yahns 1.17.0 → 1.18.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 728a55c5f8af10a1f3dff8d71444a89d5cb5990ecc00613266c5f62405b5eec0
-  data.tar.gz: a7eff02b1cb3fea5470ef6232ee624a50e57a91ffcea234e31a1fcd829920c52
+  metadata.gz: '0318100b814550d192110790944b552f4aba4a79e363f7a932c7a86c21335728'
+  data.tar.gz: b8af746d6ffe65df3121b06fa42effa8b29ff9c1b206c67daabfbe8774e47bf7
 SHA512:
-  metadata.gz: cfa4b7b2842701c03611c666d85be9cf22c975d10e69d8f9642181b4241cc80919ef6a9e012996e34012f49bc0dad024a766bff0718278aed8957d4421fd953d
-  data.tar.gz: 965ed79f974891574b2cba0c31f44bc61160f4cbfb59488d528f38eca0e5e8198259447b2ca45fc5e4386d6216ed09f27c8a30bbd0fae753ebfbabb9f443fb49
+  metadata.gz: cfcf4ef901f640e40c5343f33505eddae6ab32bc95a08c7225cb239cfff08b33266b737497481467588f9e8be70e88f4c2f4fa95d64312c02d19d813a3877bec
+  data.tar.gz: f21048f67209face645bef2a0f9018382b79aa93abd9d780ec05095a6557252ce1bc129e72fb04d74cd61c60caa75f64e7d147cc73297fad4c66394329b35125

data/.document

@@ -0,0 +1,2 @@
+lib/yahns.rb
+lib/yahns/proxy_pass.rb

data/.olddoc.yml

@@ -0,0 +1,8 @@
+---
+cgit_url: https://yhbt.net/yahns.git
+git_url: https://yhbt.net/yahns.git
+rdoc_url: https://yhbt.net/yahns/
+ml_url: https://yhbt.net/yahns-public/
+public_email: yahns-public@yhbt.net
+nntp_url:
+  - nntp://news.public-inbox.org/inbox.comp.lang.ruby.yahns

data/Documentation/yahns_config.pod

@@ -436,22 +436,22 @@ An example which seems to work is:
   require 'openssl'
   ssl_ctx = OpenSSL::SSL::SSLContext.new
   ssl_ctx.cert = OpenSSL::X509::Certificate.new(
-    IO.read('/etc/ssl/certs/example.crt')
+    File.read('/etc/ssl/certs/example.crt')
   )
   ssl_ctx.extra_chain_cert = [
     OpenSSL::X509::Certificate.new(
-      IO.read('/etc/ssl/certs/chain.crt')
+      File.read('/etc/ssl/certs/chain.crt')
     )
   ]
   ssl_ctx.key = OpenSSL::PKey::RSA.new(
-    IO.read('/etc/ssl/private/example.key')
+    File.read('/etc/ssl/private/example.key')
   )
 
   # use defaults provided by Ruby on top of OpenSSL,
-  # but disable client certificate verification as it is rare:
+  # but disable client certificate verification as it is rare for servers:
   ssl_ctx.set_params(verify_mode: OpenSSL::SSL::VERIFY_NONE)
 
-  # Built-in session cache (only works if worker_processes is nil or 1)
+  # Built-in session cache (only useful if worker_processes is nil or 1)
   ssl_ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_SERVER
 
   app(:rack, "/path/to/my/app/config.ru") do

data/GIT-VERSION-FILE

@@ -1 +1 @@
-VERSION = 1.17.0
+VERSION = 1.18.0

data/GIT-VERSION-GEN

@@ -1,11 +1,11 @@
 #!/usr/bin/env ruby
-# Copyright (C) 2013-2019 all contributors <yahns-public@yhbt.net>
-# License: GPL-3.0+ (https://www.gnu.org/licenses/gpl-3.0.txt)
+# Copyright (C) all contributors <yahns-public@yhbt.net>
+# License: GPL-3.0+ <https://www.gnu.org/licenses/gpl-3.0.txt>
 # frozen_string_literal: true
 CONSTANT = "Yahns::VERSION"
 RVF = "lib/yahns/version.rb"
 GVF = "GIT-VERSION-FILE"
-DEF_VER = "v1.17.0"
+DEF_VER = "v1.18.0"
 vn = DEF_VER.dup
 
