yahns 1.17.0 → 1.18.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.document +2 -0
- data/.olddoc.yml +8 -0
- data/Documentation/yahns_config.pod +5 -5
- data/GIT-VERSION-FILE +1 -1
- data/GIT-VERSION-GEN +3 -3
- data/NEWS +14 -0
- data/Rakefile +24 -1
- data/examples/https_proxy_pass.conf.rb +36 -0
- data/examples/proxy_pass.ru +11 -0
- data/extras/proxy_pass.rb +5 -4
- data/extras/try_gzip_static.rb +4 -1
- data/lib/yahns/proxy_pass.rb +67 -15
- data/lib/yahns/queue_epoll.rb +4 -0
- data/lib/yahns/server.rb +12 -8
- data/lib/yahns/server_mp.rb +2 -1
- data/lib/yahns/version.rb +1 -1
- data/lib/yahns/worker.rb +2 -2
- data/lib/yahns.rb +10 -7
- data/man/yahns_config.5 +34 -30
- data/test/helper.rb +1 -1
- data/yahns.gemspec +3 -3
- metadata +8 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: '0318100b814550d192110790944b552f4aba4a79e363f7a932c7a86c21335728'
|
4
|
+
data.tar.gz: b8af746d6ffe65df3121b06fa42effa8b29ff9c1b206c67daabfbe8774e47bf7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cfcf4ef901f640e40c5343f33505eddae6ab32bc95a08c7225cb239cfff08b33266b737497481467588f9e8be70e88f4c2f4fa95d64312c02d19d813a3877bec
|
7
|
+
data.tar.gz: f21048f67209face645bef2a0f9018382b79aa93abd9d780ec05095a6557252ce1bc129e72fb04d74cd61c60caa75f64e7d147cc73297fad4c66394329b35125
|
data/.document
ADDED
data/.olddoc.yml
ADDED
@@ -0,0 +1,8 @@
|
|
1
|
+
---
|
2
|
+
cgit_url: https://yhbt.net/yahns.git
|
3
|
+
git_url: https://yhbt.net/yahns.git
|
4
|
+
rdoc_url: https://yhbt.net/yahns/
|
5
|
+
ml_url: https://yhbt.net/yahns-public/
|
6
|
+
public_email: yahns-public@yhbt.net
|
7
|
+
nntp_url:
|
8
|
+
- nntp://news.public-inbox.org/inbox.comp.lang.ruby.yahns
|
@@ -436,22 +436,22 @@ An example which seems to work is:
|
|
436
436
|
require 'openssl'
|
437
437
|
ssl_ctx = OpenSSL::SSL::SSLContext.new
|
438
438
|
ssl_ctx.cert = OpenSSL::X509::Certificate.new(
|
439
|
-
|
439
|
+
File.read('/etc/ssl/certs/example.crt')
|
440
440
|
)
|
441
441
|
ssl_ctx.extra_chain_cert = [
|
442
442
|
OpenSSL::X509::Certificate.new(
|
443
|
-
|
443
|
+
File.read('/etc/ssl/certs/chain.crt')
|
444
444
|
)
|
445
445
|
]
|
446
446
|
ssl_ctx.key = OpenSSL::PKey::RSA.new(
|
447
|
-
|
447
|
+
File.read('/etc/ssl/private/example.key')
|
448
448
|
)
|
449
449
|
|
450
450
|
# use defaults provided by Ruby on top of OpenSSL,
|
451
|
-
# but disable client certificate verification as it is rare:
|
451
|
+
# but disable client certificate verification as it is rare for servers:
|
452
452
|
ssl_ctx.set_params(verify_mode: OpenSSL::SSL::VERIFY_NONE)
|
453
453
|
|
454
|
-
# Built-in session cache (only
|
454
|
+
# Built-in session cache (only useful if worker_processes is nil or 1)
|
455
455
|
ssl_ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_SERVER
|
456
456
|
|
457
457
|
app(:rack, "/path/to/my/app/config.ru") do
|
data/GIT-VERSION-FILE
CHANGED
@@ -1 +1 @@
|
|
1
|
-
VERSION = 1.
|
1
|
+
VERSION = 1.18.0
|
data/GIT-VERSION-GEN
CHANGED
@@ -1,11 +1,11 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
|
-
# Copyright (C)
|
3
|
-
# License: GPL-3.0+
|
2
|
+
# Copyright (C) all contributors <yahns-public@yhbt.net>
|
3
|
+
# License: GPL-3.0+ <https://www.gnu.org/licenses/gpl-3.0.txt>
|
4
4
|
# frozen_string_literal: true
|
5
5
|
CONSTANT = "Yahns::VERSION"
|
6
6
|
RVF = "lib/yahns/version.rb"
|
7
7
|
GVF = "GIT-VERSION-FILE"
|
8
|
-
DEF_VER = "v1.
