Phusion white papers Phusion overview

Phusion Passenger 4.0.49 released

By Hongli Lai on August 22nd, 2014


Phusion Passenger is a fast and robust web server and application server for Ruby, Python, Node.js and Meteor. Passenger takes a lot of complexity out of deploying web apps, and adds powerful enterprise-grade features that are useful in production. High-profile companies such as Apple, New York Times, AirBnB, Juniper, American Express, etc are already using it, as well as over 350.000 websites.

Phusion Passenger is under constant maintenance and development. Version 4.0.49 is a bugfix release.

Phusion Passenger also has an Enterprise version which comes with a wide array of additional features. By buying Phusion Passenger Enterprise you will directly sponsor the development of the open source version.

Recent changes

  • Upgraded the preferred Nginx version to 1.6.1.
  • Fixed a crash that may be triggered by the passenger_max_requests feature.
  • Introduced the spawn_failed hook, which is called when an application process fails to spawn. You could use this hook to setup an error notification system. Closes GH-1252.
  • Fonts, RSS and XML are now gzip-compressed by default in Phusion Passenger Standalone. Thanks to Jacob Elder. Closes GH-1254.
  • Fixed some user and group information lookup issues. Closes GH-1253.
  • Fixed some request handling crashes. Closes GH-1250.
  • Fixed some compilation problems on Gentoo. Closes GH-1261.
  • Fixed some compilation problems on Solaris. Closes GH-1260.

Installing or upgrading to 4.0.49

OS X OS X Debian Debian Ubuntu Ubuntu
Heroku Heroku Ruby gem Ruby gem Tarball Tarball

Final

Phusion Passenger’s core is open source. Please fork or watch us on Github. :)

If you would like to stay up to date with Phusion news, please fill in your name and email address below and sign up for our newsletter. We won’t spam you, we promise.



Phusion Passenger 4.0.48 released

By Hongli Lai on July 24th, 2014


Phusion Passenger is a fast and robust web server and application server for Ruby, Python, Node.js and Meteor. Passenger takes a lot of complexity out of deploying web apps, and adds powerful enterprise-grade features that are useful in production. High-profile companies such as Apple, New York Times, AirBnB, Juniper, American Express, etc are already using it, as well as over 350.000 websites.

Phusion Passenger is under constant maintenance and development. Version 4.0.48 is a bugfix release.

Phusion Passenger also has an Enterprise version which comes with a wide array of additional features. By buying Phusion Passenger Enterprise you will directly sponsor the development of the open source version.

Recent changes

4.0.47 was a hotfix release for an Enterprise customer. The changes in 4.0.47 and 4.0.48 combined are as follows.

  • Fixed a race condition while determining what user an application should be executed as. This bug could lead to applications being run as the wrong user. Closes GH-1241.
  • [Standalone] Improved autodetection of Rails asset pipeline files. This prevents Standalone from incorrectly setting caching headers on non-asset pipeline files. Closes GH-1225.
  • Fixed compilation problems on CentOS 5. Thanks to J. Smith. Closes GH-1247.
  • Fixed compilation problems on OpenBSD.
  • Fixed compatibility with Ruby 1.8.5.

Installing or upgrading to 4.0.48

OS X OS X Debian Debian Ubuntu Ubuntu
Heroku Heroku Ruby gem Ruby gem Tarball Tarball

Final

Phusion Passenger’s core is open source. Please fork or watch us on Github. :)

If you would like to stay up to date with Phusion news, please fill in your name and email address below and sign up for our newsletter. We won’t spam you, we promise.



Phusion Passenger 4.0.46 released

By Hongli Lai on July 16th, 2014


Phusion Passenger is a fast and robust web server and application server for Ruby, Python, Node.js and Meteor. Passenger takes a lot of complexity out of deploying web apps, and adds powerful enterprise-grade features that are useful in production. High-profile companies such as Apple, New York Times, AirBnB, Juniper, American Express, etc are already using it, as well as over 350.000 websites.

Phusion Passenger is under constant maintenance and development. Version 4.0.46 is a bugfix release.

