Class: Uninterruptible::Configuration
- Inherits:
-
Object
- Object
- Uninterruptible::Configuration
- Defined in:
- lib/uninterruptible/configuration.rb
Overview
Configuration parameters for an individual instance of a server.
See Server#configure for usage instructions.
Constant Summary collapse
- AVAILABLE_SSL_VERSIONS =
%w[TLSv1_1 TLSv1_2].freeze
Instance Attribute Summary collapse
-
#allowed_networks ⇒ Object
Specifiy allowed networks to reject all connections except those originating from allowed networks.
-
#bind ⇒ Object
URI to bind to, falls back to tcp://bind_address:bind_port if unset.
-
#bind_address ⇒ Object
Address to bind the server to (defaults to
0.0.0.0
). -
#bind_port ⇒ Integer
Available TCP Port for the server to bind to (required).
-
#client_tls_certificate_ca ⇒ Object
Validate any connecting clients against a specific CA.
-
#log_level ⇒ Object
Severity of entries written to the log, should be one of Logger::Severity (default Logger::INFO).
-
#log_path ⇒ Object
Where should log output be written to? (defaults to STDOUT).
-
#pidfile_path ⇒ Object
Location to write the pid of the current server to.
-
#start_command ⇒ Object
Command that should be used to reexecute the server (required).
-
#tls_certificate ⇒ Object
Certificate used for authenticating TLS connection.
-
#tls_key ⇒ Object
Private key used for encrypting TLS connection.
-
#tls_version ⇒ Object
TLS version to use for the connection.
-
#verify_client_tls_certificate ⇒ Object
writeonly
Sets the attribute verify_client_tls_certificate.
Instance Method Summary collapse
-
#block_connections? ⇒ Boolean
True when allowed_networks is set.
-
#tls_enabled? ⇒ Boolean
Should the socket server be wrapped with a TLS server (TCP only).
-
#verify_client_tls_certificate? ⇒ Boolean
Should the client be required to present it’s own SSL Certificate? Set #verify_client_tls_certificate to true, or environment variable VERIFY_CLIENT_TLS_CERTIFICATE to enable.
Instance Attribute Details
#allowed_networks ⇒ Object
Specifiy allowed networks to reject all connections except those originating from allowed networks. Set to an array of networks in CIDR format. If environment variable ALLOWED_NETWORKS is set, a comma separated list will be read from that. Setting this enables #block_connections?
101 102 103 |
# File 'lib/uninterruptible/configuration.rb', line 101 def allowed_networks @allowed_networks || (ENV['ALLOWED_NETWORKS'] && ENV['ALLOWED_NETWORKS'].split(',')) || [] end |
#bind ⇒ Object
URI to bind to, falls back to tcp://bind_address:bind_port if unset. Accepts tcp:// or unix:// schemes.
26 27 28 |
# File 'lib/uninterruptible/configuration.rb', line 26 def bind @bind || "tcp://#{bind_address}:#{bind_port}" end |
#bind_address ⇒ Object
Address to bind the server to (defaults to 0.0.0.0
).
21 22 23 |
# File 'lib/uninterruptible/configuration.rb', line 21 def bind_address @bind_address || "0.0.0.0" end |
#bind_port ⇒ Integer
Available TCP Port for the server to bind to (required). Falls back to environment variable PORT if set.
14 15 16 17 18 |
# File 'lib/uninterruptible/configuration.rb', line 14 def bind_port port = (@bind_port || ENV["PORT"]) raise ConfigurationError, "You must configure a bind_port" if port.nil? port.to_i end |
#client_tls_certificate_ca ⇒ Object
Validate any connecting clients against a specific CA. If environment variable CLIENT_TLS_CERTIFICATE_CA is set, attempt to read from that file. Setting this enables #verify_client_tls_certificate?