|
8
|
+
DEF_VER = "v1.18.0"
|
9
9
|
vn = DEF_VER.dup
|
10
10
|
|
11
11
|
# First see if there is a version file (included in release tarballs),
|
data/NEWS
CHANGED
@@ -1,3 +1,17 @@
|
|
1
|
+
yahns 1.18.0 / 2021-10-09
|
2
|
+
-------------------------
|
3
|
+
|
4
|
+
8 changes since 1.17.0 (2019-04-22):
|
5
|
+
|
6
|
+
worker: workaround old F_SETPIPE_SZ bug
|
7
|
+
doc: favor File.read over IO.read to ease review
|
8
|
+
proxy_pass: document as a public API
|
9
|
+
doc: include Yahns/ directory on website
|
10
|
+
extras/try_gzip_static: set "Vary: Accept-Encoding" on gzip
|
11
|
+
do not sleep if signals are pending
|
12
|
+
server: workaround Linux v5.5..v5.13 epoll bug
|
13
|
+
gemspec: allow unicorn 6.x
|
14
|
+
|
1
15
|
yahns 1.17.0 - Earth Day release / 2019-04-22
|
2
16
|
---------------------------------------------
|
3
17
|
|
data/Rakefile
CHANGED
@@ -3,7 +3,24 @@
|
|
3
3
|
require 'tempfile'
|
4
4
|
include Rake::DSL
|
5
5
|
|
6
|
-
|
6
|
+
apidoc = {
|
7
|
+
'doc/Yahns.html' => 'lib/yahns.rb',
|
8
|
+
'doc/Yahns/ProxyPass.html' => 'lib/yahns/proxy_pass.rb'
|
9
|
+
}
|
10
|
+
|
11
|
+
task apidoc.keys[0] => apidoc.values do
|
12
|
+
rdoc = ENV['rdoc'] || 'rdoc'
|
13
|
+
system("git", "set-file-times", *(apidoc.values))
|
14
|
+
sh "#{rdoc} -f dark216" # dark216 requires olddoc 1.7+
|
15
|
+
|
16
|
+
apidoc.each do |dst, src|
|
17
|
+
src = File.stat(src)
|
18
|
+
File.utime(src.atime, src.mtime, dst)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
gendocs = %W(NEWS NEWS.atom.xml #{apidoc.keys[0]})
|
23
|
+
task html: apidoc.keys[0]
|
7
24
|
task rsync_docs: gendocs do
|
8
25
|
dest = ENV["RSYNC_DEST"] || "yhbt.net:/srv/yhbt/yahns/"
|
9
26
|
top = %w(INSTALL HACKING README COPYING)
|
@@ -28,6 +45,7 @@ task rsync_docs: gendocs do
|
|
28
45
|
files = `git ls-files Documentation/*.txt`.split(/\n/)
|
29
46
|
files.concat(top)
|
30
47
|
files.concat(gendocs)
|
48
|
+
files.concat(%w(doc/Yahns.html))
|
31
49
|
files.concat(%w(yahns yahns-rackup yahns_config).map! { |x|
|
32
50
|
"Documentation/#{x}.txt"
|
33
51
|
})
|
@@ -41,6 +59,11 @@ task rsync_docs: gendocs do
|
|
41
59
|
examples.concat(gzex)
|
42
60
|
|
43
61
|
sh("rsync --chmod=Fugo=r -av #{examples.join(' ')} #{dest}/examples/")
|
62
|
+
|
63
|
+
rdoc = apidoc.keys.grep(%r{\Adoc/Yahns/})
|
64
|
+
gzex = rdoc.map { |txt| do_gzip.call(txt) }
|
65
|
+
examples.concat(gzex)
|
66
|
+
sh("rsync --chmod=Fugo=r -av #{rdoc.join(' ')} #{dest}/Yahns/")
|
44
67
|
end
|
45
68
|
|
46
69
|
def tags
|
@@ -0,0 +1,36 @@
|
|
1
|
+
# To the extent possible under law, Eric Wong has waived all copyright and
|
2
|
+
# related or neighboring rights to this example.
|
3
|
+
#
|
4
|
+
# See examples/proxy_pass.ru for the complementary rackup file
|
5
|
+
# <https://yhbt.net/yahns.git/tree/examples/proxy_pass.ru>
|
6
|
+
|
7
|
+
# Setup an OpenSSL context:
|
8
|
+
require 'openssl'
|
9
|
+
ssl_ctx = OpenSSL::SSL::SSLContext.new
|
10
|
+
ssl_ctx.cert = OpenSSL::X509::Certificate.new(
|
11
|
+
File.read('/etc/ssl/certs/example.crt')
|
12
|
+
)
|
13
|
+
ssl_ctx.extra_chain_cert = [
|
14
|
+
OpenSSL::X509::Certificate.new(
|
15
|
+
File.read('/etc/ssl/certs/chain.crt')
|
16
|
+
)
|
17
|
+
]
|
18
|
+
ssl_ctx.key = OpenSSL::PKey::RSA.new(
|
19
|
+
File.read('/etc/ssl/private/example.key')
|
20
|
+
)
|
21
|
+
|
22
|
+
# use defaults provided by Ruby on top of OpenSSL,
|
23
|
+
# but disable client certificate verification as it is rare for servers:
|
24
|
+
ssl_ctx.set_params(verify_mode: OpenSSL::SSL::VERIFY_NONE)
|
25
|
+
|
26
|
+
# Built-in session cache (only useful if worker_processes is nil or 1)
|
27
|
+
ssl_ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_SERVER
|
28
|
+
|
29
|
+
worker_processes 1
|
30
|
+
app(:rack, "/path/to/proxy_pass.ru", preload: true) do
|
31
|
+
listen 443, ssl_ctx: ssl_ctx
|
32
|
+
listen '[::]:443', ipv6only: true, ssl_ctx: ssl_ctx
|
33
|
+
end
|
34
|
+
|
35
|
+
stdout_path "/path/to/my_logs/out.log"
|
36
|
+
stderr_path "/path/to/my_logs/err.log"