Phusion Passenger also has an Enterprise version which comes with a wide array of additional features. By buying Phusion Passenger Enterprise you will directly sponsor the development of the open source version.

Recent changes

Most notable changes:

  • Further improved Node.js and Socket.io compatibility.
  • Sticky session cookies have been made more reliable.
  • Fixed WebSocket upgrade issues on Firefox. Closes GH-1232.
  • Improved Python compatibility.
  • Logging of application spawning errors has been much improved. Full details
    about the error, such as environment variables, are saved to a private log file.
    In the past, these details were only viewable in the browser. This change also
    fixes a bug on Phusion Passenger Enterprise, where enabling Deployment Error
    Resistance causes error messages to get lost. Closes GH-1021 and GH-1175.
  • Passenger Standalone no longer, by default, loads shell startup files before
    loading the application. This is because Passenger Standalone is often invoked
    from the shell anyway. Indeed, loading shell startup files again can interfere
    with any environment variables already set in the invoking shell. You can
    still tell Passenger Standalone to load shell startup files by passing
    --load-shell-envvars. Passenger for Apache and Passenger for Nginx still
    load shell startup files by default.
  • If you are a Union Station customer, then
    Phusion Passenger will now also log application spawning errors to Union Station.
    This data isn’t shown in the Union Station interface yet, but it will be
    implemented in the future.

Minor changes:

  • The Python application loader now inserts the application root into sys.path.
    The fact that this was not done previously caused a lot of confusion amongst
    Python users, who wondered why their passenger_wsgi.py could not import any
    modules from the same directory.
  • Fixed a compatibility problem with Django, which could cause Django apps to
    freeze indefinitely. Closes GH-1215.
  • Fixed a regression in Node.js support. When a Node.js app is deployed on
    a HTTPS host, the X-Forwarded-Proto header wasn’t set in 4.0.45.
    Closes GH-1231.
  • Passenger Standalone now works properly when the HOME environment variable
    isn’t set. Closes GH-713.
  • Passenger Standalone’s package-runtime command has been removed. It has
    been broken for a while and has nowadays been obsolete by our automatic
    binary generation system.
    Closes GH-1133.
  • The passenger_startup_file option now also works on Python apps. Closes GH-1233.
  • Fixed compilation problems on OmniOS and OpenIndiana. Closes GH-1212.
  • Fixed compilation problems when Nginx is configured with OpenResty.
    Thanks to Yichun Zhang. Closes GH-1226.
  • Fixed Nginx HTTP POST failures on ARM platforms. Thanks to nocelic for the fix.
    Closes GH-1151.
  • Documentation contributions by Tim Bishop and Tugdual de Kerviler.
  • Minor Nginx bug fix by Feng Gu. Closes GH-1235.

Installing or upgrading to 4.0.46

OS X OS X Debian Debian Ubuntu Ubuntu
Heroku Heroku Ruby gem Ruby gem Tarball Tarball

Final

Phusion Passenger’s core is open source. Please fork or watch us on Github. :)

If you would like to stay up to date with Phusion news, please fill in your name and email address below and sign up for our newsletter. We won’t spam you, we promise.



Announcing new, revamped developer documentation

By Hongli Lai on June 16th, 2014

phusion_banner

We are excited to announce a set of new, revamped developer documentation for Phusion Passenger. While we’ve always had detailed user documentation, our developer documentation was quite sparse in comparison. We had a Contributors Guide that briefly shows you around, an Architectural Overview that mostly covers the I/O model and spawning system, and code comments. Despite this, it was hard for new developers to understand how things work.

Today, we’re changing this with the following:

  • The Contributors Guide has been much improved. It provides a clear, concise starting point for contributors.
  • The 8-minutes Developer Quickstart video shows you how you can get started with developing Passenger, through our Vagrant-based development environment. For those who don’t want to watch the video, there is also a Developer Quickstart document.
  • The Design and Architecture document explains in detail what the design and architecture looks like. It supersedes the Architectural Overview.
  • The Code Walkthrough video walks you through the Passenger codebase, showing you step-by-step how things fit together. It complements the Design and Architecture document.
Code Walkthrough

We need your feedback

At its heart, Passenger is and remains open source, and that means it’s important that people can easily understand and modify the code. We hope that with this, it is now significantly easier to contribute to Passenger. But is it easy enough now? Is there anything we should change or add? We don’t know.