 # First see if there is a version file (included in release tarballs),

data/NEWS

@@ -1,3 +1,17 @@
+yahns 1.18.0 / 2021-10-09
+-------------------------
+
+8 changes since 1.17.0 (2019-04-22):
+
+      worker: workaround old F_SETPIPE_SZ bug
+      doc: favor File.read over IO.read to ease review
+      proxy_pass: document as a public API
+      doc: include Yahns/ directory on website
+      extras/try_gzip_static: set "Vary: Accept-Encoding" on gzip
+      do not sleep if signals are pending
+      server: workaround Linux v5.5..v5.13 epoll bug
+      gemspec: allow unicorn 6.x
+
 yahns 1.17.0 - Earth Day release / 2019-04-22
 ---------------------------------------------
 

data/Rakefile

@@ -3,7 +3,24 @@
 require 'tempfile'
 include Rake::DSL
 
-gendocs = %w(NEWS NEWS.atom.xml)
+apidoc = {
+  'doc/Yahns.html' => 'lib/yahns.rb',
+  'doc/Yahns/ProxyPass.html' => 'lib/yahns/proxy_pass.rb'
+}
+
+task apidoc.keys[0] => apidoc.values do
+  rdoc = ENV['rdoc'] || 'rdoc'
+  system("git", "set-file-times", *(apidoc.values))
+  sh "#{rdoc} -f dark216" # dark216 requires olddoc 1.7+
+
+  apidoc.each do |dst, src|
+    src = File.stat(src)
+    File.utime(src.atime, src.mtime, dst)
+  end
+end
+
+gendocs = %W(NEWS NEWS.atom.xml #{apidoc.keys[0]})
+task html: apidoc.keys[0]
 task rsync_docs: gendocs do
   dest = ENV["RSYNC_DEST"] || "yhbt.net:/srv/yhbt/yahns/"
   top = %w(INSTALL HACKING README COPYING)
@@ -28,6 +45,7 @@ task rsync_docs: gendocs do
   files = `git ls-files Documentation/*.txt`.split(/\n/)
   files.concat(top)
   files.concat(gendocs)
+  files.concat(%w(doc/Yahns.html))
   files.concat(%w(yahns yahns-rackup yahns_config).map! { |x|
     "Documentation/#{x}.txt"
   })
@@ -41,6 +59,11 @@ task rsync_docs: gendocs do
   examples.concat(gzex)
 
   sh("rsync --chmod=Fugo=r -av #{examples.join(' ')} #{dest}/examples/")
+
+  rdoc = apidoc.keys.grep(%r{\Adoc/Yahns/})
+  gzex = rdoc.map { |txt| do_gzip.call(txt) }
+  examples.concat(gzex)
+  sh("rsync --chmod=Fugo=r -av #{rdoc.join(' ')} #{dest}/Yahns/")
 end
 
 def tags

data/examples/https_proxy_pass.conf.rb

@@ -0,0 +1,36 @@
+# To the extent possible under law, Eric Wong has waived all copyright and
+# related or neighboring rights to this example.
+#
+# See examples/proxy_pass.ru for the complementary rackup file
+# <https://yhbt.net/yahns.git/tree/examples/proxy_pass.ru>
+
+# Setup an OpenSSL context:
+require 'openssl'
+ssl_ctx = OpenSSL::SSL::SSLContext.new
+ssl_ctx.cert = OpenSSL::X509::Certificate.new(
+  File.read('/etc/ssl/certs/example.crt')
+)
+ssl_ctx.extra_chain_cert = [
+  OpenSSL::X509::Certificate.new(
+    File.read('/etc/ssl/certs/chain.crt')
+  )
+]
+ssl_ctx.key = OpenSSL::PKey::RSA.new(
+  File.read('/etc/ssl/private/example.key')
+)
+
+# use defaults provided by Ruby on top of OpenSSL,
+# but disable client certificate verification as it is rare for servers:
+ssl_ctx.set_params(verify_mode: OpenSSL::SSL::VERIFY_NONE)
+
+# Built-in session cache (only useful if worker_processes is nil or 1)
+ssl_ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_SERVER
+
+worker_processes 1
+app(:rack, "/path/to/proxy_pass.ru", preload: true) do
+  listen 443, ssl_ctx: ssl_ctx
+  listen '[::]:443', ipv6only: true, ssl_ctx: ssl_ctx
+end
+
+stdout_path "/path/to/my_logs/out.log"
+stderr_path "/path/to/my_logs/err.log"

