yahns 1.17.0 → 1.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.document +2 -0
- data/.olddoc.yml +8 -0
- data/Documentation/yahns_config.pod +5 -5
- data/GIT-VERSION-FILE +1 -1
- data/GIT-VERSION-GEN +3 -3
- data/NEWS +14 -0
- data/Rakefile +24 -1
- data/examples/https_proxy_pass.conf.rb +36 -0
- data/examples/proxy_pass.ru +11 -0
- data/extras/proxy_pass.rb +5 -4
- data/extras/try_gzip_static.rb +4 -1
- data/lib/yahns/proxy_pass.rb +67 -15
- data/lib/yahns/queue_epoll.rb +4 -0
- data/lib/yahns/server.rb +12 -8
- data/lib/yahns/server_mp.rb +2 -1
- data/lib/yahns/version.rb +1 -1
- data/lib/yahns/worker.rb +2 -2
- data/lib/yahns.rb +10 -7
- data/man/yahns_config.5 +34 -30
- data/test/helper.rb +1 -1
- data/yahns.gemspec +3 -3
- metadata +8 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: '0318100b814550d192110790944b552f4aba4a79e363f7a932c7a86c21335728'
|
4
|
+
data.tar.gz: b8af746d6ffe65df3121b06fa42effa8b29ff9c1b206c67daabfbe8774e47bf7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cfcf4ef901f640e40c5343f33505eddae6ab32bc95a08c7225cb239cfff08b33266b737497481467588f9e8be70e88f4c2f4fa95d64312c02d19d813a3877bec
|
7
|
+
data.tar.gz: f21048f67209face645bef2a0f9018382b79aa93abd9d780ec05095a6557252ce1bc129e72fb04d74cd61c60caa75f64e7d147cc73297fad4c66394329b35125
|
data/.document
ADDED
data/.olddoc.yml
ADDED
@@ -0,0 +1,8 @@
|
|
1
|
+
---
|
2
|
+
cgit_url: https://yhbt.net/yahns.git
|
3
|
+
git_url: https://yhbt.net/yahns.git
|
4
|
+
rdoc_url: https://yhbt.net/yahns/
|
5
|
+
ml_url: https://yhbt.net/yahns-public/
|
6
|
+
public_email: yahns-public@yhbt.net
|
7
|
+
nntp_url:
|
8
|
+
- nntp://news.public-inbox.org/inbox.comp.lang.ruby.yahns
|
@@ -436,22 +436,22 @@ An example which seems to work is:
|
|
436
436
|
require 'openssl'
|
437
437
|
ssl_ctx = OpenSSL::SSL::SSLContext.new
|
438
438
|
ssl_ctx.cert = OpenSSL::X509::Certificate.new(
|
439
|
-
|
439
|
+
File.read('/etc/ssl/certs/example.crt')
|
440
440
|
)
|
441
441
|
ssl_ctx.extra_chain_cert = [
|
442
442
|
OpenSSL::X509::Certificate.new(
|
443
|
-
|
443
|
+
File.read('/etc/ssl/certs/chain.crt')
|
444
444
|
)
|
445
445
|
]
|
446
446
|
ssl_ctx.key = OpenSSL::PKey::RSA.new(
|
447
|
-
|
447
|
+
File.read('/etc/ssl/private/example.key')
|
448
448
|
)
|
449
449
|
|
450
450
|
# use defaults provided by Ruby on top of OpenSSL,
|
451
|
-
# but disable client certificate verification as it is rare:
|
451
|
+
# but disable client certificate verification as it is rare for servers:
|
452
452
|
ssl_ctx.set_params(verify_mode: OpenSSL::SSL::VERIFY_NONE)
|
453
453
|
|
454
|
-
# Built-in session cache (only
|
454
|
+
# Built-in session cache (only useful if worker_processes is nil or 1)
|
455
455
|
ssl_ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_SERVER
|
456
456
|
|
457
457
|
app(:rack, "/path/to/my/app/config.ru") do
|
data/GIT-VERSION-FILE
CHANGED
@@ -1 +1 @@
|
|
1
|
-
VERSION = 1.
|
1
|
+
VERSION = 1.18.0
|
data/GIT-VERSION-GEN
CHANGED
@@ -1,11 +1,11 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
|
-
# Copyright (C)
|
3
|
-
# License: GPL-3.0+
|
2
|
+
# Copyright (C) all contributors <yahns-public@yhbt.net>
|
3
|
+
# License: GPL-3.0+ <https://www.gnu.org/licenses/gpl-3.0.txt>
|
4
4
|
# frozen_string_literal: true
|
5
5
|
CONSTANT = "Yahns::VERSION"
|
6
6
|
RVF = "lib/yahns/version.rb"
|
7
7
|
GVF = "GIT-VERSION-FILE"
|
8
|
-
DEF_VER = "v1.
