += str_len;
+
+  return self;
+}
+
+static VALUE buf_append2(int argc, VALUE* argv, VALUE self) {
+  struct buf_int* b;
+  size_t used, new_size;
+  int i;
+  VALUE str;
+
+  Data_Get_Struct(self, struct buf_int, b);
+
+  used = b->cur - b->top;
+  new_size = used;
+
+  for(i = 0; i < argc; i++) {
+    StringValue(argv[i]);
+
+    str = argv[i];
+
+    new_size += RSTRING_LEN(str);
+  }
+
+  if(new_size > b->size) {
+    size_t n = b->size + (b->size / 2);
+    uint8_t* top;
+
+    new_size = (n > new_size ? n : new_size + BUF_TOLERANCE);
+
+    top = malloc(new_size);
+    memcpy(top, b->top, used);
+    b->top = top;
+    b->cur = top + used;
+    b->size = new_size;
+  }
+
+  for(i = 0; i < argc; i++) {
+    long str_len;
+    str = argv[i];
+    str_len = RSTRING_LEN(str);
+    memcpy(b->cur, RSTRING_PTR(str), str_len);
+    b->cur += str_len;
+  }
+}
+
+static VALUE buf_to_str(VALUE self) {
+  struct buf_int* b;
+  Data_Get_Struct(self, struct buf_int, b);
+
+  return rb_str_new(b->top, b->cur - b->top);
+}
+
+static VALUE buf_used(VALUE self) {
+  struct buf_int* b;
+  Data_Get_Struct(self, struct buf_int, b);
+
+  return INT2FIX(b->cur - b->top);
+}
+
+static VALUE buf_capa(VALUE self) {
+  struct buf_int* b;
+  Data_Get_Struct(self, struct buf_int, b);
+
+  return INT2FIX(b->size);
+}
+
+static VALUE buf_reset(VALUE self) {
+  struct buf_int* b;
+  Data_Get_Struct(self, struct buf_int, b);
+
+  b->cur = b->top;
+  return self;
+}
+
+void Init_io_buffer(VALUE puma) {
+  VALUE buf = rb_define_class_under(puma, "IOBuffer", rb_cObject);
+
+  rb_define_alloc_func(buf, buf_alloc);
+  rb_define_method(buf, "<<", buf_append, 1);
+  rb_define_method(buf, "append", buf_append2, -1);
+  rb_define_method(buf, "to_str", buf_to_str, 0);
+  rb_define_method(buf, "to_s", buf_to_str, 0);
+  rb_define_method(buf, "used", buf_used, 0);
+  rb_define_method(buf, "capacity", buf_capa, 0);
+  rb_define_method(buf, "reset", buf_reset, 0);
+}

data/ext/puma_http11/mini_ssl.c

@@ -0,0 +1,189 @@
+#include <ruby.h>
+#include <rubyio.h>
+#include <openssl/bio.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+typedef struct {
+  BIO* read;
+  BIO* write;
+  SSL* ssl;
+  SSL_CTX* ctx;
+} ms_conn;
+
+void engine_free(ms_conn* conn) {
+  BIO_free(conn->read);
+  BIO_free(conn->write);
+
+  free(conn);
+}
+
+ms_conn* engine_alloc(VALUE klass, VALUE* obj) {
+  ms_conn* conn;
+
+  *obj = Data_Make_Struct(klass, ms_conn, 0, engine_free, conn);
+
+  conn->read = BIO_new(BIO_s_mem());
+  BIO_set_nbio(conn->read, 1);
+
+  conn->write = BIO_new(BIO_s_mem());
+  BIO_set_nbio(conn->write, 1);
+
+  conn->ssl = 0;
+  conn->ctx = 0;
+
+  return conn;
+}
+
+VALUE engine_init_server(VALUE self, VALUE key, VALUE cert) {
+  VALUE obj;
+  ms_conn* conn = engine_alloc(self, &obj);
+
+  StringValue(key);
+  StringValue(cert);
+
+  SSL_CTX* ctx = SSL_CTX_new(SSLv23_server_method());
+  conn->ctx = ctx;
+
+  SSL_CTX_use_certificate_file(ctx, RSTRING_PTR(cert), SSL_FILETYPE_PEM);
+  SSL_CTX_use_PrivateKey_file(ctx, RSTRING_PTR(key), SSL_FILETYPE_PEM);
+  /* SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE); */