Read the documents. Watch the videos. Use the comment box below and let us know what you think. :)

Phusion Passenger 4.0.45: major Node.js and Meteor compatibility improvements

By Hongli Lai on June 12th, 2014


Phusion Passenger is a fast and robust web server and application server for Ruby, Python, Node.js and Meteor. Passenger takes a lot of complexity out of deploying web apps, and adds powerful enterprise-grade features that are useful in production. High-profile companies such as Apple, New York Times, AirBnB, Juniper, American Express, etc are already using it, as well as over 350.000 websites.

Phusion Passenger is under constant maintenance and development. Version 4.0.45 is a bugfix release.

Phusion Passenger also has an Enterprise version which comes with a wide array of additional features. By buying Phusion Passenger Enterprise you will directly sponsor the development of the open source version.

Recent changes

  • Major improvements in Node.js and Meteor compatibility. Older Phusion Passenger versions implemented Node.js support by emulating Node.js’ HTTP library. This approach was found to be unsustainable, so we’ve abandoned that approach and replaced it with a much simpler approach that does not involve emulating the HTTP library.
  • Introduced support for sticky sessions. Sticky sessions are useful — or even required — for apps that store state inside process memory. Prominent examples include SockJS, Socket.io, faye-websocket and Meteor. Sticky sessions are required to make the aforementioned examples work in multi-process scenarios. By introducing sticky sessions support, we’ve much improved WebSocket support and support for the aforementioned libraries and frameworks.
  • Due to user demand, GET requests with request bodies are once again supported. Support for these kinds of requests was removed in 4.0.42 in an attempt to increase the strictness and robustness of our request handling code. It has been determined that GET requests with request bodies can be adequately supported without degrading robustness in Phusion Passenger. However, GET requests with both request bodies and WebSocket upgrade headers are unsupported. Fixes issue #1092.
  • [Enterprise] The Flying Passenger feature is now also available on Apache.
  • Fixed some issues with RVM mixed mode support, issue #1121.
  • Fixed Passenger Standalone complaining about not finding PassengerHelperAgent during startup.
  • Fixed various minor issues such as #1190 and #1197.
  • The download timeout for passenger-install-nginx-module has been increased. Patch by 亀田 義裕.

Installing or upgrading to 4.0.45

OS X OS X Debian Debian Ubuntu Ubuntu
Heroku Heroku Ruby gem Ruby gem Tarball Tarball

Final

Phusion Passenger’s core is open source. Please fork or watch us on Github. :)

If you would like to stay up to date with Phusion news, please fill in your name and email address below and sign up for our newsletter. We won’t spam you, we promise.



Phusion Passenger 4.0.44 released

By Hongli Lai on May 29th, 2014


Phusion Passenger is a fast and robust web server and application server for Ruby, Python, Node.js and Meteor. Passenger takes a lot of complexity out of deploying web apps, and adds powerful enterprise-grade features that are useful in production. High-profile companies such as Apple, New York Times, AirBnB, Juniper, American Express, etc are already using it, as well as over 350.000 websites.

Phusion Passenger is under constant maintenance and development. Version 4.0.44 is a bugfix release.

Phusion Passenger also has an Enterprise version which comes with a wide array of additional features. By buying Phusion Passenger Enterprise you will directly sponsor the development of the open source version.

Recent changes

Version 4.0.43 has been skipped because a compilation problem on OS X Mountain Lion was found soon after the gem was pushed. The changes in 4.0.34 and 4.0.44 combined are as follows.

