Self-signed SSL certificates (via the localhost) with Cluster mode is raised an error

[y-yagi]

Describe the bug

I tried to use Self-signed SSL certificates. But it seems that doesn't work in Cluster mode.

To Reproduce

# config.ru 
require "localhost"
run proc { [200, {"Content-Type" => "text/plain"}, ["Hello, World!"]] }

Run it with:

$ bundle exec puma -b "ssl://0.0.0.0:9292" -t 5:5 -w 2 config.ru 
[26770] Puma starting in cluster mode...
[26770] * Puma version: 5.6.1 (ruby 3.0.3-p157) ("Birdie's Version")
[26770] *  Min threads: 5
[26770] *  Max threads: 5
[26770] *  Environment: development
[26770] *   Master PID: 26770
[26770] *      Workers: 2
[26770] *     Restarts: (✔) hot (✔) phased
2022-02-09 10:45:00 +0900 [26770] ERROR: Please specify the SSL key via 'key=' or 'key_pem='

It works well in Single mode.

$ bundle exec puma -b "ssl://0.0.0.0:9292" -t 5:5 config.ru
Puma starting in single mode...
* Puma version: 5.6.1 (ruby 3.0.3-p157) ("Birdie's Version")
*  Min threads: 5
*  Max threads: 5
*  Environment: development
*          PID: 27111
* Listening on ssl://0.0.0.0:9292?
Use Ctrl-C to stop 

Desktop (please complete the following information):

• OS: [Linux(Ubuntu 18.04.6 LTS)]
• Puma Version [5.6.1]

[nateberkopec]

Confirmed. I am very sad we forgot to add a test for this! 😞

[nateberkopec]

I think we could add a test in test_integration_ssl.rb using the example config from #2764

[maleksiuk]

I investigated this issue a little bit and wanted to report my findings in case they're helpful.

The localhost gem support works fine in clustered mode if require "localhost" appears in the Puma config file or if preloading the app. In other words, these two variations work:

bundle exec bin/puma -b "ssl://0.0.0.0:9292" -t 5:5 -w 2 --preload config.ru

(where config.ru is the same one specified in this issue's description)

bundle exec bin/puma -t 5:5 -w 2 -C test/config/ssl_self_signed_config.rb

The thing causing this issue is that Binder#parse needs the localhost gem's classes to be loaded, but if you only load them in the Rackup file then it's too late. This is because, in clustered non-preload mode, the parse is done on Puma launch and the Rackup files are loaded when each worker starts up.

[MSP-Greg]

To clarify what @maleksiuk mentioned, the rackup file should not be used for any Puma configuration except defining the app, which can also be done in the config file.

So, to use localhost, the config file can be one line:

require 'localhost'

If one doesn't want to use a config file, the following should work. Tested with the repo, one may need to change bin/puma to puma for other use:

bundle exec ruby -rlocalhost bin/puma -b "ssl://0.0.0.0:9292" -t 5:5 -w2 test/rackup/hello.ru

I've created a PR which updates the README.md file to clarify use of localhost.