123456789_123456789_123456789_123456789_123456789_

Class: Puma::Binder

Relationships & Source Files
Super Chains via Extension / Inclusion / Inheritance
Instance Chain:
self, Const
Inherits: Object
Defined in: lib/puma/binder.rb

Constant Summary

Const - Included

BANNED_HEADER_KEY, CGI_VER, CHUNKED, CHUNK_SIZE, CLOSE, CLOSE_CHUNKED, CODE_NAME, COLON, CONNECTION_CLOSE, CONNECTION_KEEP_ALIVE, CONTENT_LENGTH, CONTENT_LENGTH2, CONTENT_LENGTH_S, CONTINUE, DQUOTE, EARLY_HINTS, ERROR_RESPONSE, FAST_TRACK_KA_TIMEOUT, GATEWAY_INTERFACE, HALT_COMMAND, HEAD, HIJACK, HIJACK_IO, HIJACK_P, HTTP, HTTPS, HTTPS_KEY, HTTP_10_200, HTTP_11, HTTP_11_100, HTTP_11_200, HTTP_CONNECTION, HTTP_EXPECT, HTTP_HEADER_DELIMITER, HTTP_HOST, HTTP_VERSION, HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED_PROTO, HTTP_X_FORWARDED_SCHEME, HTTP_X_FORWARDED_SSL, IANA_HTTP_METHODS, ILLEGAL_HEADER_KEY_REGEX, ILLEGAL_HEADER_VALUE_REGEX, KEEP_ALIVE, LINE_END, LOCALHOST, LOCALHOST_IPV4, LOCALHOST_IPV6, MAX_BODY, MAX_HEADER, NEWLINE, PATH_INFO, PORT_443, PORT_80, PROXY_PROTOCOL_V1_REGEX, PUMA_CONFIG, PUMA_PEERCERT, PUMA_SERVER_STRING, PUMA_SOCKET, PUMA_TMP_BASE, PUMA_VERSION, QUERY_STRING, RACK_AFTER_REPLY, RACK_INPUT, RACK_URL_SCHEME, REMOTE_ADDR, REQUEST_METHOD, REQUEST_PATH, REQUEST_URI, RESTART_COMMAND, SERVER_NAME, SERVER_PORT, SERVER_PROTOCOL, SERVER_SOFTWARE, STOP_COMMAND, SUPPORTED_HTTP_METHODS, TRANSFER_ENCODING, TRANSFER_ENCODING2, TRANSFER_ENCODING_CHUNKED, UNMASKABLE_HEADERS, UNSPECIFIED_IPV4, UNSPECIFIED_IPV6, WRITE_TIMEOUT

Class Method Summary

Instance Attribute Summary

Instance Method Summary

Constructor Details

.new(log_writer, conf = Configuration.new, env: ENV) ⇒ Binder

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 22

def initialize(log_writer, conf = Configuration.new, env: ENV)
  @log_writer = log_writer
  @conf = conf
  @listeners = []
  @inherited_fds = {}
  @activated_sockets = {}
  @unix_paths = []
  @env = env

  @proto_env = {
    "rack.version".freeze => RACK_VERSION,
    "rack.errors".freeze => log_writer.stderr,
    "rack.multithread".freeze => conf.options[:max_threads] > 1,
    "rack.multiprocess".freeze => conf.options[:workers] >= 1,
    "rack.run_once".freeze => false,
    RACK_URL_SCHEME => conf.options[:rack_url_scheme],
    "SCRIPT_NAME".freeze => env['SCRIPT_NAME'] || "",

    # I'd like to set a default CONTENT_TYPE here but some things
    # depend on their not being a default set and inferring
    # it from the content. And so if i set it here, it won't
    # infer properly.