|
8
|
+
DEF_VER = "v1.18.0"
|
9
9
|
vn = DEF_VER.dup
|
10
10
|
|
11
11
|
# First see if there is a version file (included in release tarballs),
|
data/NEWS
CHANGED
@@ -1,3 +1,17 @@
|
|
1
|
+
yahns 1.18.0 / 2021-10-09
|
2
|
+
-------------------------
|
3
|
+
|
4
|
+
8 changes since 1.17.0 (2019-04-22):
|
5
|
+
|
6
|
+
worker: workaround old F_SETPIPE_SZ bug
|
7
|
+
doc: favor File.read over IO.read to ease review
|
8
|
+
proxy_pass: document as a public API
|
9
|
+
doc: include Yahns/ directory on website
|
10
|
+
extras/try_gzip_static: set "Vary: Accept-Encoding" on gzip
|
11
|
+
do not sleep if signals are pending
|
12
|
+
server: workaround Linux v5.5..v5.13 epoll bug
|
13
|
+
gemspec: allow unicorn 6.x
|
14
|
+
|
1
15
|
yahns 1.17.0 - Earth Day release / 2019-04-22
|
2
16
|
---------------------------------------------
|
3
17
|
|
data/Rakefile
CHANGED
@@ -3,7 +3,24 @@
|
|
3
3
|
require 'tempfile'
|
4
4
|
include Rake::DSL
|
5
5
|
|
6
|
-
|
6
|
+
apidoc = {
|
7
|
+
'doc/Yahns.html' => 'lib/yahns.rb',
|
8
|
+
'doc/Yahns/ProxyPass.html' => 'lib/yahns/proxy_pass.rb'
|
9
|
+
}
|
10
|
+
|
11
|
+
task apidoc.keys[0] => apidoc.values do
|
12
|
+
rdoc = ENV['rdoc'] || 'rdoc'
|
13
|
+
system("git", "set-file-times", *(apidoc.values))
|
14
|
+
sh "#{rdoc} -f dark216" # dark216 requires olddoc 1.7+
|
15
|
+
|
16
|
+
apidoc.each do |dst, src|
|
17
|
+
src = File.stat(src)
|
18
|
+
File.utime(src.atime, src.mtime, dst)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
gendocs = %W(NEWS NEWS.atom.xml #{apidoc.keys[0]})
|
23
|
+
task html: apidoc.keys[0]
|
7
24
|
task rsync_docs: gendocs do
|
8
25
|
dest = ENV["RSYNC_DEST"] || "yhbt.net:/srv/yhbt/yahns/"
|
9
26
|
top = %w(INSTALL HACKING README COPYING)
|
@@ -28,6 +45,7 @@ task rsync_docs: gendocs do
|
|
28
45
|
files = `git ls-files Documentation/*.txt`.split(/\n/)
|
29
46
|
files.concat(top)
|
30
47
|
files.concat(gendocs)
|
48
|
+
files.concat(%w(doc/Yahns.html))
|
31
49
|
files.concat(%w(yahns yahns-rackup yahns_config).map! { |x|
|
32
50
|
"Documentation/#{x}.txt"
|
33
51
|
})
|
@@ -41,6 +59,11 @@ task rsync_docs: gendocs do
|
|
41
59
|
examples.concat(gzex)
|
42
60
|
|
43
61
|
sh("rsync --chmod=Fugo=r -av #{examples.join(' ')} #{dest}/examples/")
|
62
|
+
|
63
|
+
rdoc = apidoc.keys.grep(%r{\Adoc/Yahns/})
|
64
|
+
gzex = rdoc.map { |txt| do_gzip.call(txt) }
|
65
|
+
examples.concat(gzex)
|
66
|
+
sh("rsync --chmod=Fugo=r -av #{rdoc.join(' ')} #{dest}/Yahns/")
|
44
67
|
end
|
45
68
|
|
46
69
|
def tags
|
@@ -0,0 +1,36 @@
|
|
1
|
+
# To the extent possible under law, Eric Wong has waived all copyright and
|
2
|
+
# related or neighboring rights to this example.
|
3
|
+
#
|
4
|
+
# See examples/proxy_pass.ru for the complementary rackup file
|
5
|
+
# <https://yhbt.net/yahns.git/tree/examples/proxy_pass.ru>
|
6
|
+
|
7
|
+
# Setup an OpenSSL context:
|
8
|
+
require 'openssl'
|
9
|
+
ssl_ctx = OpenSSL::SSL::SSLContext.new
|
10
|
+
ssl_ctx.cert = OpenSSL::X509::Certificate.new(
|
11
|
+
File.read('/etc/ssl/certs/example.crt')
|
12
|
+
)
|
13
|
+
ssl_ctx.extra_chain_cert = [
|
14
|
+
OpenSSL::X509::Certificate.new(
|
15
|
+
File.read('/etc/ssl/certs/chain.crt')
|
16
|
+
)
|
17
|
+
]
|
18
|
+
ssl_ctx.key = OpenSSL::PKey::RSA.new(
|
19
|
+
File.read('/etc/ssl/private/example.key')
|
20
|
+
)
|
21
|
+
|
22
|
+
# use defaults provided by Ruby on top of OpenSSL,
|
23
|
+
# but disable client certificate verification as it is rare for servers:
|
24
|
+
ssl_ctx.set_params(verify_mode: OpenSSL::SSL::VERIFY_NONE)
|
25
|
+
|
26
|
+
# Built-in session cache (only useful if worker_processes is nil or 1)
|
27
|
+
ssl_ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_SERVER
|
28
|
+
|
29
|
+
worker_processes 1
|
30
|
+
app(:rack, "/path/to/proxy_pass.ru", preload: true) do
|
31
|
+
listen 443, ssl_ctx: ssl_ctx
|
32
|
+
listen '[::]:443', ipv6only: true, ssl_ctx: ssl_ctx
|
33
|
+
end
|
34
|
+
|
35
|
+
stdout_path "/path/to/my_logs/out.log"
|
36
|
+
stderr_path "/path/to/my_logs/err.log"