|
@@ -0,0 +1,11 @@
|
|
1
|
+
# To the extent possible under law, Eric Wong has waived all copyright and
|
2
|
+
# related or neighboring rights to this example.
|
3
|
+
#
|
4
|
+
# See examples/https_proxy_pass.conf.rb for the complementary rackup file
|
5
|
+
# <https://yhbt.net/yahns.git/tree/examples/https_proxy_pass.conf.rb>
|
6
|
+
|
7
|
+
# optionally, intercept static requests with Rack::Static middleware:
|
8
|
+
# use Rack::Static, root: '/path/to/public', gzip: true
|
9
|
+
|
10
|
+
require 'yahns/proxy_pass'
|
11
|
+
run Yahns::ProxyPass.new('http://127.0.0.1:6081')
|
data/extras/proxy_pass.rb
CHANGED
@@ -10,12 +10,13 @@ require 'rack/request'
|
|
10
10
|
require 'thread'
|
11
11
|
require 'timeout'
|
12
12
|
|
13
|
-
# Totally synchronous and Rack 1.1-compatible
|
14
|
-
#
|
15
|
-
# in yahns. yahns may have to
|
13
|
+
# Totally synchronous and Rack 1.1-compatible. See Yahns::ProxyPass for
|
14
|
+
# the rewritten version which takes advantage of rack.hijack and uses
|
15
|
+
# the internal non-blocking I/O facilities in yahns. yahns may have to
|
16
|
+
# grow a supported API for that...
|
17
|
+
#
|
16
18
|
# For now, we this blocks a worker thread; fortunately threads are reasonably
|
17
19
|
# cheap on GNU/Linux...
|
18
|
-
# This is totally untested but currently doesn't serve anything important.
|
19
20
|
class ProxyPass # :nodoc:
|
20
21
|
class ConnPool
|
21
22
|
def initialize
|
data/extras/try_gzip_static.rb
CHANGED
@@ -79,7 +79,10 @@ class TryGzipStatic
|
|
79
79
|
"Accept-Ranges" => "bytes",
|
80
80
|
}
|
81
81
|
h["Cache-Control"] = "no-transform" unless mime =~ %r{\Atext\/}
|
82
|
-
|
82
|
+
if gz_st
|
83
|
+
h["Content-Encoding"] = "gzip"
|
84
|
+
h["Vary"] = "Accept-Encoding"
|
85
|
+
end
|
83
86
|
h
|
84
87
|
end
|
85
88
|
|
data/lib/yahns/proxy_pass.rb
CHANGED
@@ -1,24 +1,76 @@
|
|
1
1
|
# -*- encoding: binary -*-
|
2
|
-
# Copyright (C) 2013-
|
3
|
-
# License: GPL-3.0+
|
2
|
+
# Copyright (C) 2013-2019 all contributors <yahns-public@yhbt.net>
|
3
|
+
# License: GPL-3.0+ <https://www.gnu.org/licenses/gpl-3.0.txt>
|
4
4
|
# frozen_string_literal: true
|
5
5
|
require 'socket'
|
6
6
|
require 'rack/request'
|
7
|
-
require 'timeout'
|
8
|
-
|
9
|
-
# XXX consider this file and the proxy-related stuff in yahns
|
10
|
-
# unstable and experimental! It has never been documented and
|
11
|
-
# incompatible changes may still happen.
|
12
|
-
#
|
13
|
-
# However, it seems to be proxying for our mail archives well enough:
|
14
|
-
# https://yhbt.net/yahns-public/
|
7
|
+
require 'timeout' # only for Timeout::Error
|
15
8
|
require_relative 'proxy_http_response'
|
16
9
|
require_relative 'req_res'