    "QUERY_STRING".freeze => "",
    SERVER_SOFTWARE => PUMA_SERVER_STRING,
    GATEWAY_INTERFACE => CGI_VER
  }

  @envs = {}
  @ios = []
end

Instance Attribute Details

#activated_sockets (readonly)

Version:

  • 5.0.0

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 57

attr_reader :activated_sockets, :envs, :inherited_fds, :listeners, :proto_env, :unix_paths

#connected_ports (readonly)

Version:

  • 5.0.0

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 72

def connected_ports
  t = ios.map { |io| io.addr[1] }; t.uniq!; t
end

#envs (readonly)

Version:

  • 5.0.0

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 57

attr_reader :activated_sockets, :envs, :inherited_fds, :listeners, :proto_env, :unix_paths

#inherited_fds (readonly)

Version:

  • 5.0.0

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 57

attr_reader :activated_sockets, :envs, :inherited_fds, :listeners, :proto_env, :unix_paths

#ios (rw)

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 54

attr_reader :ios

#ios=(value) (rw)

Version:

  • 5.0.0

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 60

attr_writer :ios, :listeners

#listeners (rw)

Version:

  • 5.0.0

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 57

attr_reader :activated_sockets, :envs, :inherited_fds, :listeners, :proto_env, :unix_paths

#listeners=(value) (rw)

Version:

  • 5.0.0

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 60

attr_writer :ios, :listeners

#loopback_addresses (readonly, private)

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 481

def loopback_addresses
  t = Socket.ip_address_list.select do |addrinfo|
    addrinfo.ipv6_loopback? || addrinfo.ipv4_loopback?
  end
  t.map! { |addrinfo| addrinfo.ip_address }; t.uniq!; t
end

#proto_env (readonly)

Version:

  • 5.0.0

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 57

attr_reader :activated_sockets, :envs, :inherited_fds, :listeners, :proto_env, :unix_paths

#unix_paths (readonly)

Version:

  • 5.0.0

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 57

attr_reader :activated_sockets, :envs, :inherited_fds, :listeners, :proto_env, :unix_paths

Instance Method Details

#add_ssl_listener(host, port, ctx, optimize_for_latency = true, backlog = 1024)

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 354

def add_ssl_listener(host, port, ctx,
                     optimize_for_latency=true, backlog=1024)

  raise "Puma compiled without SSL support" unless HAS_SSL
  # Puma will try to use local authority context if context is supplied nil
  ctx ||= localhost_authority_context

  if host == "localhost"
    loopback_addresses.each do |addr|
      add_ssl_listener addr, port, ctx, optimize_for_latency, backlog
    end
    return
  end

  host = host[1..-2] if host&.start_with? '['
  s = TCPServer.new(host, port)
  if optimize_for_latency
    s.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1)
  end
  s.setsockopt(Socket::SOL_SOCKET,Socket::SO_REUSEADDR, true)
  s.listen backlog

  ssl = MiniSSL::Server.new s, ctx
  env = @proto_env.dup
  env[HTTPS_KEY] = HTTPS
  @envs[ssl] = env

  @ios << ssl
  s
end

#add_tcp_listener(host, port, optimize_for_latency = true, backlog = 1024)

Tell the server to listen on host host, port port. If optimize_for_latency is true (the default) then clients connecting will be optimized for latency over throughput.

backlog indicates how many unaccepted connections the kernel should allow to accumulate before returning connection refused.

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 326

def add_tcp_listener(host, port, optimize_for_latency=true, backlog=1024)
  if host == "localhost"
    loopback_addresses.each do |addr|
      add_tcp_listener addr, port, optimize_for_latency, backlog
    end
    return
  end

  host = host[1..-2] if host&.start_with? '['
  tcp_server = TCPServer.new(host, port)

  if optimize_for_latency
    tcp_server.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1)
  end
  tcp_server.setsockopt(Socket::SOL_SOCKET,Socket::SO_REUSEADDR, true)
  tcp_server.listen backlog

  @ios << tcp_server
  tcp_server
end

#add_unix_listener(path, umask = nil, mode = nil, backlog = 1024)

Tell the server to listen on path as a UNIX domain socket.

