lib/falcon/hosts.rb in falcon-0.31.0 vs lib/falcon/hosts.rb in falcon-0.32.0

@@ -67,36 +67,40 @@
 			
 			Process::GID.change_privilege(stat.gid)
 			Process::UID.change_privilege(stat.uid)
 		end
 		
+		def spawn(container)
+			container.spawn(name: self.name, restart: true) do |instance|
+				path = File.join(self.root, "falcon.rb")
+				
+				assume_privileges(path)
+				
+				instance.exec("bundle", "exec", path)
+			end
+		end
+		
 		def run(container)
 			if @environment.include?(:server)
 				bound_endpoint = self.bound_endpoint
 				
-				container.run(count: 1, name: self.name) do |task, instance|
+				container.run(name: self.name, restart: true) do |task, instance|
 					Async.logger.info(self) {"Starting application server..."}
 					
-					if root = self.root
-						Dir.chdir(root)
-					end
-					
 					server = @evaluator.server
 					
-					# Drop root privileges:
-					assume_privileges(root)
-					
 					server.run
 					
 					task.children.each(&:wait)
 				end
 			end
 		end
 	end
 	
 	class Hosts
 		DEFAULT_ALPN_PROTOCOLS = ['h2', 'http/1.1'].freeze
+		SERVER_CIPHERS = "EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5".freeze
 		
 		def initialize(configuration)
 			@named = {}
 			@server_context = nil
 			@server_endpoint = nil
@@ -124,12 +128,16 @@
 					self.host_context(socket, hostname)
 				end
 				
 				context.session_id_context = "falcon"
 				context.alpn_protocols = DEFAULT_ALPN_PROTOCOLS
-				context.set_params
 				
+				context.set_params(
+					ciphers: SERVER_CIPHERS,
+					verify_mode: OpenSSL::SSL::VERIFY_NONE,
+				)
+				
 				context.setup
 			end
 		end
 		
 		def host_context(socket, hostname)
@@ -158,27 +166,34 @@
 			Redirection.new(Falcon::BadRequest, @named, secure_endpoint)
 		end
 		
 		def run(container = Async::Container::Forked.new, **options)
 			@named.each do |name, host|
-				host.run(container)
+				host.spawn(container)
 			end
 			
 			secure_endpoint = Async::HTTP::Endpoint.parse(options[:bind_secure], ssl_context: self.ssl_context)
 			insecure_endpoint = Async::HTTP::Endpoint.parse(options[:bind_insecure])
 			
-			container.run(count: 1, name: "Falcon Proxy") do |task, instance|
+			secure_endpoint_bound = insecure_endpoint_bound = nil
+			
+			Async::Reactor.run do
+				secure_endpoint_bound = Async::IO::SharedEndpoint.bound(secure_endpoint)
+				insecure_endpoint_bound = Async::IO::SharedEndpoint.bound(insecure_endpoint)
+			end.wait
+			
+			container.run(name: "Falcon Proxy", restart: true) do |task, instance|
 				proxy = self.proxy
 				
-				proxy_server = Falcon::Server.new(proxy, secure_endpoint)
+				proxy_server = Falcon::Server.new(proxy, secure_endpoint_bound, secure_endpoint.protocol, secure_endpoint.scheme)
 				
 				proxy_server.run
 			end
 			
-			container.run(count: 1, name: "Falcon Redirector") do |task, instance|
+			container.run(name: "Falcon Redirector", restart: true) do |task, instance|
 				redirection = self.redirection(secure_endpoint)
 				
-				redirection_server = Falcon::Server.new(redirection, insecure_endpoint)
+				redirection_server = Falcon::Server.new(redirection, insecure_endpoint_bound, insecure_endpoint.protocol, insecure_endpoint.scheme)
 				
 				redirection_server.run
 			end
 			
 			return container