Top Level Namespace

Defined Under Namespace

Modules: Falcon, Rack

Instance Method Summary collapse

Instance Method Details

#applicationObject

A general application environment. Suitable for use with any Protocol::HTTP::Middleware.



33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
 
# File 'lib/falcon/environments/application.rb', line 33

environment(:application) do
  # The middleware stack for the application.
  # @attribute [Protocol::HTTP::Middleware]
  middleware do
    ::Protocol::HTTP::Middleware::HelloWorld
  end
  
  # The scheme to use to communicate with the application.
  # @attribute [String]
  scheme 'https'
  
  # The protocol to use to communicate with the application.
  #
  # Typically one of {Async::HTTP::Protocol::HTTP1} or {Async::HTTP::Protocl::HTTP2}.
  #
  # @attribute [Async::HTTP::Protocol]
  protocol {Async::HTTP::Protocol::HTTP2}
  
  # The IPC path to use for communication with the application.
  # @attribute [String]
  ipc_path {::File.expand_path("application.ipc", root)}
  
  # The endpoint that will be used for communicating with the application server.
  # @attribute [Async::IO::Endpoint]
  endpoint do
    ::Falcon::ProxyEndpoint.unix(ipc_path,
      protocol: protocol,
      scheme: scheme,
      authority: authority
    )
  end
  
  # The service class to use for the application.
  # @attribute [Class]
  service ::Falcon::Service::Application
  
  # Number of instances to start.
  # @attribute [Integer | nil]
  count nil
end

#lets_encrypt_tlsObject

A Lets Encrypt SSL context environment.

Derived from #tls.



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/falcon/environments/lets_encrypt_tls.rb', line 31

environment(:lets_encrypt_tls, :tls) do
  # The Lets Encrypt certificate store path.
  # @parameter [String]
  lets_encrypt_root '/etc/letsencrypt/live'
  
  # The public certificate path.
  # @attribute [String]
  ssl_certificate_path do
    File.join(lets_encrypt_root, authority, "fullchain.pem")
  end
  
  # The private key path.
  # @attribute [String]
  ssl_private_key_path do
    File.join(lets_encrypt_root, authority, "privkey.pem")
  end
end

#proxyObject

A HTTP proxy environment.

Derived from #application.



29
30
31
32
33
34
35
36
37
 
# File 'lib/falcon/environments/proxy.rb', line 29

environment(:proxy) do
  # The upstream endpoint that will handle incoming requests.
  # @attribute [Async::HTTP::Endpoint]
  endpoint {::Async::HTTP::Endpoint.parse(url)}
  
  # The service class to use for the proxy.
  # @attribute [Class]
  service ::Falcon::Service::Proxy
end

#rackObject

A rack application environment.

Derived from #application.



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
 
# File 'lib/falcon/environments/rack.rb', line 31

environment(:rack, :application) do
  # The rack configuration path.
  # @attribute [String]
  config_path {::File.expand_path("config.ru", root)}
  
  # Whether to enable the application layer cache.
  # @attribute [String]
  cache false
  
  # The middleware stack for the rack application.
  # @attribute [Protocol::HTTP::Middleware]
  middleware do
    app, _ = ::Rack::Builder.parse_file(config_path)
    
    ::Falcon::Server.middleware(app,
      verbose: verbose,
      cache: cache
    )
  end
end

#self_signed_tlsObject

A self-signed SSL context environment.



29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
# File 'lib/falcon/environments/self_signed_tls.rb', line 29

environment(:self_signed_tls) do
  # The default session identifier for the session cache.
  # @attribute [String]
  ssl_session_id {"falcon"}
  
  # The SSL context to use for incoming connections.
  # @attribute [OpenSSL::SSL::SSLContext]
  ssl_context do
    contexts = Localhost::Authority.fetch(authority)
    
    contexts.server_context.tap do |context|
      context.alpn_select_cb = lambda do |protocols|
        if protocols.include? "h2"
          return "h2"
        elsif protocols.include? "http/1.1"
          return "http/1.1"
        elsif protocols.include? "http/1.0"
          return "http/1.0"
        else
          return nil
        end
      end
      
      context.session_id_context = ssl_session_id
    end
  end
end

#supervisorObject

A application process monitor environment.



29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
 
# File 'lib/falcon/environments/supervisor.rb', line 29

environment(:supervisor) do
  # The name of the supervisor
  # @attribute [String]
  name "supervisor"
  
  # The IPC path to use for communication with the supervisor.
  # @attribute [String]
  ipc_path do
    ::File.expand_path("supervisor.ipc", root)
  end
  
  # The endpoint the supervisor will bind to.
  # @attribute [Async::IO::Endpoint]
  endpoint do
    Async::IO::Endpoint.unix(ipc_path)
  end
  
  # The service class to use for the supervisor.
  # @attribute [Class]
  service do
    ::Falcon::Service::Supervisor
  end
end

#tlsObject

A general SSL context environment.



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
 
# File 'lib/falcon/environments/tls.rb', line 31

environment(:tls) do
  # The default session identifier for the session cache.
  # @attribute [String]
  ssl_session_id "falcon"
  
  # The supported ciphers.
  # @attribute [Array(String)]
  ssl_ciphers Falcon::TLS::SERVER_CIPHERS
  
  # The public certificate path.
  # @attribute [String]
  ssl_certificate_path do
    File.expand_path("ssl/certificate.pem", root)
  end
  
  # The list of certificates loaded from that path.
  # @attribute [Array(OpenSSL::X509::Certificate)]
  ssl_certificates do
    OpenSSL::X509.load_certificates(ssl_certificate_path)
  end
  
  # The main certificate.
  # @attribute [OpenSSL::X509::Certificate]
  ssl_certificate {ssl_certificates[0]}
  
  # The certificate chain.
  # @attribute [Array(OpenSSL::X509::Certificate)]
  ssl_certificate_chain {ssl_certificates[1..-1]}
  
  # The private key path.
  # @attribute [String]
  ssl_private_key_path do
    File.expand_path("ssl/private.key", root)
  end
  
  # The private key.
  # @attribute [OpenSSL::PKey::RSA]
  ssl_private_key do
    OpenSSL::PKey::RSA.new(File.read(ssl_private_key_path))
  end
  
  # The SSL context to use for incoming connections.
  # @attribute [OpenSSL::SSL::SSLContext]
  ssl_context do
    OpenSSL::SSL::SSLContext.new.tap do |context|
      context.add_certificate(ssl_certificate, ssl_private_key, ssl_certificate_chain)
      
      context.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT
      context.session_id_context = ssl_session_id
      
      context.alpn_select_cb = lambda do |protocols|
        if protocols.include? "h2"
          return "h2"
        elsif protocols.include? "http/1.1"
          return "http/1.1"
        elsif protocols.include? "http/1.0"
          return "http/1.0"
        else
          return nil
        end
      end
      
      # TODO Ruby 2.4 requires using ssl_version.
      context.ssl_version = :TLSv1_2_server
      
      context.set_params(
        ciphers: ssl_ciphers,
        verify_mode: OpenSSL::SSL::VERIFY_NONE,
      )
      
      context.setup
    end
  end
end