data/examples/proxy_pass.ru

@@ -0,0 +1,11 @@
+# To the extent possible under law, Eric Wong has waived all copyright and
+# related or neighboring rights to this example.
+#
+# See examples/https_proxy_pass.conf.rb for the complementary rackup file
+# <https://yhbt.net/yahns.git/tree/examples/https_proxy_pass.conf.rb>
+
+# optionally, intercept static requests with Rack::Static middleware:
+# use Rack::Static, root: '/path/to/public', gzip: true
+
+require 'yahns/proxy_pass'
+run Yahns::ProxyPass.new('http://127.0.0.1:6081')

data/extras/proxy_pass.rb

@@ -10,12 +10,13 @@ require 'rack/request'
 require 'thread'
 require 'timeout'
 
-# Totally synchronous and Rack 1.1-compatible, this will probably be rewritten.
-# to take advantage of rack.hijack and use the non-blocking I/O facilities
-# in yahns.  yahns may have to grow a supported API for that...
+# Totally synchronous and Rack 1.1-compatible.  See Yahns::ProxyPass for
+# the rewritten version which takes advantage of rack.hijack and uses
+# the internal non-blocking I/O facilities in yahns.  yahns may have to
+# grow a supported API for that...
+#
 # For now, we this blocks a worker thread; fortunately threads are reasonably
 # cheap on GNU/Linux...
-# This is totally untested but currently doesn't serve anything important.
 class ProxyPass # :nodoc:
   class ConnPool
     def initialize

data/extras/try_gzip_static.rb

@@ -79,7 +79,10 @@ class TryGzipStatic
       "Accept-Ranges" => "bytes",
     }
     h["Cache-Control"] = "no-transform" unless mime =~ %r{\Atext\/}
-    h["Content-Encoding"] = "gzip" if gz_st
+    if gz_st
+      h["Content-Encoding"] = "gzip"
+      h["Vary"] = "Accept-Encoding"
+    end
     h
   end
 

data/lib/yahns/proxy_pass.rb

@@ -1,24 +1,76 @@
 # -*- encoding: binary -*-
-# Copyright (C) 2013-2016 all contributors <yahns-public@yhbt.net>
-# License: GPL-3.0+ (https://www.gnu.org/licenses/gpl-3.0.txt)
+# Copyright (C) 2013-2019 all contributors <yahns-public@yhbt.net>
+# License: GPL-3.0+ <https://www.gnu.org/licenses/gpl-3.0.txt>
 # frozen_string_literal: true
 require 'socket'
 require 'rack/request'
-require 'timeout'
-
-# XXX consider this file and the proxy-related stuff in yahns
-# unstable and experimental!  It has never been documented and
-# incompatible changes may still happen.
-#
-# However, it seems to be proxying for our mail archives well enough:
-# https://yhbt.net/yahns-public/
+require 'timeout' # only for Timeout::Error
 require_relative 'proxy_http_response'
 require_relative 'req_res'
 