94 95 96 |
# File 'lib/uninterruptible/configuration.rb', line 94 def client_tls_certificate_ca @client_tls_certificate_ca || ENV['CLIENT_TLS_CERTIFICATE_CA'] end |
#log_level ⇒ Object
Severity of entries written to the log, should be one of Logger::Severity (default Logger::INFO)
51 52 53 |
# File 'lib/uninterruptible/configuration.rb', line 51 def log_level @log_level || Logger::INFO end |
#log_path ⇒ Object
Where should log output be written to? (defaults to STDOUT)
46 47 48 |
# File 'lib/uninterruptible/configuration.rb', line 46 def log_path @log_path || STDOUT end |
#pidfile_path ⇒ Object
Location to write the pid of the current server to. If blank pidfile will not be written. Falls back to environment variable PID_FILE if set.
32 33 34 |
# File 'lib/uninterruptible/configuration.rb', line 32 def pidfile_path @pidfile_path || ENV["PID_FILE"] end |
#start_command ⇒ Object
Command that should be used to reexecute the server (required). Note: bundle exec will be automatically added.
40 41 42 43 |
# File 'lib/uninterruptible/configuration.rb', line 40 def start_command raise ConfigurationError, "You must configure a start_command" unless @start_command @start_command end |
#tls_certificate ⇒ Object
Certificate used for authenticating TLS connection. If environment variable TLS_CERTIFICATE is set, attempt to read from a file at that location
81 82 83 |
# File 'lib/uninterruptible/configuration.rb', line 81 def tls_certificate @tls_certificate || (ENV['TLS_CERTIFICATE'] ? File.read(ENV['TLS_CERTIFICATE']) : nil) end |
#tls_key ⇒ Object
Private key used for encrypting TLS connection. If environment variable TLS_KEY is set, attempt to read from a file at that location.
75 76 77 |
# File 'lib/uninterruptible/configuration.rb', line 75 def tls_key @tls_key || (ENV['TLS_KEY'] ? File.read(ENV['TLS_KEY']) : nil) end |
#tls_version ⇒ Object
TLS version to use for the connection. Must be one of Uninterruptible::Configuration::AVAILABLE_SSL_VERSIONS
If unset, connection will be unencrypted.
63 64 65 66 67 68 69 70 71 |
# File 'lib/uninterruptible/configuration.rb', line 63 def tls_version version = @tls_version || ENV['TLS_VERSION'] || 'TLSv1_2' unless AVAILABLE_SSL_VERSIONS.include?(version) raise ConfigurationError, "Please ensure tls_version is one of #{AVAILABLE_SSL_VERSIONS.join(', ')}" end version end |
#verify_client_tls_certificate=(value) ⇒ Object (writeonly)
Sets the attribute verify_client_tls_certificate
8 9 10 |
# File 'lib/uninterruptible/configuration.rb', line 8 def verify_client_tls_certificate=(value) @verify_client_tls_certificate = value end |
Instance Method Details
#block_connections? ⇒ Boolean
True when allowed_networks is set
106 107 108 |
# File 'lib/uninterruptible/configuration.rb', line 106 def block_connections? !allowed_networks.empty? end |
#tls_enabled? ⇒ Boolean
Should the socket server be wrapped with a TLS server (TCP only). Automatically enabled when #tls_key or #tls_certificate is set
57 58 59 |
# File 'lib/uninterruptible/configuration.rb', line 57 def tls_enabled? !tls_key.nil? || !tls_certificate.nil? end |
#verify_client_tls_certificate? ⇒ Boolean
Should the client be required to present it’s own SSL Certificate? Set #verify_client_tls_certificate to true, or environment variable VERIFY_CLIENT_TLS_CERTIFICATE to enable
87 88 89 90 |
# File 'lib/uninterruptible/configuration.rb', line 87 def verify_client_tls_certificate? @verify_client_tls_certificate == true || !ENV['VERIFY_CLIENT_TLS_CERTIFICATE'].nil? || !client_tls_certificate_ca.nil? end |