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 405

def add_unix_listener(path, umask=nil, mode=nil, backlog=1024)
  # Let anyone connect by default
  umask ||= 0

  begin
    old_mask = File.umask(umask)

    if File.exist? path
      begin
        old = UNIXSocket.new path
      rescue SystemCallError, IOError
        File.unlink path
      else
        old.close
        raise "There is already a server bound to: #{path}"
      end
    end
    s = UNIXServer.new path.sub(/\A@/, "\0") # check for abstract UNIXSocket
    s.listen backlog
    @ios << s
  ensure
    File.umask old_mask
  end

  if mode
    File.chmod mode, path
  end

  env = @proto_env.dup
  env[REMOTE_ADDR] = "127.0.0.1"
  @envs[s] = env

  s
end

#close

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 66

def close
  @ios.each { |i| i.close }
end

#close_listeners

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 452

def close_listeners
  @listeners.each do |l, io|
    begin
      io.close unless io.closed?
      uri = URI.parse l
      next unless uri.scheme == 'unix'
      unix_path = "#{uri.host}#{uri.path}"
      File.unlink unix_path if @unix_paths.include?(unix_path) && File.exist?(unix_path)
    rescue Errno::EBADF
    end
  end
end

#create_activated_fds(env_hash)

systemd socket activation. LISTEN_FDS = number of listening sockets. e.g. 2 means accept on 2 sockets w/descriptors 3 and 4. LISTEN_PID = PID of the service process, aka us

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 90

def create_activated_fds(env_hash)
  @log_writer.debug "ENV['LISTEN_FDS'] #{@env['LISTEN_FDS'].inspect}  env_hash['LISTEN_PID'] #{env_hash['LISTEN_PID'].inspect}"
  return [] unless env_hash['LISTEN_FDS'] && env_hash['LISTEN_PID'].to_i == $$
  env_hash['LISTEN_FDS'].to_i.times do |index|
    sock = TCPServer.for_fd(socket_activation_fd(index))
    key = begin # Try to parse as a path
      [:unix, Socket.unpack_sockaddr_un(sock.getsockname)]
    rescue ArgumentError # Try to parse as a port/ip
      port, addr = Socket.unpack_sockaddr_in(sock.getsockname)
      addr = "[#{addr}]" if addr&.include? ':'
      [:tcp, addr, port]
    end
    @activated_sockets[key] = sock
    @log_writer.debug "Registered #{key.join ':'} for activation from LISTEN_FDS"
  end
  ["LISTEN_FDS", "LISTEN_PID"] # Signal to remove these keys from ENV
end

#create_inherited_fds(env_hash)

Version:

  • 5.0.0

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 77

def create_inherited_fds(env_hash)
  env_hash.select {|k,v| k =~ /PUMA_INHERIT_\d+/}.each do |_k, v|
    fd, url = v.split(":", 2)
    @inherited_fds[url] = fd.to_i
  end.keys # pass keys back for removal
end

#env(sock)

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 62

def env(sock)
  @envs.fetch(sock, @proto_env)
end

#inherit_ssl_listener(fd, ctx)

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 385

def inherit_ssl_listener(fd, ctx)
  raise "Puma compiled without SSL support" unless HAS_SSL
  # Puma will try to use local authority context if context is supplied nil
  ctx ||= localhost_authority_context

  s = fd.kind_of?(::TCPServer) ? fd : ::TCPServer.for_fd(fd)

  ssl = MiniSSL::Server.new(s, ctx)

  env = @proto_env.dup
  env[HTTPS_KEY] = HTTPS
  @envs[ssl] = env

  @ios << ssl

  s
end

#inherit_tcp_listener(host, port, fd)

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 347

def inherit_tcp_listener(host, port, fd)
  s = fd.kind_of?(::TCPServer) ? fd : ::TCPServer.for_fd(fd)

  @ios << s
  s
end

#inherit_unix_listener(path, fd)

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 440

def inherit_unix_listener(path, fd)
  s = fd.kind_of?(::TCPServer) ? fd : ::UNIXServer.for_fd(fd)

  @ios << s

  env = @proto_env.dup
  env[REMOTE_ADDR] = "127.0.0.1"
  @envs[s] = env

  s
end

#loc_addr_str(io) (private)