|
17
10
|
|
18
|
-
|
19
|
-
|
11
|
+
# Yahns::ProxyPass is a Rack (hijack) app which allows yahns to
|
12
|
+
# act as a fully-buffering reverse proxy to protect backends
|
13
|
+
# from slow HTTP clients.
|
14
|
+
#
|
15
|
+
# Yahns::ProxyPass relies on the default behavior of yahns to do
|
16
|
+
# full input and output buffering. Output buffering is lazy,
|
17
|
+
# meaning it allows streaming output in the best case and
|
18
|
+
# will only buffer if the client cannot keep up with the server.
|
19
|
+
#
|
20
|
+
# The goal of this reverse proxy is to act as a sponge on the same LAN
|
21
|
+
# or host to any backend HTTP server not optimized for slow clients.
|
22
|
+
# Yahns::ProxyPass accomplishes this by handling all the slow clients
|
23
|
+
# internally within yahns itself to minimize time spent in the backend
|
24
|
+
# HTTP server waiting on slow clients.
|
25
|
+
#
|
26
|
+
# It does not do load balancing (we rely on Varnish for that).
|
27
|
+
# Here is the exact config we use with Varnish, which uses
|
28
|
+
# the +:response_headers+ option to hide some Varnish headers
|
29
|
+
# from clients:
|
30
|
+
#
|
31
|
+
# run Yahns::ProxyPass.new('http://127.0.0.1:6081',
|
32
|
+
# response_headers: {
|
33
|
+
# 'Age' => :ignore,
|
34
|
+
# 'X-Varnish' => :ignore,
|
35
|
+
# 'Via' => :ignore
|
36
|
+
# })
|
37
|
+
#
|
38
|
+
# This is NOT a generic Rack app and must be run with yahns.
|
39
|
+
# It uses +rack.hijack+, so compatibility with logging
|
40
|
+
# middlewares (e.g. Rack::CommonLogger) is not great and
|
41
|
+
# timing information gets lost.
|
42
|
+
#
|
43
|
+
# This provides HTTPS termination for our mail archives:
|
44
|
+
# https://yhbt.net/yahns-public/
|
45
|
+
#
|
46
|
+
# See https://yhbt.net/yahns.git/tree/examples/https_proxy_pass.conf.rb
|
47
|
+
# and https://yhbt.net/yahns.git/tree/examples/proxy_pass.ru for examples
|
48
|
+
class Yahns::ProxyPass
|
49
|
+
attr_reader :proxy_buffering, :response_headers # :nodoc:
|
20
50
|
|
21
|
-
|
51
|
+
# +dest+ must be an HTTP URL with optional variables prefixed with '$'.
|
52
|
+
# +dest+ may refer to the path to a Unix domain socket in the form:
|
53
|
+
#
|
54
|
+
# unix:/absolute/path/to/socket
|
55
|
+
#
|
56
|
+
# Variables which may be used in the +dest+ parameter include:
|
57
|
+
#
|
58
|
+
# - $url - the entire URL used to make the request
|
59
|
+
# - $path - the unescaped PATH_INFO of the HTTP request
|
60
|
+
# - $fullpath - $path with QUERY_STRING
|
61
|
+
# - $host - the hostname in the Host: header
|
62
|
+
#
|
63
|
+
# For Unix domain sockets, variables may be separated from the
|
64
|
+
# socket path via: ":/". For example:
|
65
|
+
#
|
66
|
+
# unix:/absolute/path/to/socket:/$host/$fullpath
|
67
|
+
#
|
68
|
+
# Currently :response_headers is the only +opts+ supported.
|
69
|
+
# :response_headers is a Hash containing a "from => to" mapping
|
70
|
+
# of response headers. The special value of +:ignore+ indicates
|
71
|
+
# the header from the backend HTTP server will be ignored instead
|
72
|
+
# of being blindly passed on to the client.
|
73
|
+
def initialize(dest, opts = { response_headers: { 'Server' => :ignore } })
|
22
74
|
case dest
|
23
75
|
when %r{\Aunix:([^:]+)(?::(/.*))?\z}
|
24
76
|
path = $2
|
@@ -41,7 +93,7 @@ class Yahns::ProxyPass # :nodoc:
|
|
41
93
|
init_path_vars(path)
|
42
94
|
end
|
43
95
|
|
44
|
-
def init_path_vars(path)
|
96
|
+
def init_path_vars(path) # :nodoc:
|
45
97
|
path ||= '$fullpath'
|
46
98
|
# methods from Rack::Request we want:
|
47
99
|
allow = %w(fullpath host_with_port host port url path)
|
@@ -54,7 +106,7 @@ class Yahns::ProxyPass # :nodoc:
|
|
54
106
|
@path = path.gsub(%r{\A/(\$(?:fullpath|path))}, '\1')
|
55
107
|
end
|
56
108
|
|
57
|
-
def call(env)
|
109
|
+
def call(env) # :nodoc:
|
58
110
|
# 3-way handshake for TCP backends while we generate the request header
|
59
111
|
rr = Yahns::ReqRes.start(@sockaddr)
|
60
112
|
c = env['rack.hijack'].call # Yahns::HttpClient#call
|
data/lib/yahns/queue_epoll.rb
CHANGED
@@ -32,6 +32,10 @@ class Yahns::Queue < SleepyPenguin::Epoll::IO # :nodoc:
|
|
32
32
|
epoll_ctl(Epoll::CTL_MOD, io, flags)
|
33
33
|
end
|
34
34
|
|
35
|
+
def queue_del(io)
|
36
|
+
epoll_ctl(Epoll::CTL_DEL, io, 0)
|
37
|
+
end
|
38
|
+
|
35
39
|
def thr_init
|
36
40
|
Thread.current[:yahns_rbuf] = ''.dup
|
37
41
|
Thread.current[:yahns_fdmap] = @fdmap
|
data/lib/yahns/server.rb
CHANGED
@@ -438,25 +438,28 @@ class Yahns::Server # :nodoc:
|
|
438
438
|
# This just injects the QueueQuitter object which acts like a
|
439
439
|
# monkey wrench thrown into a perfectly good engine :)
|
440
440
|
def quit_finish
|
441
|
-
|
441
|
+
# we must not let quitters get GC-ed if we have any worker threads leftover
|
442
|
+
@quitter = Yahns::QueueQuitter.new
|
442
443
|
|
443
444
|
# throw the monkey wrench into the worker threads
|
444
|
-
@queues.each { |q| q.queue_add(quitter, Yahns::Queue::QEV_QUIT) }
|
445
|
+
@queues.each { |q| q.queue_add(@quitter, Yahns::Queue::QEV_QUIT) }
|
445
446
|
|
446
447
|
# watch the monkey wrench destroy all the threads!
|
447
448
|
# Ugh, this may fail if we have dedicated threads trickling
|
448
449
|
# response bodies out (e.g. "tail -F") Oh well, have a timeout
|
449
450
|
begin
|
450
451
|
@wthr.delete_if { |t| t.join(0.01) }
|
452
|
+
# Workaround Linux 5.5+ bug (fixed in 5.13+)
|
453
|
+
# https://yhbt.net/lore/lkml/20210405231025.33829-1-dave@stgolabs.net/
|
454
|
+
@wthr[0] && @queues[0].respond_to?(:queue_del) and @queues.each do |q|
|
455
|
+
q.queue_del(@quitter)
|
456
|
+
q.queue_add(@quitter, Yahns::Queue::QEV_QUIT)
|
457
|
+
end
|
451
458
|
end while @wthr[0] && Yahns.now <= @shutdown_expire
|
452
459
|
|
453
460
|
# cleanup, our job is done
|
454
461
|
@queues.each(&:close).clear
|
455
|
-
|
456
|
-
# we must not let quitter get GC-ed if we have any worker threads leftover
|
457
|
-
@quitter = quitter
|
458
|
-
|
459
|
-
quitter.close
|
462
|
+
@quitter.close # keep object around in case @wthr isn't empty
|
460
463
|
rescue => e
|
461
464
|
Yahns::Log.exception(@logger, "quit finish", e)
|
462
465
|
ensure
|
@@ -476,7 +479,8 @@ class Yahns::Server # :nodoc:
|
|
476
479
|
end
|
477
480
|
|
478
481
|
def sp_sig_handle(alive)
|
479
|
-
@
|
482
|
+
tout = alive ? (@sig_queue.empty? ? nil : 0) : 0.01
|
483
|
+
@sev.wait_readable(tout)
|
480
484
|
@sev.yahns_step
|
481
485
|
case sig = @sig_queue.shift
|
482
486
|
when :QUIT, :TERM, :INT
|
data/lib/yahns/server_mp.rb
CHANGED
@@ -157,7 +157,8 @@ module Yahns::ServerMP # :nodoc:
|
|
157
157
|
def mp_sig_handle(watch, alive)
|
158
158
|
# not performance critical
|
159
159
|
watch.delete_if { |io| io.to_io.closed? }
|
160
|
-
|
160
|
+
tout = alive ? (@sig_queue.empty? ? nil : 0) : 0.01
|
161
|
+
if r = select(watch, nil, nil, tout)
|
161
162
|
r[0].each(&:yahns_step)
|
162
163
|
end
|
163
164
|
case @sig_queue.shift
|
data/lib/yahns/version.rb
CHANGED
@@ -1 +1 @@
|
|
1
|
-
Yahns::VERSION = '1.
|
1
|
+
Yahns::VERSION = '1.18.0'.freeze # :nodoc:
|
data/lib/yahns/worker.rb
CHANGED
@@ -14,8 +14,8 @@ class Yahns::Worker # :nodoc:
|
|
14
14
|
# F_SETPIPE_SZ = 1031, PAGE_SIZE = 4096
|
15
15
|
# (fcntl will handle minimum size on platforms where PAGE_SIZE > 4096)
|
16
16
|
@to_io.fcntl(1031, 4096)
|
17
|
-
rescue
|
18
|
-
# old kernel
|
17
|
+
rescue SystemCallError
|
18
|
+
# old kernel (EINVAL, EPERM)
|
19
19
|
end if RUBY_PLATFORM =~ /\blinux\b/
|
20
20
|
end
|
21
21
|
|
data/lib/yahns.rb
CHANGED
@@ -1,5 +1,5 @@
|
|
1
|
-
# Copyright (C) 2013-
|
2
|
-
# License: GPL-3.0+
|
1
|
+
# Copyright (C) 2013-2019 all contributors <yahns-public@yhbt.net>
|
2
|
+
# License: GPL-3.0+ <https://www.gnu.org/licenses/gpl-3.0.txt>
|
3
3
|
# frozen_string_literal: true
|
4
4
|
$stdout.sync = $stderr.sync = true
|
5
5
|
|
@@ -16,12 +16,15 @@ require 'io/wait'
|
|
16
16
|
Unicorn.__send__(:remove_const, sym) if Unicorn.const_defined?(sym)
|
17
17
|
end
|
18
18
|
|
19
|
-
# yahns exposes
|
20
|
-
# See https://yhbt.net/yahns
|
21
|
-
# for the config documentation
|
19
|
+
# yahns exposes little user-visible API outside of the config file.
|
20
|
+
# See https://yhbt.net/yahns/yahns_config.txt
|
21
|
+
# for the config documentation (or yahns_config(5) manpage)
|
22
22
|
# and https://yhbt.net/yahns.git/about/ for the homepage.
|
23
|
-
#
|
24
|
-
|
23
|
+
#
|
24
|
+
# Yahns::ProxyPass is currently the only public API.
|
25
|
+
#
|
26
|
+
# Documented APIs and options are supported forever,
|
27
|
+
# internals are subject to change.
|
25
28
|
module Yahns
|
26
29
|
# :stopdoc:
|
27
30
|
# We populate this at startup so we can figure out how to reexecute
|
data/man/yahns_config.5
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
.\" Automatically generated by Pod::Man 4.
