[ANN] yahns 1.12.0 -_- sleepy app server for Ruby

[ANN] yahns 1.12.0 -_- sleepy app server for Ruby

[Eric Wong]

A Free Software, multi-threaded, non-blocking network
application server designed for low _idle_ power consumption.
It is primarily optimized for applications with occasional users
which see little or no traffic.  yahns currently hosts Rack/HTTP
applications, but may eventually support other application
types.  Unlike some existing servers, yahns is extremely
sensitive to fatal bugs in the applications it hosts.

Changes:

    yahns 1.12.0 - TLS fixes and more!

    Most notably, serving static files over HTTPS did not work
    before this release with the "sendfile" gem installed.  The
    yahns_config(5) manpage is also updated with an example for
    using OpenSSL::SSL::SSLContext objects.  Users of
    Rack::Request#scheme and env['rack.url_scheme'] should see
    "https" properly set for HTTPS connections.

    There's also a bunch of internal tweaks like taking advantage of
    the file-level frozen_string_literal: directive in 2.3 and
    explicitly clearing short-lived string buffers

    TLS support is still in its early stages, but I'm experimenting
    with Let's Encrypt (via getssl[1]) and hosting https://YHBT.net/
    on it.

    For now, I suggest using a separate yahns instance (with a
    different master process) to avoid any potential data leaks
    between HTTPS and HTTP instances.  In the future, it may be
    possible to isolate HTTPS from HTTP at the worker process level.
    Supporting GnuTLS (alongside OpenSSL) may be in our future, too.

    To paraphrase the warning in http://www.postfix.org/TLS_README.html
    (which was written before Heartbleed):

        WARNING

          By turning on TLS support in yahns, you not only get the
          ability to encrypt traffic and to authenticate remote
          clients.  You also turn on thousands and thousands of
          lines of OpenSSL library code.  Assuming that OpenSSL is
          written as carefully as Eric's own code, every 1000 lines
          introduce one additional bug into yahns.

    I'm not nearly as careful with yahns as Wietse is with postfix,
    either.

    20 changes since v1.11.0:
          README: updates for kqueue
          add .gitattributes for Ruby method detection
          nodoc internals
          enable frozen_string_literal for Ruby 2.3+
          copyright updates for 2016
          extras/exec_cgi: fix frozen string error on slow responses
          avoid StringIO#binmode for the next few years
          use String#clear for short-lived buffers we create
          gemspec: make rack a development dependency
          build: install-gem forced to "--local" domain
          acceptor: all subclasses of TCPServer use TCP_INFO
          properly emulate sendfile for OpenSSL sockets
          avoid race conditions in OpenSSL::SSL::SSLContext#setup
          set HTTPS and rack.url_scheme in Rack env as appropriate
          proxy_pass: pass X-Forwarded-Proto through
          doc: switch to perlpod (from pandoc-flavored Markdown)
          doc: trim down documentation slightly
          doc: document ssl_ctx for "listen" directive
          doc: various doc and linkification improvements
          http_context: reduce constant lookup + bytecode

    [1] git clone https://github.com/srvrco/getssl.git

Please note the disclaimer:

  yahns is extremely sensitive to fatal bugs in the apps it hosts.  There
  is no (and never will be) any built-in "watchdog"-type feature to kill
  stuck processes/threads.  Each yahns process may be handling thousands
  of clients; unexpectedly killing the process will abort _all_ of those
  connections.  Lives may be lost!

  yahns hackers are not responsible for your application/library bugs.
  Use an application server which is tolerant of buggy applications
  if you cannot be bothered to fix all your fatal bugs.

* git clone git://yhbt.net/yahns
* http://yahns.yhbt.net/README
* http://yahns.yhbt.net/NEWS.atom.xml
* we only accept plain-text email yahns-public@yhbt.net
* and archive all the mail we receive: http://yhbt.net/yahns-public/
* nntp://news.public-inbox.org/inbox.comp.lang.ruby.yahns

Re: [ANN] yahns 1.12.0 -_- sleepy app server for Ruby

[Eric Wong]

Eric Wong <normalperson@yhbt.net> wrote:
>           proxy_pass: pass X-Forwarded-Proto through

Note: proxy_pass is still broken with TLS because SSL_write
seems picky about getting EXACTLY the same args it got the
first time around when it got SSL_ERROR_WANT_{WRITE,READ}.

So it looks like packetized buffering is necessary for fast
upstreams and slow TLS clients.

[ANN] yahns 1.12.1 -_- sleepy app server for Ruby

[Eric Wong]

A Free Software, multi-threaded, non-blocking network
application server designed for low _idle_ power consumption.
It is primarily optimized for applications with occasional users
which see little or no traffic.  yahns currently hosts Rack/HTTP
applications, but may eventually support other application
types.  Unlike some existing servers, yahns is extremely
sensitive to fatal bugs in the applications it hosts.