-class Yahns::ProxyPass # :nodoc:
-  attr_reader :proxy_buffering, :response_headers
+# Yahns::ProxyPass is a Rack (hijack) app which allows yahns to
+# act as a fully-buffering reverse proxy to protect backends
+# from slow HTTP clients.
+#
+# Yahns::ProxyPass relies on the default behavior of yahns to do
+# full input and output buffering. Output buffering is lazy,
+# meaning it allows streaming output in the best case and
+# will only buffer if the client cannot keep up with the server.
+#
+# The goal of this reverse proxy is to act as a sponge on the same LAN
+# or host to any backend HTTP server not optimized for slow clients.
+# Yahns::ProxyPass accomplishes this by handling all the slow clients
+# internally within yahns itself to minimize time spent in the backend
+# HTTP server waiting on slow clients.
+#
+# It does not do load balancing (we rely on Varnish for that).
+# Here is the exact config we use with Varnish, which uses
+# the +:response_headers+ option to hide some Varnish headers
+# from clients:
+#
+#    run Yahns::ProxyPass.new('http://127.0.0.1:6081',
+#            response_headers: {
+#              'Age' => :ignore,
+#              'X-Varnish' => :ignore,
+#              'Via' => :ignore
+#            })
+#
+# This is NOT a generic Rack app and must be run with yahns.
+# It uses +rack.hijack+, so compatibility with logging
+# middlewares (e.g. Rack::CommonLogger) is not great and
+# timing information gets lost.
+#
+# This provides HTTPS termination for our mail archives:
+# https://yhbt.net/yahns-public/
+#
+# See https://yhbt.net/yahns.git/tree/examples/https_proxy_pass.conf.rb
+# and https://yhbt.net/yahns.git/tree/examples/proxy_pass.ru for examples
+class Yahns::ProxyPass
+  attr_reader :proxy_buffering, :response_headers # :nodoc:
 
-  def initialize(dest, opts = {})
+  # +dest+ must be an HTTP URL with optional variables prefixed with '$'.
+  # +dest+ may refer to the path to a Unix domain socket in the form:
+  #
+  #     unix:/absolute/path/to/socket
+  #
+  # Variables which may be used in the +dest+ parameter include:
+  #
+  # - $url - the entire URL used to make the request
+  # - $path - the unescaped PATH_INFO of the HTTP request
+  # - $fullpath - $path with QUERY_STRING
+  # - $host - the hostname in the Host: header
+  #
+  # For Unix domain sockets, variables may be separated from the
+  # socket path via: ":/".  For example:
+  #
+  #     unix:/absolute/path/to/socket:/$host/$fullpath
+  #
+  # Currently :response_headers is the only +opts+ supported.
+  # :response_headers is a Hash containing a "from => to" mapping
+  # of response headers.  The special value of +:ignore+ indicates
+  # the header from the backend HTTP server will be ignored instead
+  # of being blindly passed on to the client.
+  def initialize(dest, opts = { response_headers: { 'Server' => :ignore } })
     case dest
     when %r{\Aunix:([^:]+)(?::(/.*))?\z}
       path = $2
@@ -41,7 +93,7 @@ class Yahns::ProxyPass # :nodoc:
     init_path_vars(path)
   end
 
-  def init_path_vars(path)
+  def init_path_vars(path) # :nodoc:
     path ||= '$fullpath'
     # methods from Rack::Request we want:
     allow = %w(fullpath host_with_port host port url path)
@@ -54,7 +106,7 @@ class Yahns::ProxyPass # :nodoc:
     @path = path.gsub(%r{\A/(\$(?:fullpath|path))}, '\1')
   end
 
-  def call(env)
+  def call(env) # :nodoc:
     # 3-way handshake for TCP backends while we generate the request header
     rr = Yahns::ReqRes.start(@sockaddr)
     c = env['rack.hijack'].call # Yahns::HttpClient#call

data/lib/yahns/queue_epoll.rb

@@ -32,6 +32,10 @@ class Yahns::Queue < SleepyPenguin::Epoll::IO # :nodoc:
     epoll_ctl(Epoll::CTL_MOD, io, flags)
   end
 
+  def queue_del(io)
+    epoll_ctl(Epoll::CTL_DEL, io, 0)
+  end
+
   def thr_init
     Thread.current[:yahns_rbuf] = ''.dup
     Thread.current[:yahns_fdmap] = @fdmap

data/lib/yahns/server.rb

@@ -438,25 +438,28 @@ class Yahns::Server # :nodoc:
   # This just injects the QueueQuitter object which acts like a
   # monkey wrench thrown into a perfectly good engine :)
   def quit_finish
-    quitter = Yahns::QueueQuitter.new
+    # we must not let quitters get GC-ed if we have any worker threads leftover
+    @quitter = Yahns::QueueQuitter.new
 
