Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Sep 24 20:57
    dfuentes77 opened #2713
  • Sep 24 01:26
    ioquatix commented #2695
  • Sep 24 00:44
    dentarg opened #2712
  • Sep 24 00:38

    dentarg on localhost-ssl-docs

    Improve localhost integration d… (compare)

  • Sep 23 20:34
    rodzyn opened #2711
  • Sep 23 20:06
    dentarg commented #2706
  • Sep 23 13:13
    nateberkopec labeled #2709
  • Sep 23 13:13
    nateberkopec labeled #2709
  • Sep 23 07:33
    rodzyn commented #2709
  • Sep 23 07:26
    rodzyn synchronize #2709
  • Sep 22 17:16
    rodzyn commented #2709
  • Sep 22 16:24

    nateberkopec on master

    Reimplement delete environment … (compare)

  • Sep 22 16:24
    nateberkopec closed #2710
  • Sep 22 16:24
    nateberkopec commented #2710
  • Sep 22 16:15
    jacobherrington opened #2710
  • Sep 22 14:19
    nateberkopec commented #2709
  • Sep 22 14:14
    rodzyn synchronize #2709
  • Sep 22 14:13
    rodzyn edited #2709
  • Sep 22 14:13
    rodzyn opened #2709
  • Sep 22 12:52
    nateberkopec closed #2707
LemonAndroid
@LemonAndroid
Ben Dean
@b-dean

I have a rails app (written by an outside company) running in Puma 3.11.4 on Ruby 2.2 (I know, sorry) and am running into all sorts of errors that I think have already been fixed in newer versions. As part of figuring out what's going on sorting out TLS problems and 100% CPU puma, our vendor tells us that it is "best practice" to not have Puma handle TLS but instead have nginx in front.

currently we have (more or less):
puma (in docker container) <---TLS port--- AWS Application Load Balancer <---TLS port------ some browser

and the vendor says that the well established best practice is:
puma (in docker container) <---TCP port--- nginx <----TLS port---- AWS Application Load Balancer <---TLS port------ some browser

because "puma isn't meant to handle TLS"

is that correct at all? I can't find anything to support it with some rudimentary searching. Also having two proxies seems like we're just asking for trouble.

I'm also just trying to update their code to use newer Puma and newer Ruby where I suspect those TLS issues will be fixed (at least from reading the CHANGELOG.md)

Blane Dabney
@raelik
Yes, it's pretty standard practice for most web applications these days to allow your reverse proxy (typically nginx) to handle TLS
There's other reasons to use a reverse proxy in front of your Rails app as well
e.g. X-Accel-Redirect and send_file for having nginx handle large files directly
Ben Dean
@b-dean
I'm more wondering about it being best practice to not use Puma's TLS because it's "not meant for TLS" or some such thing. We have the Amazon ALB which is providing a proxy. We had been having Puma do TLS too so we didn't have unencrypted network traffic between the docker container running Puma and the load balancer (which our security guy says is required by PCI)
Seems like most of the recent Puma changes have been to fix something or other related to TLS. Seems odd that they'd spend all that effort if they really only want people to use nginx
Blane Dabney
@raelik
You CAN use Puma's TLS support, it's just not considered best practices. In general, it's always been best practice to put any Rails webserver (unicorn, thin, puma, etc) behind some kind of reverse proxy, TLS or no.
Primarily, this is due to Ruby's lack of native threads and the necessity to run multiple processes to scale properly.
Jae Lee
@jaequery_gitlab
hi, i randomly get this error : "An unhandled lowlevel error occurred. The application logs may have details." , after I googled it, it seem to point to Puma requiring "SECRET_BASE_KEY" environmental being set. i can't seem to find any info on this, what's the value supposed to be?
(alpha numeric , max length, etc )
im using Sinatra btw
not Rails so i couldn't find any more info on it
Blane Dabney
@raelik
That's not a puma thing
Not that I can see. Maybe a gem or some middleware looking for it?
Quick question: Is there a best practice for how to handle connection queueing? I have a raw Puma/Rack app that sits behind an nginx load balancer, and currently, all of the queueing happens in puma. However, for reasons unrelated to queueing, I'm about to put a local nginx on the app servers, between the load balancer nginx and puma itself (it's for a flat-file caching setup). Should I just keep letting Puma queue, or should I disable that and configure the local nginx to handle the connection queueing? If so, are there any guidelines or pitfalls I should be aware of?
Blane Dabney
@raelik
Hmmm beating my head against the wall. I've got a plain jRuby Rack app behind Puma that uses rack.hijack to facilitate a chunked transfer from a Java lib, and when I try to put the app behind an nginx reverse proxy, I start getting Errno::EPIPE errors, and I've tried every combination of keepalive (and no keepalive) options I can think of, and nothing helps.
Works fine without nginx, but as I'm trying to add SSL and use Rack::Sendfile to handle some flat-file operations, I'm kinda stuck.
Blane Dabney
@raelik
Doesn't seem to be a rhyme or reason to exactly why it happens... though it might be the proxy timeout settings, and have nothing to do with keepalive
Blane Dabney
@raelik
Yeah, I think that was it. Had my timeouts WAY too low for what this app does. Dunno why I didn't think about that.
Matthew M. Boedicker
@mmb
what are the implications of running two instances of puma in the same process? one is normal rails and one is a small rack app running in a thread serving prometheus metrics
Farid Zakaria
@fzakaria

I have a change for those that might be using Puma + JRuby; to enable Netty's OpenSSL native bindings.
puma/puma#2181

I'd welcome feedback from JRuby users

Netty's OpenSSL:

Speed: In local testing, we've seen performance improvements of 3x over the JDK. GCM, which is used by the only cipher suite required by the HTTP/2 RFC, is 10-500x faster.

Julien D.
@saluzafa
Hello there! I love Puma, this is an amazing HTTP server, thanks for all your work on that project <3. I have a quick question regarding the Puma configuration, should I use queue_requests=false if I use an AWS Elastic Load Balancer in front of it? Have a nice day all
Marwan Rabbâa
@waghanza
Hi,
Is there a release planned with ruby 3 support ?