|
1
|
+
.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
|
2
2
|
.\"
|
3
3
|
.\" Standard preamble:
|
4
4
|
.\" ========================================================================
|
@@ -54,16 +54,20 @@
|
|
54
54
|
.\" Avoid warning from groff about undefined register 'F'.
|
55
55
|
.de IX
|
56
56
|
..
|
57
|
-
.
|
58
|
-
.if \
|
59
|
-
.
|
60
|
-
.
|
57
|
+
.nr rF 0
|
58
|
+
.if \n(.g .if rF .nr rF 1
|
59
|
+
.if (\n(rF:(\n(.g==0)) \{\
|
60
|
+
. if \nF \{\
|
61
|
+
. de IX
|
62
|
+
. tm Index:\\$1\t\\n%\t"\\$2"
|
61
63
|
..
|
62
|
-
.
|
63
|
-
.
|
64
|
-
.
|
64
|
+
. if !\nF==2 \{\
|
65
|
+
. nr % 0
|
66
|
+
. nr F 2
|
67
|
+
. \}
|
65
68
|
. \}
|
66
69
|
.\}
|
70
|
+
.rr rF
|
67
71
|
.\"
|
68
72
|
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
|
69
73
|
.\" Fear. Run. Save yourself. No user-serviceable parts.
|
@@ -129,7 +133,7 @@
|
|
129
133
|
.\" ========================================================================
|
130
134
|
.\"
|
131
135
|
.IX Title "YAHNS_CONFIG 5"
|
132
|
-
.TH YAHNS_CONFIG 5 "1994-10-02" "yahns 1.
|
136
|
+
.TH YAHNS_CONFIG 5 "1994-10-02" "yahns 1.17.0.5.g4e5f" "yahns user manual"
|
133
137
|
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
|
134
138
|
.\" way too many mistakes in technical documents.
|
135
139
|
.if n .ad l
|
@@ -170,7 +174,7 @@ For Rack \s-1HTTP\s0 applications, see \*(L"\s-1RACK APP ARGUMENTS\*(R"\s0 for m
|
|
170
174
|
information.
|
171
175
|
.IP "before_exec &BLOCK" 4
|
172
176
|
.IX Item "before_exec &BLOCK"
|
173
|
-
This runs &BLOCK before Kernel#exec (\
|
177
|
+
This runs &BLOCK before Kernel#exec (\fBexecve\fR\|(2) wrapper). The command
|
174
178
|
array to be passed to Kernel#exec may be modified within this hook:
|
175
179
|
.Sp
|
176
180
|
.Vb 3
|
@@ -283,7 +287,7 @@ Default: / if daemonized, current working directory if not
|
|
283
287
|
.IP "max_events \s-1INTEGER\s0" 4
|
284
288
|
.IX Item "max_events INTEGER"
|
285
289
|
This controls the number of events a worker thread will fetch at
|
286
|
-
once via \
|
290
|
+
once via \fBepoll_wait\fR\|(2) or \fBkevent\fR\|(2).
|
287
291
|
There is no good reason to change this
|
288
292
|
unless you use very few (e.g. 1) worker_threads. Leaving this at
|
289
293
|
1 will give the fairest load balancing behavior with epoll or kqueue.
|
@@ -328,7 +332,7 @@ Default: false
|
|
328
332
|
This controls the maximum size of a request body before it is
|
329
333
|
buffered to the filesystem (instead of memory). This has no effect
|
330
334
|
if input_buffering is false. This also governs the size of an
|
331
|
-
individual \
|
335
|
+
individual \fBread\fR\|(2) system call when reading a request body.
|
332
336
|
.Sp
|
333
337
|
There is generally no need to change this value and this directive
|
334
338
|
may be removed in the future.
|
@@ -336,7 +340,7 @@ may be removed in the future.
|
|
336
340
|
Default: 8192 bytes (8 kilobytes)
|
337
341
|
.IP "client_header_buffer_size \s-1INTEGER\s0" 4
|
338
342
|
.IX Item "client_header_buffer_size INTEGER"
|
339
|
-
This controls the size of a single \
|
343
|
+
This controls the size of a single \fBread\fR\|(2) syscall for reading
|
340
344
|
client request headers. Increase this as needed if your application
|
341
345
|
uses large cookies or long URLs. Lowering this may reduce \s-1GC\s0 and
|
342
346
|
memory allocator overhead.
|
@@ -459,12 +463,12 @@ this means Unix domain sockets must not be placed in /tmp
|
|
459
463
|
The following \s-1OPTIONS\s0 may be specified (but are generally not needed):
|
460
464
|
.IP "backlog: \s-1INTEGER\s0" 4
|
461
465
|
.IX Item "backlog: INTEGER"
|
462
|
-
This is the backlog of the \
|
466
|
+
This is the backlog of the \fBlisten\fR\|(2) syscall.
|
463
467
|
.Sp
|
464
468
|
Some operating systems allow negative values here to specify the
|
465
469
|
maximum allowable value. In most cases, this number is only
|
466
470
|
recommendation and there are other OS-specific tunables and
|
467
|
-
variables that can affect this number. See the \
|
471
|
+
variables that can affect this number. See the \fBlisten\fR\|(2)
|
468
472
|
syscall documentation of your \s-1OS\s0 for the exact semantics of
|
469
473
|
this.