     # throw the monkey wrench into the worker threads
-    @queues.each { |q| q.queue_add(quitter, Yahns::Queue::QEV_QUIT) }
+    @queues.each { |q| q.queue_add(@quitter, Yahns::Queue::QEV_QUIT) }
 
     # watch the monkey wrench destroy all the threads!
     # Ugh, this may fail if we have dedicated threads trickling
     # response bodies out (e.g. "tail -F")  Oh well, have a timeout
     begin
       @wthr.delete_if { |t| t.join(0.01) }
+      # Workaround Linux 5.5+ bug (fixed in 5.13+)
+      # https://yhbt.net/lore/lkml/20210405231025.33829-1-dave@stgolabs.net/
+      @wthr[0] && @queues[0].respond_to?(:queue_del) and @queues.each do |q|
+        q.queue_del(@quitter)
+        q.queue_add(@quitter, Yahns::Queue::QEV_QUIT)
+      end
     end while @wthr[0] && Yahns.now <= @shutdown_expire
 
     # cleanup, our job is done
     @queues.each(&:close).clear
-
-    # we must not let quitter get GC-ed if we have any worker threads leftover
-    @quitter = quitter
-
-    quitter.close
+    @quitter.close # keep object around in case @wthr isn't empty
   rescue => e
     Yahns::Log.exception(@logger, "quit finish", e)
   ensure
@@ -476,7 +479,8 @@ class Yahns::Server # :nodoc:
   end
 
   def sp_sig_handle(alive)
-    @sev.wait_readable(alive ? nil : 0.01)
+    tout = alive ? (@sig_queue.empty? ? nil : 0) : 0.01
+    @sev.wait_readable(tout)
     @sev.yahns_step
     case sig = @sig_queue.shift
     when :QUIT, :TERM, :INT

data/lib/yahns/server_mp.rb

@@ -157,7 +157,8 @@ module Yahns::ServerMP # :nodoc:
   def mp_sig_handle(watch, alive)
     # not performance critical
     watch.delete_if { |io| io.to_io.closed? }
-    if r = select(watch, nil, nil, alive ? nil : 0.1)
+    tout = alive ? (@sig_queue.empty? ? nil : 0) : 0.01
+    if r = select(watch, nil, nil, tout)
       r[0].each(&:yahns_step)
     end
     case @sig_queue.shift

data/lib/yahns/version.rb

@@ -1 +1 @@
-Yahns::VERSION = '1.17.0'.freeze # :nodoc:
+Yahns::VERSION = '1.18.0'.freeze # :nodoc:

data/lib/yahns/worker.rb

@@ -14,8 +14,8 @@ class Yahns::Worker # :nodoc:
       # F_SETPIPE_SZ = 1031, PAGE_SIZE = 4096
       # (fcntl will handle minimum size on platforms where PAGE_SIZE > 4096)
       @to_io.fcntl(1031, 4096)
-    rescue Errno::EINVAL
-      # old kernel
+    rescue SystemCallError
+      # old kernel (EINVAL, EPERM)
     end if RUBY_PLATFORM =~ /\blinux\b/
   end
 

data/lib/yahns.rb

@@ -1,5 +1,5 @@
-# Copyright (C) 2013-2016 all contributors <yahns-public@yhbt.net>
-# License: GPL-3.0+ (https://www.gnu.org/licenses/gpl-3.0.txt)
+# Copyright (C) 2013-2019 all contributors <yahns-public@yhbt.net>
+# License: GPL-3.0+ <https://www.gnu.org/licenses/gpl-3.0.txt>
 # frozen_string_literal: true
 $stdout.sync = $stderr.sync = true
 
@@ -16,12 +16,15 @@ require 'io/wait'
     Unicorn.__send__(:remove_const, sym) if Unicorn.const_defined?(sym)
 end
 