+
+  SSL* ssl =  SSL_new(ctx);
+  conn->ssl = ssl;
+
+  /* SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL); */
+
+  SSL_set_bio(ssl, conn->read, conn->write);
+
+  SSL_set_accept_state(ssl);
+  return obj;
+}
+
+VALUE engine_init_client(VALUE klass) {
+  VALUE obj;
+  ms_conn* conn = engine_alloc(klass, &obj);
+
+  conn->ctx = SSL_CTX_new(DTLSv1_method());
+  conn->ssl = SSL_new(conn->ctx);
+  SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL);
+
+  SSL_set_bio(conn->ssl, conn->read, conn->write);
+
+  SSL_set_connect_state(conn->ssl);
+  return obj;
+}
+
+VALUE engine_inject(VALUE self, VALUE str) {
+  ms_conn* conn;
+  long used;
+
+  Data_Get_Struct(self, ms_conn, conn);
+
+  StringValue(str);
+
+  used = BIO_write(conn->read, RSTRING_PTR(str), RSTRING_LEN(str));
+
+  if(used == 0 || used == -1) {
+    return Qfalse;
+  }
+
+  return INT2FIX(used);
+}
+
+static VALUE eError;
+
+void raise_error(SSL* ssl, int result) {
+  int error = SSL_get_error(ssl, result);
+  char* msg = ERR_error_string(error, NULL);
+
+  ERR_clear_error();
+  rb_raise(eError, "OpenSSL error: %s - %d", msg, error);
+}
+
+VALUE engine_read(VALUE self) {
+  ms_conn* conn;
+  char buf[512];
+  int bytes, n;
+
+  Data_Get_Struct(self, ms_conn, conn);
+
+  bytes = SSL_read(conn->ssl, (void*)buf, sizeof(buf));
+
+  if(bytes > 0) {
+    return rb_str_new(buf, bytes);
+  }
+
+  if(SSL_want_read(conn->ssl)) return Qnil;
+
+  if(SSL_get_error(conn->ssl, bytes) == SSL_ERROR_ZERO_RETURN) {
+    rb_eof_error();
+  }
+
+  raise_error(conn->ssl, bytes);
+
+  return Qnil;
+}
+
+VALUE engine_write(VALUE self, VALUE str) {
+  ms_conn* conn;
+  char buf[512];
+  int bytes;
+
+  Data_Get_Struct(self, ms_conn, conn);
+
+  StringValue(str);
+
+  bytes = SSL_write(conn->ssl, (void*)RSTRING_PTR(str), RSTRING_LEN(str));
+  if(bytes > 0) {
+    return INT2FIX(bytes);
+  }
+
+  if(SSL_want_write(conn->ssl)) return Qnil;
+
+  raise_error(conn->ssl, bytes);
+
+  return Qnil;
+}
+
+VALUE engine_extract(VALUE self) {
+  ms_conn* conn;
+  int bytes;
+  size_t pending;
+  char buf[512];
+
+  Data_Get_Struct(self, ms_conn, conn);
+
+  pending = BIO_pending(conn->write);
+  if(pending > 0) {
+    bytes = BIO_read(conn->write, buf, sizeof(buf));
+    if(bytes > 0) {
+      return rb_str_new(buf, bytes);
+    } else if(!BIO_should_retry(conn->write)) {
+      raise_error(conn->ssl, bytes);
+    }
+  }
+
+  return Qnil;
+}
+
+void Init_mini_ssl(VALUE puma) {
+  SSL_library_init();
+  OpenSSL_add_ssl_algorithms();
+  SSL_load_error_strings();
+  ERR_load_crypto_strings();
+  
+  VALUE mod = rb_define_module_under(puma, "MiniSSL");
+  VALUE eng = rb_define_class_under(mod, "Engine", rb_cObject);
+
+  eError = rb_define_class_under(mod, "SSLError", rb_eStandardError);
+
+  rb_define_singleton_method(eng, "server", engine_init_server, 2);
+  rb_define_singleton_method(eng, "client", engine_init_client, 0);
+
+  rb_define_method(eng, "inject", engine_inject, 1);
+  rb_define_method(eng, "read",  engine_read, 0);
+
+  rb_define_method(eng, "write",  engine_write, 1);
+  rb_define_method(eng, "extract", engine_extract, 0);
+}