|
470
474
|
.Sp
|
@@ -491,7 +495,7 @@ Default: Operating-system dependent
|
|
491
495
|
Maximum receive and send buffer sizes (in bytes) of sockets.
|
492
496
|
.Sp
|
493
497
|
These correspond to the \s-1SO_RCVBUF\s0 and \s-1SO_SNDBUF\s0 settings which
|
494
|
-
can be set via the \
|
498
|
+
can be set via the \fBsetsockopt\fR\|(2) syscall. Some kernels
|
495
499
|
(e.g. Linux 2.4+) have intelligent auto-tuning mechanisms and
|
496
500
|
there is no need (and it is sometimes detrimental) to specify them.
|
497
501
|
.Sp
|
@@ -507,8 +511,8 @@ This enables multiple, independently-started yahns instances to
|
|
507
511
|
bind to the same port (as long as all the processes enable this).
|
508
512
|
.Sp
|
509
513
|
This option must be used when yahns first binds the listen socket.
|
510
|
-
It cannot be enabled when a socket is inherited via \s-1SIGUSR2
|
511
|
-
|
514
|
+
It cannot be enabled when a socket is inherited via \s-1SIGUSR2\s0
|
515
|
+
(but it will remain on if inherited), and it cannot be enabled
|
512
516
|
directly via \s-1SIGHUP.\s0
|
513
517
|
.Sp
|
514
518
|
Note: there is a chance of connections being dropped if
|
@@ -535,22 +539,22 @@ An example which seems to work is:
|
|
535
539
|
\& require \*(Aqopenssl\*(Aq
|
536
540
|
\& ssl_ctx = OpenSSL::SSL::SSLContext.new
|
537
541
|
\& ssl_ctx.cert = OpenSSL::X509::Certificate.new(
|
538
|
-
\&
|
542
|
+
\& File.read(\*(Aq/etc/ssl/certs/example.crt\*(Aq)
|
539
543
|
\& )
|
540
544
|
\& ssl_ctx.extra_chain_cert = [
|
541
545
|
\& OpenSSL::X509::Certificate.new(
|
542
|
-
\&
|
546
|
+
\& File.read(\*(Aq/etc/ssl/certs/chain.crt\*(Aq)
|
543
547
|
\& )
|
544
548
|
\& ]
|
545
549
|
\& ssl_ctx.key = OpenSSL::PKey::RSA.new(
|
546
|
-
\&
|
550
|
+
\& File.read(\*(Aq/etc/ssl/private/example.key\*(Aq)
|
547
551
|
\& )
|
548
552
|
\&
|
549
553
|
\& # use defaults provided by Ruby on top of OpenSSL,
|
550
|
-
\& # but disable client certificate verification as it is rare:
|
554
|
+
\& # but disable client certificate verification as it is rare for servers:
|
551
555
|
\& ssl_ctx.set_params(verify_mode: OpenSSL::SSL::VERIFY_NONE)
|
552
556
|
\&
|
553
|
-
\& # Built\-in session cache (only
|
557
|
+
\& # Built\-in session cache (only useful if worker_processes is nil or 1)
|
554
558
|
\& ssl_ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_SERVER
|
555
559
|
\&
|
556
560
|
\& app(:rack, "/path/to/my/app/config.ru") do
|
@@ -672,7 +676,7 @@ here means yahns will enable yahns to use a master/worker process
|
|
672
676
|
model instead of a single process.
|
673
677
|
.Sp
|
674
678
|
If an optional &BLOCK is given, it may be used to configure
|
675
|
-
\&\
|
679
|
+
\&\fBpthread_atfork\fR\|(3)\-style hooks.
|
676
680
|
See \*(L"\s-1WORKER_PROCESSES\-LEVEL DIRECTIVES\*(R"\s0 for details.
|
677
681
|
.Sp
|
678
682
|
Using worker_processes is strongly recommended if your application
|
@@ -688,7 +692,7 @@ Note: all of the atfork_* hooks described here are available inside the
|
|
688
692
|
\&\*(L"app\*(R" blocks, too.
|
689
693
|
.IP "atfork_prepare &BLOCK" 4
|
690
694
|
.IX Item "atfork_prepare &BLOCK"
|
691
|
-
This &BLOCK is executed in the parent before \
|
695
|
+
This &BLOCK is executed in the parent before \fBfork\fR\|(2) operation.
|
692
696
|
This may be useful for app directives which specify \*(L"preload: true\*(R"
|
693
697
|
to disconnect from databases or otherwise close open file descriptors
|
694
698
|
to prevent them from being shared with the children.
|
@@ -696,12 +700,12 @@ to prevent them from being shared with the children.
|
|
696
700
|
Default: none
|
697
701
|
.IP "atfork_parent &BLOCK" 4
|
698
702
|
.IX Item "atfork_parent &BLOCK"
|
699
|
-
This &BLOCK is executed in the parent after the \
|
703
|
+
This &BLOCK is executed in the parent after the \fBfork\fR\|(2) operation.
|
700
704
|
.Sp
|
701
705
|
Default: none
|
702
706
|
.IP "atfork_child &BLOCK" 4
|
703
707
|
.IX Item "atfork_child &BLOCK"
|
704
|
-
This &BLOCK is executed in the child after the \
|
708
|
+
This &BLOCK is executed in the child after the \fBfork\fR\|(2) operation.