|
@@ -0,0 +1,11 @@
|
|
1
|
+
# To the extent possible under law, Eric Wong has waived all copyright and
|
2
|
+
# related or neighboring rights to this example.
|
3
|
+
#
|
4
|
+
# See examples/https_proxy_pass.conf.rb for the complementary rackup file
|
5
|
+
# <https://yhbt.net/yahns.git/tree/examples/https_proxy_pass.conf.rb>
|
6
|
+
|
7
|
+
# optionally, intercept static requests with Rack::Static middleware:
|
8
|
+
# use Rack::Static, root: '/path/to/public', gzip: true
|
9
|
+
|
10
|
+
require 'yahns/proxy_pass'
|
11
|
+
run Yahns::ProxyPass.new('http://127.0.0.1:6081')
|
data/extras/proxy_pass.rb
CHANGED
@@ -10,12 +10,13 @@ require 'rack/request'
|
|
10
10
|
require 'thread'
|
11
11
|
require 'timeout'
|
12
12
|
|
13
|
-
# Totally synchronous and Rack 1.1-compatible
|
14
|
-
#
|
15
|
-
# in yahns. yahns may have to
|
13
|
+
# Totally synchronous and Rack 1.1-compatible. See Yahns::ProxyPass for
|
14
|
+
# the rewritten version which takes advantage of rack.hijack and uses
|
15
|
+
# the internal non-blocking I/O facilities in yahns. yahns may have to
|
16
|
+
# grow a supported API for that...
|
17
|
+
#
|
16
18
|
# For now, we this blocks a worker thread; fortunately threads are reasonably
|
17
19
|
# cheap on GNU/Linux...
|
18
|
-
# This is totally untested but currently doesn't serve anything important.
|
19
20
|
class ProxyPass # :nodoc:
|
20
21
|
class ConnPool
|
21
22
|
def initialize
|
data/extras/try_gzip_static.rb
CHANGED
@@ -79,7 +79,10 @@ class TryGzipStatic
|
|
79
79
|
"Accept-Ranges" => "bytes",
|
80
80
|
}
|
81
81
|
h["Cache-Control"] = "no-transform" unless mime =~ %r{\Atext\/}
|
82
|
-
|
82
|
+
if gz_st
|
83
|
+
h["Content-Encoding"] = "gzip"
|
84
|
+
h["Vary"] = "Accept-Encoding"
|
85
|
+
end
|
83
86
|
h
|
84
87
|
end
|
85
88
|
|
data/lib/yahns/proxy_pass.rb
CHANGED
@@ -1,24 +1,76 @@
|
|
1
1
|
# -*- encoding: binary -*-
|
2
|
-
# Copyright (C) 2013-
|
3
|
-
# License: GPL-3.0+
|
2
|
+
# Copyright (C) 2013-2019 all contributors <yahns-public@yhbt.net>
|
3
|
+
# License: GPL-3.0+ <https://www.gnu.org/licenses/gpl-3.0.txt>
|
4
4
|
# frozen_string_literal: true
|
5
5
|
require 'socket'
|
6
6
|
require 'rack/request'
|
7
|
-
require 'timeout'
|
8
|
-
|
9
|
-
# XXX consider this file and the proxy-related stuff in yahns
|
10
|
-
# unstable and experimental! It has never been documented and
|
11
|
-
# incompatible changes may still happen.
|
12
|
-
#
|
13
|
-
# However, it seems to be proxying for our mail archives well enough:
|
14
|
-
# https://yhbt.net/yahns-public/
|
7
|
+
require 'timeout' # only for Timeout::Error
|
15
8
|
require_relative 'proxy_http_response'
|
16
9
|
require_relative 'req_res'