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 488

def loc_addr_str(io)
  loc_addr = io.to_io.local_address
  if loc_addr.ipv6?
    "[#{loc_addr.ip_unpack[0]}]:#{loc_addr.ip_unpack[1]}"
  else
    loc_addr.ip_unpack.join(':')
  end
end

#localhost_authority

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 303

def localhost_authority
  @localhost_authority ||= Localhost::Authority.fetch if defined?(Localhost::Authority) && !Puma::IS_JRUBY
end

#localhost_authority_context

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 307

def localhost_authority_context
  return unless localhost_authority

  key_path, crt_path = if [:key_path, :certificate_path].all? { |m| localhost_authority.respond_to?(m) }
    [localhost_authority.key_path, localhost_authority.certificate_path]
  else
    local_certificates_path = File.expand_path("~/.localhost")
    [File.join(local_certificates_path, "localhost.key"), File.join(local_certificates_path, "localhost.crt")]
  end
  MiniSSL::ContextBuilder.new({ "key" => key_path, "cert" => crt_path }, @log_writer).context
end

#parse(binds, log_writer = nil, log_msg = 'Listening')

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 145

def parse(binds, log_writer = nil, log_msg = 'Listening')
  log_writer ||= @log_writer
  binds.each do |str|
    uri = URI.parse str
    case uri.scheme
    when "tcp"
      if fd = @inherited_fds.delete(str)
        io = inherit_tcp_listener uri.host, uri.port, fd
        log_writer.log "* Inherited #{str}"
      elsif sock = @activated_sockets.delete([ :tcp, uri.host, uri.port ])
        io = inherit_tcp_listener uri.host, uri.port, sock
        log_writer.log "* Activated #{str}"
      else
        ios_len = @ios.length
        params = Util.parse_query uri.query

        low_latency = params.key?('low_latency') && params['low_latency'] != 'false'
        backlog = params.fetch('backlog', 1024).to_i

        io = add_tcp_listener uri.host, uri.port, low_latency, backlog

        @ios[ios_len..-1].each do |i|
          addr = loc_addr_str i
          log_writer.log "* #{log_msg} on http://#{addr}"
        end
      end

      @listeners << [str, io] if io
    when "unix"
      path = "#{uri.host}#{uri.path}".gsub("%20", " ")
      abstract = false
      if str.start_with? 'unix://@'
        raise "OS does not support abstract UNIXSockets" unless Puma.abstract_unix_socket?
        abstract = true
        path = "@#{path}"
      end

      if fd = @inherited_fds.delete(str)
        @unix_paths << path unless abstract || File.exist?(path)
        io = inherit_unix_listener path, fd
        log_writer.log "* Inherited #{str}"
      elsif sock = @activated_sockets.delete([ :unix, path ]) ||
          !abstract && @activated_sockets.delete([ :unix, File.realdirpath(path) ])
        @unix_paths << path unless abstract || File.exist?(path)
        io = inherit_unix_listener path, sock
        log_writer.log "* Activated #{str}"
      else
        umask = nil
        mode = nil
        backlog = 1024

        if uri.query
          params = Util.parse_query uri.query
          if u = params['umask']
            # Use Integer() to respect the 0 prefix as octal
            umask = Integer(u)
          end

          if u = params['mode']
            mode = Integer('0'+u)
          end

          if u = params['backlog']
            backlog = Integer(u)
          end
        end

        @unix_paths << path unless abstract || File.exist?(path)
        io = add_unix_listener path, umask, mode, backlog
        log_writer.log "* #{log_msg} on #{str}"
      end