-# yahns exposes no user-visible API outside of the config file.
-# See https://yhbt.net/yahns.git/tree/examples/yahns_config.txt
-# for the config documentation
+# yahns exposes little user-visible API outside of the config file.
+# See https://yhbt.net/yahns/yahns_config.txt
+# for the config documentation (or yahns_config(5) manpage)
 # and https://yhbt.net/yahns.git/about/ for the homepage.
-# Internals are subject to change.
-
+#
+# Yahns::ProxyPass is currently the only public API.
+#
+# Documented APIs and options are supported forever,
+# internals are subject to change.
 module Yahns
   # :stopdoc:
   # We populate this at startup so we can figure out how to reexecute

data/man/yahns_config.5

@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.32)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "YAHNS_CONFIG 5"
-.TH YAHNS_CONFIG 5 "1994-10-02" "yahns 1.16.0.24.g39049" "yahns user manual"
+.TH YAHNS_CONFIG 5 "1994-10-02" "yahns 1.17.0.5.g4e5f" "yahns user manual"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -170,7 +174,7 @@ For Rack \s-1HTTP\s0 applications, see \*(L"\s-1RACK APP ARGUMENTS\*(R"\s0 for m
 information.
 .IP "before_exec &BLOCK" 4
 .IX Item "before_exec &BLOCK"
-This runs &BLOCK before Kernel#exec (\fIexecve\fR\|(2) wrapper).  The command
+This runs &BLOCK before Kernel#exec (\fBexecve\fR\|(2) wrapper).  The command
 array to be passed to Kernel#exec may be modified within this hook:
 .Sp
 .Vb 3
@@ -283,7 +287,7 @@ Default: / if daemonized, current working directory if not
 .IP "max_events \s-1INTEGER\s0" 4
 .IX Item "max_events INTEGER"
 This controls the number of events a worker thread will fetch at
-once via \fIepoll_wait\fR\|(2) or \fIkevent\fR\|(2).
+once via \fBepoll_wait\fR\|(2) or \fBkevent\fR\|(2).
 There is no good reason to change this
 unless you use very few (e.g. 1) worker_threads.  Leaving this at
 1 will give the fairest load balancing behavior with epoll or kqueue.
@@ -328,7 +332,7 @@ Default: false
 This controls the maximum size of a request body before it is
 buffered to the filesystem (instead of memory).  This has no effect
 if input_buffering is false.  This also governs the size of an
-individual \fIread\fR\|(2) system call when reading a request body.
+individual \fBread\fR\|(2) system call when reading a request body.
 .Sp
 There is generally no need to change this value and this directive
 may be removed in the future.
@@ -336,7 +340,7 @@ may be removed in the future.
 Default: 8192 bytes (8 kilobytes)
 .IP "client_header_buffer_size \s-1INTEGER\s0" 4
 .IX Item "client_header_buffer_size INTEGER"
-This controls the size of a single \fIread\fR\|(2) syscall for reading
+This controls the size of a single \fBread\fR\|(2) syscall for reading
 client request headers.  Increase this as needed if your application
 uses large cookies or long URLs.  Lowering this may reduce \s-1GC\s0 and
 memory allocator overhead.
@@ -459,12 +463,12 @@ this means Unix domain sockets must not be placed in /tmp
 The following \s-1OPTIONS\s0 may be specified (but are generally not needed):
 .IP "backlog: \s-1INTEGER\s0" 4
 .IX Item "backlog: INTEGER"
-This is the backlog of the \fIlisten\fR\|(2) syscall.
+This is the backlog of the \fBlisten\fR\|(2) syscall.
 .Sp
 Some operating systems allow negative values here to specify the
 maximum allowable value.  In most cases, this number is only
 recommendation and there are other OS-specific tunables and
-variables that can affect this number.  See the \fIlisten\fR\|(2)
+variables that can affect this number.  See the \fBlisten\fR\|(2)
 syscall documentation of your \s-1OS\s0 for the exact semantics of
 this.
 .Sp
@@ -491,7 +495,7 @@ Default: Operating-system dependent
 Maximum receive and send buffer sizes (in bytes) of sockets.
 .Sp
 These correspond to the \s-1SO_RCVBUF\s0 and \s-1SO_SNDBUF\s0 settings which
-can be set via the \fIsetsockopt\fR\|(2) syscall.  Some kernels
+can be set via the \fBsetsockopt\fR\|(2) syscall.  Some kernels
 (e.g. Linux 2.4+) have intelligent auto-tuning mechanisms and
 there is no need (and it is sometimes detrimental) to specify them.
 .Sp
@@ -507,8 +511,8 @@ This enables multiple, independently-started yahns instances to