|
17
10
|
|
18
|
-
|
19
|
-
|
11
|
+
# Yahns::ProxyPass is a Rack (hijack) app which allows yahns to
|
12
|
+
# act as a fully-buffering reverse proxy to protect backends
|
13
|
+
# from slow HTTP clients.
|
14
|
+
#
|
15
|
+
# Yahns::ProxyPass relies on the default behavior of yahns to do
|
16
|
+
# full input and output buffering. Output buffering is lazy,
|
17
|
+
# meaning it allows streaming output in the best case and
|
18
|
+
# will only buffer if the client cannot keep up with the server.
|
19
|
+
#
|
20
|
+
# The goal of this reverse proxy is to act as a sponge on the same LAN
|
21
|
+
# or host to any backend HTTP server not optimized for slow clients.
|
22
|
+
# Yahns::ProxyPass accomplishes this by handling all the slow clients
|
23
|
+
# internally within yahns itself to minimize time spent in the backend
|
24
|
+
# HTTP server waiting on slow clients.
|
25
|
+
#
|
26
|
+
# It does not do load balancing (we rely on Varnish for that).
|
27
|
+
# Here is the exact config we use with Varnish, which uses
|
28
|
+
# the +:response_headers+ option to hide some Varnish headers
|
29
|
+
# from clients:
|
30
|
+
#
|
31
|
+
# run Yahns::ProxyPass.new('http://127.0.0.1:6081',
|
32
|
+
# response_headers: {
|
33
|
+
# 'Age' => :ignore,
|
34
|
+
# 'X-Varnish' => :ignore,
|
35
|
+
# 'Via' => :ignore
|
36
|
+
# })
|
37
|
+
#
|
38
|
+
# This is NOT a generic Rack app and must be run with yahns.
|
39
|
+
# It uses +rack.hijack+, so compatibility with logging
|
40
|
+
# middlewares (e.g. Rack::CommonLogger) is not great and
|
41
|
+
# timing information gets lost.
|
42
|
+
#
|
43
|
+
# This provides HTTPS termination for our mail archives:
|
44
|
+
# https://yhbt.net/yahns-public/
|
45
|
+
#
|
46
|
+
# See https://yhbt.net/yahns.git/tree/examples/https_proxy_pass.conf.rb
|
47
|
+
# and https://yhbt.net/yahns.git/tree/examples/proxy_pass.ru for examples
|
48
|
+
class Yahns::ProxyPass
|
49
|
+
attr_reader :proxy_buffering, :response_headers # :nodoc:
|
20
50
|
|
21
|
-
|
51
|
+
# +dest+ must be an HTTP URL with optional variables prefixed with '$'.
|
52
|
+
# +dest+ may refer to the path to a Unix domain socket in the form:
|
53
|
+
#
|
54
|
+
# unix:/absolute/path/to/socket
|
55
|
+
#
|
56
|
+
# Variables which may be used in the +dest+ parameter include:
|
57
|
+
#
|
58
|
+
# - $url - the entire URL used to make the request
|
59
|
+
# - $path - the unescaped PATH_INFO of the HTTP request
|
60
|
+
# - $fullpath - $path with QUERY_STRING
|
61
|
+
# - $host - the hostname in the Host: header
|
62
|
+
#
|
63
|
+
# For Unix domain sockets, variables may be separated from the
|
64
|
+
# socket path via: ":/". For example:
|
65
|
+
#
|
66
|
+
# unix:/absolute/path/to/socket:/$host/$fullpath
|
67
|
+
#
|
68
|
+
# Currently :response_headers is the only +opts+ supported.
|
69
|
+
# :response_headers is a Hash containing a "from => to" mapping
|
70
|
+
# of response headers. The special value of +:ignore+ indicates
|
71
|
+
# the header from the backend HTTP server will be ignored instead
|
72
|
+
# of being blindly passed on to the client.
|
73
|
+
def initialize(dest, opts = { response_headers: { 'Server' => :ignore } })
|
22
74
|
case dest
|
23
75
|
when %r{\Aunix:([^:]+)(?::(/.*))?\z}
|
24
76
|
path = $2
|
@@ -41,7 +93,7 @@ class Yahns::ProxyPass # :nodoc:
|
|
41
93
|
init_path_vars(path)
|
42
94
|
end
|
43
95
|
|
44
|
-
def init_path_vars(path)
|
96
|
+
def init_path_vars(path) # :nodoc:
|
45
97
|
path ||= '$fullpath'
|
46
98
|
# methods from Rack::Request we want:
|
47
99
|
allow = %w(fullpath host_with_port host port url path)
|
@@ -54,7 +106,7 @@ class Yahns::ProxyPass # :nodoc:
|
|
54
106
|
@path = path.gsub(%r{\A/(\$(?:fullpath|path))}, '\1')
|
55
107
|
end
|
56
108
|
|
57
|
-
def call(env)
|
109
|
+
def call(env) # :nodoc:
|
58
110
|
# 3-way handshake for TCP backends while we generate the request header
|
59
111
|
rr = Yahns::ReqRes.start(@sockaddr)
|
60
112
|
c = env['rack.hijack'].call # Yahns::HttpClient#call
|
data/lib/yahns/queue_epoll.rb
CHANGED
@@ -32,6 +32,10 @@ class Yahns::Queue < SleepyPenguin::Epoll::IO # :nodoc:
|
|
32
32
|
epoll_ctl(Epoll::CTL_MOD, io, flags)
|
33
33
|
end
|
34
34
|
|
35
|
+
def queue_del(io)
|
36
|
+
epoll_ctl(Epoll::CTL_DEL, io, 0)
|
37
|
+
end
|
38
|
+
|
35
39
|
def thr_init
|
36
40
|
Thread.current[:yahns_rbuf] = ''.dup
|
37
41
|
Thread.current[:yahns_fdmap] = @fdmap
|
data/lib/yahns/server.rb
CHANGED
@@ -438,25 +438,28 @@ class Yahns::Server # :nodoc:
|
|
438
438
|
# This just injects the QueueQuitter object which acts like a
|
439
439
|
# monkey wrench thrown into a perfectly good engine :)
|
440
440
|
def quit_finish
|
441
|
-
|
441
|
+
# we must not let quitters get GC-ed if we have any worker threads leftover
|
442
|
+
@quitter = Yahns::QueueQuitter.new
|
442
443
|
|
443
444
|
# throw the monkey wrench into the worker threads
|
444
|
-
@queues.each { |q| q.queue_add(quitter, Yahns::Queue::QEV_QUIT) }
|
445
|
+
@queues.each { |q| q.queue_add(@quitter, Yahns::Queue::QEV_QUIT) }
|
445
446
|
|
446
447
|
# watch the monkey wrench destroy all the threads!
|
447
448
|
# Ugh, this may fail if we have dedicated threads trickling
|
448
449
|
# response bodies out (e.g. "tail -F") Oh well, have a timeout
|
449
450
|
begin
|
450
451
|
@wthr.delete_if { |t| t.join(0.01) }
|
452
|
+
# Workaround Linux 5.5+ bug (fixed in 5.13+)
|
453
|
+
# https://yhbt.net/lore/lkml/20210405231025.33829-1-dave@stgolabs.net/
|
454
|
+
@wthr[0] && @queues[0].respond_to?(:queue_del) and @queues.each do |q|
|
455
|
+
q.queue_del(@quitter)
|
456
|
+
q.queue_add(@quitter, Yahns::Queue::QEV_QUIT)
|
457
|
+
end
|
451
458
|
end while @wthr[0] && Yahns.now <= @shutdown_expire
|
452
459
|
|
453
460
|
# cleanup, our job is done
|
454
461
|
@queues.each(&:close).clear
|
455
|
-
|
456
|
-
# we must not let quitter get GC-ed if we have any worker threads leftover
|
457
|
-
@quitter = quitter
|
458
|
-
|
459
|
-
quitter.close
|
462
|
+
@quitter.close # keep object around in case @wthr isn't empty
|
460
463
|
rescue => e
|
461
464
|
Yahns::Log.exception(@logger, "quit finish", e)
|
462
465
|
ensure
|
@@ -476,7 +479,8 @@ class Yahns::Server # :nodoc:
|
|
476
479
|
end
|
477
480
|
|
478
481
|
def sp_sig_handle(alive)
|
479
|
-
@
|
482
|
+
tout = alive ? (@sig_queue.empty? ? nil : 0) : 0.01
|
483
|
+
@sev.wait_readable(tout)
|
480
484
|
@sev.yahns_step
|
481
485
|
case sig = @sig_queue.shift
|
482
486
|
when :QUIT, :TERM, :INT
|
data/lib/yahns/server_mp.rb
CHANGED
@@ -157,7 +157,8 @@ module Yahns::ServerMP # :nodoc:
|
|
157
157
|
def mp_sig_handle(watch, alive)
|
158
158
|
# not performance critical
|
159
159
|
watch.delete_if { |io| io.to_io.closed? }
|
160
|
-
|
160
|
+
tout = alive ? (@sig_queue.empty? ? nil : 0) : 0.01
|
161
|
+
if r = select(watch, nil, nil, tout)
|
161
162
|
r[0].each(&:yahns_step)
|
162
163
|
end
|
163
164
|
case @sig_queue.shift
|
data/lib/yahns/version.rb
CHANGED
@@ -1 +1 @@
|
|
1
|
-
Yahns::VERSION = '1.
|
1
|
+
Yahns::VERSION = '1.18.0'.freeze # :nodoc:
|
data/lib/yahns/worker.rb
CHANGED
@@ -14,8 +14,8 @@ class Yahns::Worker # :nodoc:
|
|
14
14
|
# F_SETPIPE_SZ = 1031, PAGE_SIZE = 4096
|
15
15
|
# (fcntl will handle minimum size on platforms where PAGE_SIZE > 4096)
|
16
16
|
@to_io.fcntl(1031, 4096)
|
17
|
-
rescue
|
18
|
-
# old kernel
|
17
|
+
rescue SystemCallError
|
18
|
+
# old kernel (EINVAL, EPERM)
|
19
19
|
end if RUBY_PLATFORM =~ /\blinux\b/
|
20
20
|
end
|
21
21
|
|
data/lib/yahns.rb
CHANGED
@@ -1,5 +1,5 @@
|
|
1
|
-
# Copyright (C) 2013-
|
2
|
-
# License: GPL-3.0+
|
1
|
+
# Copyright (C) 2013-2019 all contributors <yahns-public@yhbt.net>
|
2
|
+
# License: GPL-3.0+ <https://www.gnu.org/licenses/gpl-3.0.txt>
|
3
3
|
# frozen_string_literal: true
|
4
4
|
$stdout.sync = $stderr.sync = true
|
5
5
|
|
@@ -16,12 +16,15 @@ require 'io/wait'
|
|
16
16
|
Unicorn.__send__(:remove_const, sym) if Unicorn.const_defined?(sym)
|
17
17
|
end
|
18
18
|
|
19
|
-
# yahns exposes
|
20
|
-
# See https://yhbt.net/yahns
|
21
|
-
# for the config documentation
|
19
|
+
# yahns exposes little user-visible API outside of the config file.
|
20
|
+
# See https://yhbt.net/yahns/yahns_config.txt
|
21
|
+
# for the config documentation (or yahns_config(5) manpage)
|
22
22
|
# and https://yhbt.net/yahns.git/about/ for the homepage.
|
23
|
-
#
|
24
|
-
|
23
|
+
#
|
24
|
+
# Yahns::ProxyPass is currently the only public API.
|
25
|
+
#
|
26
|
+
# Documented APIs and options are supported forever,
|
27
|
+
# internals are subject to change.
|
25
28
|
module Yahns
|
26
29
|
# :stopdoc:
|
27
30
|
# We populate this at startup so we can figure out how to reexecute
|
data/man/yahns_config.5
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
.\" Automatically generated by Pod::Man 4.