      @listeners << [str, io]
    when "ssl"
      cert_key = %w[cert key]

      raise "Puma compiled without SSL support" unless HAS_SSL

      params = Util.parse_query uri.query

      # If key and certs are not defined and localhost gem is required.
      # localhost gem will be used for self signed
      # Load localhost authority if not loaded.
      # Ruby 3 `values_at` accepts an array, earlier do not
      if params.values_at(*cert_key).all? { |v| v.to_s.empty? }
        ctx = localhost_authority && localhost_authority_context
      end

      ctx ||=
        begin
          # Extract cert_pem and key_pem from options[:store] if present
          cert_key.each do |v|
            if params[v]&.start_with?('store:')
              index = Integer(params.delete(v).split('store:').last)
              params["#{v}_pem"] = @conf.options[:store][index]
            end
          end
          MiniSSL::ContextBuilder.new(params, @log_writer).context
        end

      if fd = @inherited_fds.delete(str)
        log_writer.log "* Inherited #{str}"
        io = inherit_ssl_listener fd, ctx
      elsif sock = @activated_sockets.delete([ :tcp, uri.host, uri.port ])
        io = inherit_ssl_listener sock, ctx
        log_writer.log "* Activated #{str}"
      else
        ios_len = @ios.length
        backlog = params.fetch('backlog', 1024).to_i
        low_latency = params['low_latency'] != 'false'
        io = add_ssl_listener uri.host, uri.port, ctx, low_latency, backlog

        @ios[ios_len..-1].each do |i|
          addr = loc_addr_str i
          log_writer.log "* #{log_msg} on ssl://#{addr}?#{uri.query}"
        end
      end

      @listeners << [str, io] if io
    else
      log_writer.error "Invalid URI: #{str}"
    end
  end

  # If we inherited fds but didn't use them (because of a
  # configuration change), then be sure to close them.
  @inherited_fds.each do |str, fd|
    log_writer.log "* Closing unused inherited connection: #{str}"

    begin
      IO.for_fd(fd).close
    rescue SystemCallError
    end

    # We have to unlink a unix socket path that's not being used
    uri = URI.parse str
    if uri.scheme == "unix"
      path = "#{uri.host}#{uri.path}"
      File.unlink path
    end
  end

  # Also close any unused activated sockets
  unless @activated_sockets.empty?
    fds = @ios.map(&:to_i)
    @activated_sockets.each do |key, sock|
      next if fds.include? sock.to_i
      log_writer.log "* Closing unused activated socket: #{key.first}://#{key[1..-1].join ':'}"
      begin
        sock.close
      rescue SystemCallError
      end
      # We have to unlink a unix socket path that's not being used
      File.unlink key[1] if key.first == :unix
    end
  end
end

#redirects_for_restart

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 465

def redirects_for_restart
  redirects = @listeners.map { |a| [a[1].to_i, a[1].to_i] }.to_h
  redirects[:close_others] = true
  redirects
end

#redirects_for_restart_env

Version:

  • 5.0.0

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 472

def redirects_for_restart_env
  @listeners.each_with_object({}).with_index do |(listen, memo), i|
    memo["PUMA_INHERIT_#{i}"] = "#{listen[1].to_i}:#{listen[0]}"
  end
end

#socket_activation_fd(int) (private)

Version:

  • 5.0.0

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 498

def socket_activation_fd(int)
  int + 3 # 3 is the magic number you add to follow the SA protocol
end

#synthesize_binds_from_activated_fs(binds, only_matching)

Synthesize binds from systemd socket activation

When systemd socket activation is enabled, it can be tedious to keep the binds in sync. This method can synthesize any binds based on the received activated sockets. Any existing matching binds will be respected.

When only_matching is true in, all binds that do not match an activated socket is removed in place.

It’s a noop if no activated sockets were received.

[ GitHub ]

  
# File 'lib/puma/binder.rb', line 118

def synthesize_binds_from_activated_fs(binds, only_matching)
  return binds unless activated_sockets.any?

  activated_binds = []

  activated_sockets.keys.each do |proto, addr, port|
    if port
      tcp_url = "#{proto}://#{addr}:#{port}"
      ssl_url = "ssl://#{addr}:#{port}"
      ssl_url_prefix = "#{ssl_url}?"

      existing = binds.find { |bind| bind == tcp_url || bind == ssl_url || bind.start_with?(ssl_url_prefix) }

      activated_binds << (existing || tcp_url)
    else
      # TODO: can there be a SSL bind without a port?
      activated_binds << "#{proto}://#{addr}"
    end
  end

  if only_matching
    activated_binds
  else
    binds | activated_binds
  end
end