Add HTTP::Server#bind(URI)

[straight-shoota]

This PR was originally included in #5776 but it had been removed as a separate feature. Now that #5959 and #5960 are merged, it is ready to be reviewed. The original description can be found in #2735 (comment)

The URI can be parsed from a string and contains the protocol and address to bind to (plus optional additional configuration for SSL context). This allows for a uniform and easily exchangeable specification in config files.

server.bind "tcp://127.0.0.1:80"
server.bind "unix:///tmp/server.sock"
server.bind "ssl://127.0.0.1:443?key=private.key&cert=certificate.cert&ca=ca.crt"

Along the way this also adds Socket::{IP,UNIX,}Address.parse and OpenSSL::SSL::Context::{Client,Server}.parse to implement the individual component parsers.

[wooster0]

Typo: "relatve"

[wooster0]

Typo: "asa ny"

[bcardiff]

Checking for flag?(:without_openssl) is missing here. At least with a duplication of the Unsupported socket type message or something more specific.

[bcardiff]

I would expect T.parse to be from String -> T. I would suggest T.from_hash for this method.

[bcardiff]

Warn: mixed ditto and :ditto: in the PR

[bcardiff]

Somehow I'm ok with T.parse: URI -> T 😹 , but not with Hash.

[straight-shoota]

URI is essentially a structured string...

[Sija]

*(required*) -> (*required*)
ditto below

[sdogruyol]

Thank you @straight-shoota 👍

[bcardiff]

@straight-shoota

The sample in the PR description mention ssh:// as a protocol, but it should be ssl:// probably.
The port used is not the default 443, although any port is supported using defaults seems better for lazy copy/pasting.

server.bind "ssl://127.0.0.1:443?key=private.key&cert=certificate.cert&ca=ca.crt

Or am I missing something?

[straight-shoota]

You're absolute right.

[jhass]

Bold proposal: Lets ditch ssl:// and only support tls://

[straight-shoota]

All the classes in Crystal are called SSL... so I'd at least keep support for ssl://. But adding tls:// and using it as default (in examples) sounds good.

[jhass]

No, they're called OpenSSL, because they follow the name of the library they wrap. On the other hand we already renamed Http's ssl flags to tls at some point.

[straight-shoota]

No, I mean inside the OpenSSL namespace (which is obviously named after the library), there is OpenSSL::SSL.

But I'd suggest to discuss this further in a new dedicated issue...

[jhass]

I wouldn't be too opposed to renaming that to TLS too :P

[RX14]

OpenSSL namespace will eventually go and be replaced with a TLS namespace with a much better API - which can be supported by libraries which aren't openssl. So +1 to supporting tls but supporting ssl too is fine.

[straight-shoota]

I'll work on that. Waiting for #6530 to be merged.

[crisward]

I realise this has already been merged, but FWIW I would have expected to be able to bind to do server.bind "http://... and server.bind "https://... (as aliases for tcp and ssl). Apologies if this has already been discussed somewhere else. Just saw this in the 0.26 release post. Congrats BTW on the new release!

[straight-shoota]

No, this wasn't discussed before explicitly. And I admit that this might look a bit surprising at first.

The reason is that HTTP and HTTPS are application protocols - and HTTP::Server naturally speaks HTTP(S) on all connections. server.bind "http://[...]" would only tell to use the HTTP protocol (which is obvious since this is an HTTP server).

The URIs used by bind are meant to specify the transport protocol (TCP, TCP+TLS or UNIX socket).
This is probably most clear when looking at tls://127.0.0.1:443?key=private.key&cert=certificate.cert&ca=ca.crt. This URI configures a TCP+TLS server and is not an HTTP resource.

The same transport protocol schemes are also used by similar applications such as Puma or Nginx.

[crisward]

Wasn't aware of other servers using these protocols, makes sense. Thanks for the clarification.