  • The issue tracker has now been moved from Google Code to Github. Before version 4.0.44 (May 29 2014, commit 3dd0964c9f4), all issue numbers referred to Google Code. From now on, all issue numbers will refer to Github Issues.
  • On Ruby, fixed nil being frozen on accident in some cases. See issue #1192.
  • Introduced a new command passenger-config list-instances, which prints all running Phusion Passenger instances.
  • Introduced a new command `passenger-config system-metrics, which displays metrics about the system such as the total CPU and memory usage.
  • Fixed some compilation problems caused by the compiler capability autodetector.
  • If you are a Union Station customer, then system metrics such as total CPU usage and memory usage, are now collected as well. This is in preparation for future features.

Installing or upgrading to 4.0.44

OS X OS X Debian Debian Ubuntu Ubuntu
Heroku Heroku Ruby gem Ruby gem Tarball Tarball

Final

Phusion Passenger’s core is open source. Please fork or watch us on Github. :)

If you would like to stay up to date with Phusion news, please fill in your name and email address below and sign up for our newsletter. We won’t spam you, we promise.



Phusion Passenger 4.0.42 released, Ubuntu 14.04 packages available

By Hongli Lai on May 7th, 2014


Phusion Passenger is a fast and robust web server and application server for Ruby, Python, Node.js and Meteor. Passenger takes a lot of complexity out of deploying web apps, and adds powerful enterprise-grade features that are useful in production. High-profile companies such as Apple, New York Times, AirBnB, Juniper, American Express, etc are already using it, as well as over 350.000 websites.

Phusion Passenger is under constant maintenance and development. Version 4.0.42 is a bugfix release.

Phusion Passenger also has an Enterprise version which comes with a wide array of additional features. By buying Phusion Passenger Enterprise you will directly sponsor the development of the open source version.

Recent changes

  • [Nginx] Upgraded the preferred Nginx version to 1.6.0.
  • [Nginx] Fixed compatibility with Nginx 1.7.0.
  • [Standalone] The MIME type for .woff files has been changed to application/font-woff. Fixes issue #1071.
  • There are now APT packages for Ubuntu 14.04. At the same time, packages for Ubuntu 13.10 have been abandoned.
  • Introduced a new command, `passenger-config build-native-support`, for ensuring that the native_support library for the current Ruby interpreter is built. This is useful in system provisioning scripts.
  • For security reasons, friendly error pages (those black/purple pages that shows the error message, backtrace and environment variable dump when an application fails to start) are now disabled by default when the application environment is set to ‘staging’ or ‘production’. Fixes issue #1063.
  • Fixed some compilation warnings on Ubuntu 14.04.
  • Fixed some compatibility problems with Rake 10.2.0 and later. See Rake issue 274.
  • Improved error handling in Union Station support.
  • Data is now sent to Union Station on a more frequent basis, in order to make new data show up more quickly.
  • Information about the code revision is now sent to Union Station, which will be used in the upcoming deployment tracking feature in Union Station 2.

Installing or upgrading to 4.0.42

OS X OS X Debian Debian Ubuntu Ubuntu
Heroku Heroku Ruby gem Ruby gem Tarball Tarball

Final

Phusion Passenger’s core is open source. Please fork or watch us on Github. :)

If you would like to stay up to date with Phusion news, please fill in your name and email address below and sign up for our newsletter. We won’t spam you, we promise.



Phusion Passenger 4.0.41 released, OpenSSL Heartbleed security update

By Hongli Lai on April 8th, 2014


Phusion Passenger is a fast and robust web server and application server for Ruby, Python, Node.js and Meteor. Passenger takes a lot of complexity out of deploying web apps, and adds powerful enterprise-grade features that are useful in production. High-profile companies such as Apple, New York Times, AirBnB, Juniper, American Express, etc are already using it, as well as over 350.000 websites.

Phusion Passenger 4.0.41 has been released ahead of time in order to address the OpenSSL heartbleed security issue (CVE-2014-0160). This is an extremely serious vulnerability in OpenSSL which can completely negate the security that it provides. Users are advised to upgrade as soon as possible.

Phusion Passenger’s relationship with the OpenSSL heartbleed vulnerability is as follows.