 bind to the same port (as long as all the processes enable this).
 .Sp
 This option must be used when yahns first binds the listen socket.
-It cannot be enabled when a socket is inherited via \s-1SIGUSR2
-\&\s0(but it will remain on if inherited), and it cannot be enabled
+It cannot be enabled when a socket is inherited via \s-1SIGUSR2\s0
+(but it will remain on if inherited), and it cannot be enabled
 directly via \s-1SIGHUP.\s0
 .Sp
 Note: there is a chance of connections being dropped if
@@ -535,22 +539,22 @@ An example which seems to work is:
 \&  require \*(Aqopenssl\*(Aq
 \&  ssl_ctx = OpenSSL::SSL::SSLContext.new
 \&  ssl_ctx.cert = OpenSSL::X509::Certificate.new(
-\&    IO.read(\*(Aq/etc/ssl/certs/example.crt\*(Aq)
+\&    File.read(\*(Aq/etc/ssl/certs/example.crt\*(Aq)
 \&  )
 \&  ssl_ctx.extra_chain_cert = [
 \&    OpenSSL::X509::Certificate.new(
-\&      IO.read(\*(Aq/etc/ssl/certs/chain.crt\*(Aq)
+\&      File.read(\*(Aq/etc/ssl/certs/chain.crt\*(Aq)
 \&    )
 \&  ]
 \&  ssl_ctx.key = OpenSSL::PKey::RSA.new(
-\&    IO.read(\*(Aq/etc/ssl/private/example.key\*(Aq)
+\&    File.read(\*(Aq/etc/ssl/private/example.key\*(Aq)
 \&  )
 \&
 \&  # use defaults provided by Ruby on top of OpenSSL,
-\&  # but disable client certificate verification as it is rare:
+\&  # but disable client certificate verification as it is rare for servers:
 \&  ssl_ctx.set_params(verify_mode: OpenSSL::SSL::VERIFY_NONE)
 \&
-\&  # Built\-in session cache (only works if worker_processes is nil or 1)
+\&  # Built\-in session cache (only useful if worker_processes is nil or 1)
 \&  ssl_ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_SERVER
 \&
 \&  app(:rack, "/path/to/my/app/config.ru") do
@@ -672,7 +676,7 @@ here means yahns will enable yahns to use a master/worker process
 model instead of a single process.
 .Sp
 If an optional &BLOCK is given, it may be used to configure
-\&\fIpthread_atfork\fR\|(3)\-style hooks.
+\&\fBpthread_atfork\fR\|(3)\-style hooks.
 See \*(L"\s-1WORKER_PROCESSES\-LEVEL DIRECTIVES\*(R"\s0 for details.
 .Sp
 Using worker_processes is strongly recommended if your application
@@ -688,7 +692,7 @@ Note: all of the atfork_* hooks described here are available inside the
 \&\*(L"app\*(R" blocks, too.
 .IP "atfork_prepare &BLOCK" 4
 .IX Item "atfork_prepare &BLOCK"
-This &BLOCK is executed in the parent before \fIfork\fR\|(2) operation.
+This &BLOCK is executed in the parent before \fBfork\fR\|(2) operation.
 This may be useful for app directives which specify \*(L"preload: true\*(R"
 to disconnect from databases or otherwise close open file descriptors
 to prevent them from being shared with the children.
@@ -696,12 +700,12 @@ to prevent them from being shared with the children.
 Default: none
 .IP "atfork_parent &BLOCK" 4
 .IX Item "atfork_parent &BLOCK"
-This &BLOCK is executed in the parent after the \fIfork\fR\|(2) operation.
+This &BLOCK is executed in the parent after the \fBfork\fR\|(2) operation.
 .Sp
 Default: none
 .IP "atfork_child &BLOCK" 4
 .IX Item "atfork_child &BLOCK"
-This &BLOCK is executed in the child after the \fIfork\fR\|(2) operation.
+This &BLOCK is executed in the child after the \fBfork\fR\|(2) operation.
 .Sp
 This may be useful for app directives which specify \*(L"preload: true\*(R"
 to reconnect to databases or reopen closed file descriptors which
@@ -710,7 +714,7 @@ were closed in the atfork_prepare hook.
 Default: none
 .SH "RACK APP ARGUMENTS"
 .IX Header "RACK APP ARGUMENTS"
-Rack applications take a \s-1PATHNAME\s0 to the \fIrackup\fR\|(1) config file
+Rack applications take a \s-1PATHNAME\s0 to the \fBrackup\fR\|(1) config file
 (e.g.  \*(L"config.ru\*(R") as its first argument.
 .PP
 The only supported keyword argument is:
@@ -743,7 +747,7 @@ Mail archives are available at <https://yhbt.net/yahns\-public/>
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
 Copyright (C) 2013\-2016 all contributors <mailto:yahns\-public@yhbt.net>
-License: \s-1GPL\-3.0+ \s0<https://www.gnu.org/licenses/gpl\-3.0.txt>
+License: \s-1GPL\-3.0+\s0 <https://www.gnu.org/licenses/gpl\-3.0.txt>
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIyahns\fR\|(1)
+\&\fByahns\fR\|(1)