Changes:

    yahns 1.12.1 - more TLS fixes

    Most notably release fixes TLS output buffering for large
    responses to slow clients.  For Rack HTTPS users,
    env['SERVER_PORT'] also defaults to 443 properly unless the
    Host: request header specifies differently.

    Also, the extras/autoindex change is to make our own directory
    listing look nicer as we use Let's Encrypt and don't want to
    waste space listing ".well-known/" directory contents on:

	https://yahns.yhbt.net/

    Yes, we really do care how our homepage looks!

    6 changes since v1.12.0:
          extras/autoindex: support hiding dotfiles
          fix output buffering with SSL_write
          https: ensure SERVER_PORT defaults to 443
          test_ssl: check SERVER_PORT when parsed from Host: header
          doc: mention kqueue/kevent alongside epoll
          doc: more minor updates

Please note the disclaimer:

  yahns is extremely sensitive to fatal bugs in the apps it hosts.  There
  is no (and never will be) any built-in "watchdog"-type feature to kill
  stuck processes/threads.  Each yahns process may be handling thousands
  of clients; unexpectedly killing the process will abort _all_ of those
  connections.  Lives may be lost!

  yahns hackers are not responsible for your application/library bugs.
  Use an application server which is tolerant of buggy applications
  if you cannot be bothered to fix all your fatal bugs.

* git clone git://yhbt.net/yahns
* http://yahns.yhbt.net/README
* http://yahns.yhbt.net/NEWS.atom.xml
* we only accept plain-text email yahns-public@yhbt.net
* and archive all the mail we receive: http://yhbt.net/yahns-public/
* nntp://news.public-inbox.org/inbox.comp.lang.ruby.yahns

[ANN] yahns 1.12.2 -_- sleepy app server for Ruby

[Eric Wong]

A Free Software, multi-threaded, non-blocking network
application server designed for low _idle_ power consumption.
It is primarily optimized for applications with occasional users
which see little or no traffic.  yahns currently hosts Rack/HTTP
applications, but may eventually support other application
types.  Unlike some existing servers, yahns is extremely
sensitive to fatal bugs in the applications it hosts.

Changes:

    yahns 1.12.2 - minor doc and TLS fixes

    This release ensures OpenSSL::SSL::SSLContext#session_id_context
    is always set for OpenSSL users.  It won't overwrite existing
    settings, but setting it to a random value is necessary to
    ensure clients do not get aborted connections when attempting to
    use a session cache.

    No need to actually upgrade if you're on 1.12.1, you may add the
    following to your yahns_config(5) file where
    OpenSSL::SSL::SSLContext is configured:

	# recommended, not required.  This sets safer defaults
	# provided by Ruby on top of what OpenSSL gives:
	ssl_ctx.set_params

	# required, and done by default in v1.12.2:
	ssl_ctx.session_id_context ||= OpenSSL::Random.random_bytes(32)

    yahns gives you full control of of how OpenSSL::SSL::SSLContext is
    configured.  To avoid bugs, yahns only ensures
    OpenSSL::SSL::SSLContext#session_id_context is set (if not previously
    set by the user) and calls OpenSSL::SSL::SSLContext#setup before
    spawning threads to avoid race conditions.  yahns itself does not and
    will not enforce any opinion on the compatibility/performance/security
    trade-offs regarding TLS configuration.

    Note: keep in mind using an SSL session cache may be less useful
    with yahns because HTTP/1.1 persistent connections may live
    forever :)

    3 bug/doc fixes on top of v1.12.1:
          document OpenSSL::SSL::SSLContext#set_params use
          ssl: ensure is session_id_context is always set
          test/*: fix mktmpdir usage for 1.9.3

Please note the disclaimer:

  yahns is extremely sensitive to fatal bugs in the apps it hosts.  There
  is no (and never will be) any built-in "watchdog"-type feature to kill
  stuck processes/threads.  Each yahns process may be handling thousands
  of clients; unexpectedly killing the process will abort _all_ of those
  connections.  Lives may be lost!

  yahns hackers are not responsible for your application/library bugs.
  Use an application server which is tolerant of buggy applications
  if you cannot be bothered to fix all your fatal bugs.

* git clone git://yhbt.net/yahns
* http://yahns.yhbt.net/README
* http://yahns.yhbt.net/NEWS.atom.xml
* we only accept plain-text email yahns-public@yhbt.net
* and archive all the mail we receive: http://yhbt.net/yahns-public/
* nntp://news.public-inbox.org/inbox.comp.lang.ruby.yahns