|
1
|
+
.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
|
2
2
|
.\"
|
3
3
|
.\" Standard preamble:
|
4
4
|
.\" ========================================================================
|
@@ -54,16 +54,20 @@
|
|
54
54
|
.\" Avoid warning from groff about undefined register 'F'.
|
55
55
|
.de IX
|
56
56
|
..
|
57
|
-
.
|
58
|
-
.if \
|
59
|
-
.
|
60
|
-
.
|
57
|
+
.nr rF 0
|
58
|
+
.if \n(.g .if rF .nr rF 1
|
59
|
+
.if (\n(rF:(\n(.g==0)) \{\
|
60
|
+
. if \nF \{\
|
61
|
+
. de IX
|
62
|
+
. tm Index:\\$1\t\\n%\t"\\$2"
|
61
63
|
..
|
62
|
-
.
|
63
|
-
.
|
64
|
-
.
|
64
|
+
. if !\nF==2 \{\
|
65
|
+
. nr % 0
|
66
|
+
. nr F 2
|
67
|
+
. \}
|
65
68
|
. \}
|
66
69
|
.\}
|
70
|
+
.rr rF
|
67
71
|
.\"
|
68
72
|
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
|
69
73
|
.\" Fear. Run. Save yourself. No user-serviceable parts.
|
@@ -129,7 +133,7 @@
|
|
129
133
|
.\" ========================================================================
|
130
134
|
.\"
|
131
135
|
.IX Title "YAHNS_CONFIG 5"
|
132
|
-
.TH YAHNS_CONFIG 5 "1994-10-02" "yahns 1.
|
136
|
+
.TH YAHNS_CONFIG 5 "1994-10-02" "yahns 1.17.0.5.g4e5f" "yahns user manual"
|
133
137
|
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
|
134
138
|
.\" way too many mistakes in technical documents.
|
135
139
|
.if n .ad l
|
@@ -170,7 +174,7 @@ For Rack \s-1HTTP\s0 applications, see \*(L"\s-1RACK APP ARGUMENTS\*(R"\s0 for m
|
|
170
174
|
information.
|
171
175
|
.IP "before_exec &BLOCK" 4
|
172
176
|
.IX Item "before_exec &BLOCK"
|
173
|
-
This runs &BLOCK before Kernel#exec (\
|
177
|
+
This runs &BLOCK before Kernel#exec (\fBexecve\fR\|(2) wrapper). The command
|
174
178
|
array to be passed to Kernel#exec may be modified within this hook:
|
175
179
|
.Sp
|
176
180
|
.Vb 3
|
@@ -283,7 +287,7 @@ Default: / if daemonized, current working directory if not
|
|
283
287
|
.IP "max_events \s-1INTEGER\s0" 4
|
284
288
|
.IX Item "max_events INTEGER"
|
285
289
|
This controls the number of events a worker thread will fetch at
|
286
|
-
once via \
|
290
|
+
once via \fBepoll_wait\fR\|(2) or \fBkevent\fR\|(2).
|
287
291
|
There is no good reason to change this
|
288
292
|
unless you use very few (e.g. 1) worker_threads. Leaving this at
|
289
293
|
1 will give the fairest load balancing behavior with epoll or kqueue.
|
@@ -328,7 +332,7 @@ Default: false
|
|
328
332
|
This controls the maximum size of a request body before it is
|
329
333
|
buffered to the filesystem (instead of memory). This has no effect
|
330
334
|
if input_buffering is false. This also governs the size of an
|
331
|
-
individual \
|
335
|
+
individual \fBread\fR\|(2) system call when reading a request body.
|
332
336
|
.Sp
|
333
337
|
There is generally no need to change this value and this directive
|
334
338
|
may be removed in the future.
|
@@ -336,7 +340,7 @@ may be removed in the future.
|
|
336
340
|
Default: 8192 bytes (8 kilobytes)
|
337
341
|
.IP "client_header_buffer_size \s-1INTEGER\s0" 4
|
338
342
|
.IX Item "client_header_buffer_size INTEGER"
|
339
|
-
This controls the size of a single \
|
343
|
+
This controls the size of a single \fBread\fR\|(2) syscall for reading
|
340
344
|
client request headers. Increase this as needed if your application
|
341
345
|
uses large cookies or long URLs. Lowering this may reduce \s-1GC\s0 and
|
342
346
|
memory allocator overhead.
|
@@ -459,12 +463,12 @@ this means Unix domain sockets must not be placed in /tmp
|
|
459
463
|
The following \s-1OPTIONS\s0 may be specified (but are generally not needed):
|
460
464
|
.IP "backlog: \s-1INTEGER\s0" 4
|
461
465
|
.IX Item "backlog: INTEGER"
|
462
|
-
This is the backlog of the \
|
466
|
+
This is the backlog of the \fBlisten\fR\|(2) syscall.
|
463
467
|
.Sp
|
464
468
|
Some operating systems allow negative values here to specify the
|
465
469
|
maximum allowable value. In most cases, this number is only
|
466
470
|
recommendation and there are other OS-specific tunables and
|
467
|
-
variables that can affect this number. See the \
|
471
|
+
variables that can affect this number. See the \fBlisten\fR\|(2)
|
468
472
|
syscall documentation of your \s-1OS\s0 for the exact semantics of
|
469
473
|
this.