|
705
709
|
.Sp
|
706
710
|
This may be useful for app directives which specify \*(L"preload: true\*(R"
|
707
711
|
to reconnect to databases or reopen closed file descriptors which
|
@@ -710,7 +714,7 @@ were closed in the atfork_prepare hook.
|
|
710
714
|
Default: none
|
711
715
|
.SH "RACK APP ARGUMENTS"
|
712
716
|
.IX Header "RACK APP ARGUMENTS"
|
713
|
-
Rack applications take a \s-1PATHNAME\s0 to the \
|
717
|
+
Rack applications take a \s-1PATHNAME\s0 to the \fBrackup\fR\|(1) config file
|
714
718
|
(e.g. \*(L"config.ru\*(R") as its first argument.
|
715
719
|
.PP
|
716
720
|
The only supported keyword argument is:
|
@@ -743,7 +747,7 @@ Mail archives are available at <https://yhbt.net/yahns\-public/>
|
|
743
747
|
.SH "COPYRIGHT"
|
744
748
|
.IX Header "COPYRIGHT"
|
745
749
|
Copyright (C) 2013\-2016 all contributors <mailto:yahns\-public@yhbt.net>
|
746
|
-
License: \s-1GPL\-3.0
|
750
|
+
License: \s-1GPL\-3.0+\s0 <https://www.gnu.org/licenses/gpl\-3.0.txt>
|
747
751
|
.SH "SEE ALSO"
|
748
752
|
.IX Header "SEE ALSO"
|
749
|
-
\&\
|
753
|
+
\&\fByahns\fR\|(1)
|
data/test/helper.rb
CHANGED
@@ -158,7 +158,7 @@ def skip_skb_mem
|
|
158
158
|
[ [ '/proc/sys/net/ipv4/tcp_rmem', "4096 87380 6291456\n" ],
|
159
159
|
[ '/proc/sys/net/ipv4/tcp_wmem', "4096 16384 4194304\n" ]
|
160
160
|
].each do |file, expect|
|
161
|
-
val =
|
161
|
+
val = File.read(file)
|
162
162
|
val == expect or skip "#{file} had: #{val}expected: #{expect}"
|
163
163
|
end
|
164
164
|
end
|
data/yahns.gemspec
CHANGED
@@ -1,5 +1,5 @@
|
|
1
|
-
# Copyright (C)
|
2
|
-
# License: GPL-3.0+
|
1
|
+
# Copyright (C) all contributors <yahns-public@yhbt.net>
|
2
|
+
# License: GPL-3.0+ <https://www.gnu.org/licenses/gpl-3.0.txt>
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
manifest = File.read('.gem-manifest').split(/\n/)
|
5
5
|
s.name = %q{yahns}
|
@@ -15,7 +15,7 @@ Gem::Specification.new do |s|
|
|
15
15
|
|
16
16
|
s.add_dependency(%q<kgio>, '~> 2.9')
|
17
17
|
s.add_dependency(%q<sleepy_penguin>, '~> 3.2')
|
18
|
-
s.add_dependency(%q<unicorn>, '>= 4.6.3', '<
|
18
|
+
s.add_dependency(%q<unicorn>, '>= 4.6.3', '< 7.0')
|
19
19
|
# s.add_dependency(%q<kgio-sendfile>, '~> 1.2') # optional
|
20
20
|
|
21
21
|
# minitest is standard in Ruby 2.0, 4.3 is packaged with Ruby 2.0.0,
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: yahns
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.18.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- yahns hackers
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-10-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: kgio
|
@@ -47,7 +47,7 @@ dependencies:
|
|
47
47
|
version: 4.6.3
|
48
48
|
- - "<"
|
49
49
|
- !ruby/object:Gem::Version
|
50
|
-
version: '
|
50
|
+
version: '7.0'
|
51
51
|
type: :runtime
|
52
52
|
prerelease: false
|
53
53
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -57,7 +57,7 @@ dependencies:
|
|
57
57
|
version: 4.6.3
|
58
58
|
- - "<"
|
59
59
|
- !ruby/object:Gem::Version
|
60
|
-
version: '
|
60
|
+
version: '7.0'
|
61
61
|
- !ruby/object:Gem::Dependency
|
62
62
|
name: minitest
|
63
63
|
requirement: !ruby/object:Gem::Requirement
|
@@ -106,8 +106,10 @@ executables:
|
|
106
106
|
extensions: []
|
107
107
|
extra_rdoc_files: []
|
108
108
|
files:
|
109
|
+
- ".document"
|
109
110
|
- ".gitattributes"
|
110
111
|
- ".gitignore"
|
112
|
+
- ".olddoc.yml"
|
111
113
|
- COPYING
|
112
114
|
- Documentation/.gitignore
|
113
115
|
- Documentation/GNUmakefile
|
@@ -126,9 +128,11 @@ files:
|
|
126
128
|
- bin/yahns
|
127
129
|
- bin/yahns-rackup
|
128
130
|
- examples/README
|
131
|
+
- examples/https_proxy_pass.conf.rb
|
129
132
|
- examples/init.sh
|
130
133
|
- examples/logger_mp_safe.rb
|
131
134
|
- examples/logrotate.conf
|
135
|
+
- examples/proxy_pass.ru
|
132
136
|
- examples/yahns.socket
|
133
137
|
- examples/yahns@.service
|
134
138
|
- examples/yahns_multi.conf.rb
|