We provide precompiled binaries for Passenger Standalone. These binaries are statically linked to OpenSSL in order to make them useable on a wide range of operating systems. With 4.0.41, the binaries have been upgraded to link against OpenSSL 1.0.1g, which fixes the heartbleed vulnerability.

You are vulnerable if:

  • You are using Passenger Standalone, with SSL enabled inside Passenger Standalone (that is, passenger start --ssl).

You are not vulnerable (to the Passenger Standalone static linking issue) if:

  • You are not using Passenger Standalone (e.g. if you’re using Phusion Passenger through the Apache or Nginx integration mode).
  • You are using Passenger Standalone, but without SSL.
  • Your Passenger Standalone is behind another SSL-enabled reverse proxy.

Update: Please note that the only thing this Phusion Passenger update fixes, is any potential vulnerabilities in the Passenger Standalone binaries that we provide. Your system as a whole may still be vulnerable because you’re running a vulnerable OpenSSL version. Please check with your vendor for system updates.

There aren’t many other changes in this release:

  • Fixed some issues with printing UTF-8 log files on Heroku.
  • Added a new flag --ignore-app-not-running to passenger-config restart-app.
    When this flag is given, passenger-config restart-app will exit successfully
    when the specified application is not running, instead of exiting with
    an error.

Installing or upgrading to 4.0.41

OS X OS X Debian Debian Ubuntu Ubuntu
Heroku Heroku Ruby gem Ruby gem Tarball Tarball

Final

Phusion Passenger’s core is open source. Please fork or watch us on Github. :)

Phusion Passenger 4.0.40 released, Nginx 1.4.7 with buffer overflow fix

By Hongli Lai on March 19th, 2014

Phusion Passenger 4.0.40 has been released. The only change in this version is that the preferred Nginx version has been bumped to 1.4.7, because of a buffer overflow exploit in Nginx (CVE-2014-0133). Nginx users are strongly encouraged to upgrade.

Phusion Passenger 4.0.39 released

By Hongli Lai on March 18th, 2014


Phusion Passenger is a fast and robust web server and application server for Ruby, Python, Node.js and Meteor. Passenger takes a lot of complexity out of deploying web apps, and adds powerful enterprise-grade features that are useful in production. High-profile companies such as Apple, New York Times, AirBnB, Juniper, American Express, etc are already using it, as well as over 350.000 websites.

Phusion Passenger is under constant maintenance and development. Version 4.0.39 is a bugfix release.

Phusion Passenger also has an Enterprise version which comes with a wide array of additional features. By buying Phusion Passenger Enterprise you will directly sponsor the development of the open source version.

Recent changes

  • Fixed a crash that could happen if the client disconnects while a chunked response is being sent. Fixes issue #1062.
  • In Phusion Passenger Standalone, it is now possible to customize the Nginx configuration file on Heroku. It is now also possible to permanently apply changes to the Nginx configuration file, surviving upgrades. Please refer to the "Advanced configuration" section of the Phusion Passenger Standalone manual for more information.
  • The programming language selection menu in passenger-install-apache2-module and passenger-install-nginx-module only works on terminals that support UTF-8 and that have a UTF-8 capable font. To cater to users who cannot meet these requirements (e.g. PuTTY users using any of the default Windows fonts), it is now possible to switch the menu to a plain text mode by pressing ‘!’. Fixes issue #1066.
  • Fixed printing UTF-8 characters in log files in Phusion Passenger Standalone.
  • It is now possible to dump live backtraces of Python apps through the ‘SIGABRT’ signal.
  • Fixed closing of file descriptors on OS X 10.9.
  • Fixed compilation of native_support on Rubinius.

Installing or upgrading to 4.0.39

OS X OS X Debian Debian Ubuntu Ubuntu
Heroku Heroku Ruby gem Ruby gem Tarball Tarball

Final

Phusion Passenger’s core is open source. Please fork or watch us on Github. :)

If you would like to stay up to date with Phusion news, please fill in your name and email address below and sign up for our newsletter. We won’t spam you, we promise.