Class: H2::Server::HTTPS

Inherits:

H2::Server

• Object
• H2::Server
• H2::Server::HTTPS

Defined in:

lib/h2/server/https.rb

Overview

‘h2’ server - for TLS 1.2 ALPN HTTP/2 connection

See Also:

• https://tools.ietf.org/html/rfc7540#section-3.3

Constant Summary

ALPN_PROTOCOL =

'h2'

ALPN_SELECT_CALLBACK =

->(ps){ ps.find { |p| ALPN_PROTOCOL == p }}

ECDH_CURVES =

'P-256'

TMP_ECDH_CALLBACK =

->(*_){ OpenSSL::PKey::EC.new 'prime256v1' }

ECDH_OPENSSL_MIN_VERSION =

'2.0'

Constants inherited from H2::Server

DEFAULT_OPTIONS

Instance Attribute Summary

Attributes inherited from H2::Server

#options

Instance Method Summary

• #initialize(host:, port:, sni: {}, **options, &on_connection) ⇒ HTTPS constructor

  create a new h2 server that uses SNI to determine TLS cert/key to use.

• #run ⇒ Object

  accept a socket connection, possibly attach spy, hand off to #handle_connection asyncronously, repeat.

Methods inherited from H2::Server

#goaway, #handle_connection, #handle_push_promise, #handle_stream, #shutdown

Constructor Details

#initialize(host:, port:, sni: {}, **options, &on_connection) ⇒ HTTPS

create a new h2 server that uses SNI to determine TLS cert/key to use

SNI options with default callback

:sni

Hash with domain name String keys and Hash values:

:cert

String TLS certificate

:extra_chain_cert

String TLS certificate

:key

String TLS key

SNI options with custom callback

:sni

Hash:

:callback

Proc creates OpenSSL::SSL::SSLContext for each

connection

Parameters:

• host (String) —

  the IP address for this server to listen on

• port (Integer) —

  the TCP port for this server to listen on

• sni (Hash) (defaults to: {}) —

  the SNI option hash with certs/keys for domains

• options (Hash)
• [String] (Hash) —

  a customizable set of options

See Also:

• https://en.wikipedia.org/wiki/Server_Name_Indication

# File 'lib/h2/server/https.rb', line 43

def initialize host:, port:, sni: {}, **options, &on_connection
  @sni          = sni
  @sni_callback = @sni[:callback] || method(:sni_callback)
  @tcpserver    = Celluloid::IO::TCPServer.new host, port
  @sslserver    = Celluloid::IO::SSLServer.new @tcpserver, create_ssl_context(options)
  options.merge! host: host, port: port, sni: sni
  super @sslserver, options, &on_connection
end

Instance Method Details

#run ⇒ Object

accept a socket connection, possibly attach spy, hand off to #handle_connection asyncronously, repeat

# File 'lib/h2/server/https.rb', line 55

def run
  loop do
    begin
      socket = @server.accept
    rescue OpenSSL::SSL::SSLError, Errno::ECONNRESET, Errno::EPIPE,
           Errno::ETIMEDOUT, Errno::EHOSTUNREACH => ex
      Logger.warn "Error accepting SSLSocket: #{ex.class}: #{ex.to_s}"
      retry
    end

    async.handle_connection socket
  end
end