data/test/helper.rb

@@ -158,7 +158,7 @@ def skip_skb_mem
   [ [ '/proc/sys/net/ipv4/tcp_rmem', "4096	87380	6291456\n" ],
     [ '/proc/sys/net/ipv4/tcp_wmem', "4096	16384	4194304\n" ]
   ].each do |file, expect|
-    val = IO.read(file)
+    val = File.read(file)
     val == expect or skip "#{file} had: #{val}expected: #{expect}"
   end
 end

data/yahns.gemspec

@@ -1,5 +1,5 @@
-# Copyright (C) 2013-2016 all contributors <yahns-public@yhbt.net>
-# License: GPL-3.0+ (https://www.gnu.org/licenses/gpl-3.0.txt)
+# Copyright (C) all contributors <yahns-public@yhbt.net>
+# License: GPL-3.0+ <https://www.gnu.org/licenses/gpl-3.0.txt>
 Gem::Specification.new do |s|
   manifest = File.read('.gem-manifest').split(/\n/)
   s.name = %q{yahns}
@@ -15,7 +15,7 @@ Gem::Specification.new do |s|
 
   s.add_dependency(%q<kgio>, '~> 2.9')
   s.add_dependency(%q<sleepy_penguin>, '~> 3.2')
-  s.add_dependency(%q<unicorn>, '>= 4.6.3', '< 6.0')
+  s.add_dependency(%q<unicorn>, '>= 4.6.3', '< 7.0')
   # s.add_dependency(%q<kgio-sendfile>, '~> 1.2') # optional
 
   # minitest is standard in Ruby 2.0, 4.3 is packaged with Ruby 2.0.0,

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: yahns
 version: !ruby/object:Gem::Version
-  version: 1.17.0
+  version: 1.18.0
 platform: ruby
 authors:
 - yahns hackers
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-04-22 00:00:00.000000000 Z
+date: 2021-10-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: kgio
@@ -47,7 +47,7 @@ dependencies:
         version: 4.6.3
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '7.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -57,7 +57,7 @@ dependencies:
         version: 4.6.3
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '7.0'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -106,8 +106,10 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".document"
 - ".gitattributes"
 - ".gitignore"
+- ".olddoc.yml"
 - COPYING
 - Documentation/.gitignore
 - Documentation/GNUmakefile
@@ -126,9 +128,11 @@ files:
 - bin/yahns
 - bin/yahns-rackup
 - examples/README
+- examples/https_proxy_pass.conf.rb
 - examples/init.sh
 - examples/logger_mp_safe.rb
 - examples/logrotate.conf
+- examples/proxy_pass.ru
 - examples/yahns.socket
 - examples/yahns@.service
 - examples/yahns_multi.conf.rb