|
470
474
|
.Sp
|
@@ -491,7 +495,7 @@ Default: Operating-system dependent
|
|
491
495
|
Maximum receive and send buffer sizes (in bytes) of sockets.
|
492
496
|
.Sp
|
493
497
|
These correspond to the \s-1SO_RCVBUF\s0 and \s-1SO_SNDBUF\s0 settings which
|
494
|
-
can be set via the \
|
498
|
+
can be set via the \fBsetsockopt\fR\|(2) syscall. Some kernels
|
495
499
|
(e.g. Linux 2.4+) have intelligent auto-tuning mechanisms and
|
496
500
|
there is no need (and it is sometimes detrimental) to specify them.
|
497
501
|
.Sp
|
@@ -507,8 +511,8 @@ This enables multiple, independently-started yahns instances to
|
|
507
511
|
bind to the same port (as long as all the processes enable this).
|
508
512
|
.Sp
|
509
513
|
This option must be used when yahns first binds the listen socket.
|
510
|
-
It cannot be enabled when a socket is inherited via \s-1SIGUSR2
|
511
|
-
|
514
|
+
It cannot be enabled when a socket is inherited via \s-1SIGUSR2\s0
|
515
|
+
(but it will remain on if inherited), and it cannot be enabled
|
512
516
|
directly via \s-1SIGHUP.\s0
|
513
517
|
.Sp
|
514
518
|
Note: there is a chance of connections being dropped if
|
@@ -535,22 +539,22 @@ An example which seems to work is:
|
|
535
539
|
\& require \*(Aqopenssl\*(Aq
|
536
540
|
\& ssl_ctx = OpenSSL::SSL::SSLContext.new
|
537
541
|
\& ssl_ctx.cert = OpenSSL::X509::Certificate.new(
|
538
|
-
\&
|
542
|
+
\& File.read(\*(Aq/etc/ssl/certs/example.crt\*(Aq)
|
539
543
|
\& )
|
540
544
|
\& ssl_ctx.extra_chain_cert = [
|
541
545
|
\& OpenSSL::X509::Certificate.new(
|
542
|
-
\&
|
546
|
+
\& File.read(\*(Aq/etc/ssl/certs/chain.crt\*(Aq)
|
543
547
|
\& )
|
544
548
|
\& ]
|
545
549
|
\& ssl_ctx.key = OpenSSL::PKey::RSA.new(
|
546
|
-
\&
|
550
|
+
\& File.read(\*(Aq/etc/ssl/private/example.key\*(Aq)
|
547
551
|
\& )
|
548
552
|
\&
|
549
553
|
\& # use defaults provided by Ruby on top of OpenSSL,
|
550
|
-
\& # but disable client certificate verification as it is rare:
|
554
|
+
\& # but disable client certificate verification as it is rare for servers:
|
551
555
|
\& ssl_ctx.set_params(verify_mode: OpenSSL::SSL::VERIFY_NONE)
|
552
556
|
\&
|
553
|
-
\& # Built\-in session cache (only
|
557
|
+
\& # Built\-in session cache (only useful if worker_processes is nil or 1)
|
554
558
|
\& ssl_ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_SERVER
|
555
559
|
\&
|
556
560
|
\& app(:rack, "/path/to/my/app/config.ru") do
|
@@ -672,7 +676,7 @@ here means yahns will enable yahns to use a master/worker process
|
|
672
676
|
model instead of a single process.
|
673
677
|
.Sp
|
674
678
|
If an optional &BLOCK is given, it may be used to configure
|
675
|
-
\&\
|
679
|
+
\&\fBpthread_atfork\fR\|(3)\-style hooks.
|
676
680
|
See \*(L"\s-1WORKER_PROCESSES\-LEVEL DIRECTIVES\*(R"\s0 for details.
|
677
681
|
.Sp
|
678
682
|
Using worker_processes is strongly recommended if your application
|
@@ -688,7 +692,7 @@ Note: all of the atfork_* hooks described here are available inside the
|
|
688
692
|
\&\*(L"app\*(R" blocks, too.
|
689
693
|
.IP "atfork_prepare &BLOCK" 4
|
690
694
|
.IX Item "atfork_prepare &BLOCK"
|
691
|
-
This &BLOCK is executed in the parent before \
|
695
|
+
This &BLOCK is executed in the parent before \fBfork\fR\|(2) operation.
|
692
696
|
This may be useful for app directives which specify \*(L"preload: true\*(R"
|
693
697
|
to disconnect from databases or otherwise close open file descriptors
|
694
698
|
to prevent them from being shared with the children.
|
@@ -696,12 +700,12 @@ to prevent them from being shared with the children.
|
|
696
700
|
Default: none
|
697
701
|
.IP "atfork_parent &BLOCK" 4
|
698
702
|
.IX Item "atfork_parent &BLOCK"
|
699
|
-
This &BLOCK is executed in the parent after the \
|
703
|
+
This &BLOCK is executed in the parent after the \fBfork\fR\|(2) operation.
|
700
704
|
.Sp
|
701
705
|
Default: none
|
702
706
|
.IP "atfork_child &BLOCK" 4
|
703
707
|
.IX Item "atfork_child &BLOCK"
|
704
|
-
This &BLOCK is executed in the child after the \
|
708
|
+
This &BLOCK is executed in the child after the \fBfork\fR\|(2) operation.
|
705
709
|
.Sp
|
706
710
|
This may be useful for app directives which specify \*(L"preload: true\*(R"
|
707
711
|
to reconnect to databases or reopen closed file descriptors which
|
@@ -710,7 +714,7 @@ were closed in the atfork_prepare hook.
|
|
710
714
|
Default: none
|
711
715
|
.SH "RACK APP ARGUMENTS"
|
712
716
|
.IX Header "RACK APP ARGUMENTS"
|
713
|
-
Rack applications take a \s-1PATHNAME\s0 to the \
|
717
|
+
Rack applications take a \s-1PATHNAME\s0 to the \fBrackup\fR\|(1) config file
|
714
718
|
(e.g. \*(L"config.ru\*(R") as its first argument.
|
715
719
|
.PP
|
716
720
|
The only supported keyword argument is:
|
@@ -743,7 +747,7 @@ Mail archives are available at <https://yhbt.net/yahns\-public/>
|
|
743
747
|
.SH "COPYRIGHT"
|
744
748
|
.IX Header "COPYRIGHT"
|
745
749
|
Copyright (C) 2013\-2016 all contributors <mailto:yahns\-public@yhbt.net>
|
746
|
-
License: \s-1GPL\-3.0
|
750
|
+
License: \s-1GPL\-3.0+\s0 <https://www.gnu.org/licenses/gpl\-3.0.txt>
|
747
751
|
.SH "SEE ALSO"
|
748
752
|
.IX Header "SEE ALSO"
|
749
|
-
\&\
|
753
|
+
\&\fByahns\fR\|(1)
|
data/test/helper.rb
CHANGED
@@ -158,7 +158,7 @@ def skip_skb_mem
|
|
158
158
|
[ [ '/proc/sys/net/ipv4/tcp_rmem', "4096 87380 6291456\n" ],
|
159
159
|
[ '/proc/sys/net/ipv4/tcp_wmem', "4096 16384 4194304\n" ]
|
160
160
|
].each do |file, expect|
|
161
|
-
val =
|
161
|
+
val = File.read(file)
|
162
162
|
val == expect or skip "#{file} had: #{val}expected: #{expect}"
|
163
163
|
end
|
164
164
|
end
|
data/yahns.gemspec
CHANGED
@@ -1,5 +1,5 @@
|
|
1
|
-
# Copyright (C)
|
2
|
-
# License: GPL-3.0+
|
1
|
+
# Copyright (C) all contributors <yahns-public@yhbt.net>
|
2
|
+
# License: GPL-3.0+ <https://www.gnu.org/licenses/gpl-3.0.txt>
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
manifest = File.read('.gem-manifest').split(/\n/)
|
5
5
|
s.name = %q{yahns}
|
@@ -15,7 +15,7 @@ Gem::Specification.new do |s|
|
|
15
15
|
|
16
16
|
s.add_dependency(%q<kgio>, '~> 2.9')
|
17
17
|
s.add_dependency(%q<sleepy_penguin>, '~> 3.2')
|
18
|
-
s.add_dependency(%q<unicorn>, '>= 4.6.3', '<
|
18
|
+
s.add_dependency(%q<unicorn>, '>= 4.6.3', '< 7.0')
|
19
19
|
# s.add_dependency(%q<kgio-sendfile>, '~> 1.2') # optional
|
20
20
|
|
21
21
|
# minitest is standard in Ruby 2.0, 4.3 is packaged with Ruby 2.0.0,
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: yahns
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.18.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- yahns hackers
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-10-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: kgio
|
@@ -47,7 +47,7 @@ dependencies:
|
|
47
47
|
version: 4.6.3
|
48
48
|
- - "<"
|
49
49
|
- !ruby/object:Gem::Version
|
50
|
-
version: '
|
50
|
+
version: '7.0'
|
51
51
|
type: :runtime
|
52
52
|
prerelease: false
|
53
53
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -57,7 +57,7 @@ dependencies:
|
|
57
57
|
version: 4.6.3
|
58
58
|
- - "<"
|
59
59
|
- !ruby/object:Gem::Version
|
60
|
-
version: '
|
60
|
+
version: '7.0'
|
61
61
|
- !ruby/object:Gem::Dependency
|
62
62
|
name: minitest
|
63
63
|
requirement: !ruby/object:Gem::Requirement
|
@@ -106,8 +106,10 @@ executables:
|
|
106
106
|
extensions: []
|
107
107
|
extra_rdoc_files: []
|
108
108
|
files:
|
109
|
+
- ".document"
|
109
110
|
- ".gitattributes"
|
110
111
|
- ".gitignore"
|
112
|
+
- ".olddoc.yml"
|
111
113
|
- COPYING
|
112
114
|
- Documentation/.gitignore
|
113
115
|
- Documentation/GNUmakefile
|
@@ -126,9 +128,11 @@ files:
|
|
126
128
|
- bin/yahns
|
127
129
|
- bin/yahns-rackup
|
128
130
|
- examples/README
|
131
|
+
- examples/https_proxy_pass.conf.rb
|
129
132
|
- examples/init.sh
|
130
133
|
- examples/logger_mp_safe.rb
|
131
134
|
- examples/logrotate.conf
|
135
|
+
- examples/proxy_pass.ru
|
132
136
|
- examples/yahns.socket
|
133
137
|
- examples/yahns@.service
|
134
138
|
- examples/yahns_multi.conf.rb
|