Passenger 5.1.2: minor fixes + Homebrew tap

by Daniel Knoppel

Version 5.1.2 of the Passenger application server for Ruby, Node.js, Meteor and Python has been released. It fixes a specific use case on macOS where the new Passenger security update check would fail, as well as some other minor nuisances. We are also proud to announce the availability of our new Homebrew tap, which makes it even easier to install Passenger Enterprise on macOS.

The 5.1.x series of Passenger brings a plethora of improvements in uptime maximization, security and efficiency. Please be aware that you can enjoy enterprise features and sponsor the open source development directly by buying Phusion Passenger Enterprise.

Private keychain for Apache / macOS

The system Apache web server on macOS runs as the _www user by default. Since this is a daemon user without a home directory, it lacks a user-specific keychain and defaults to the system keychain. Passenger's security update check relies on accessing the default keychain to prevent unnecessary popups, which fails in this case because the _www user (correctly) doesn't have sufficient permissions.

In Passenger 5.1.2 we avoid permission issues by creating a private keychain on macOS when the system keychain is defaulted to. This change does not affect regular login users.

Enterprise Homebrew tap

The new Passenger Enterprise Homebrew tap is super easy to use. Simply run:

brew tap phusion/passenger

You can then install Passenger Enterprise with one of the commands below:

brew install passenger-enterprise
# -OR-
brew install nginx-passenger-enterprise

You will be asked for your download token when installing Passenger Enterprise for the first time using this tap. The token is cached for use in subsequent installs.

The tap makes it possible for us to provide a Homebrew formula for Passenger Enterprise, which requires authentication to fetch the source code. It also allows us to provide an Nginx formula that depends on Passenger Enterprise instead of Passenger Open Source.

As with all Passenger installation methods, installing Passenger Enterprise conflicts with Passenger Open Source, so you will need to brew uninstall passenger nginx before installing Passenger Enterprise this way.

SSL certificate replaced

The certificate for oss-binaries.phusionpassenger.com has been replaced with a new one that is managed through Let's Encrypt. This is the primary domain where Passenger packages and binaries are hosted.

Older versions of Passenger (< 5.0.22, < 4.0.60) use a pinned version of the old certificate (in some cases) for downloading binaries, but they will gracefully switch to the Amazon S3 fallback domain instead.

No Nginx for builtin engine

Passenger Standalone internally runs Nginx by default in order to provide a battle-hardened webserver front for applications. If there is already another server in front of Passenger that handles things like load balancing, slow client protection and static file caching, then it is possible to use the simpler and faster builtin HTTP engine of Passenger.

Though choosing the builtin engine disables the use of Nginx, Passenger would still try to download or compile Nginx (GH-1910). This unnecessary dependency has been removed in 5.1.2.

Various other

  • Fixes remaining false positives (logging) from the new Meteor cluster warning system. Closes GH-1905.
  • Improve passenger-memory-stats to include JRuby processes that fail to rename as expected. Closes GH-1878.
  • Improve curl check for passenger-install-xxxx-module scripts to catch (very old) curl versions that won't compile against 5.1+.
  • [Standalone] Fixes --nginx-tarball option of passenger start and passenger-config install-standalone-runtime (wasn't working). Also verifies that --nginx-version is explicitly specified as it should be.

Installing 5.1.2

Please see the installation guide.

Upgrading to 5.1.2

We strongly advise staying up to date with the latest version.

See also the upgrade notes below!


OS X
Debian
Ubuntu
Heroku

Red Hat
CentOS
Ruby gem
Tarball

Docker

If you are upgrading from 4.x, please read the 5.0 upgrade notes to learn about potential upgrade caveats.

Download issue with old gem version

Old versions of gem (below 2.2.0, released in 2013) may fail to download the Passenger Enterprise gem from our rubygem hosting software (Gem in a box).

ERROR: Could not find a valid gem 'passenger-enterprise-server' (= 5.1.2), here is why:
 Unable to download data from https://..@www.phusionpassenger.com/enterprise_gems/
 - bad response Unauthorized 401

If this happens, please upgrade to a newer version of gem:

gem install rubygems-update; update_rubygems

Special notes about capistrano-passenger

If you are using Capistrano and capistrano-passenger, then it may fail with this error:

SSHKit::Runner::ExecuteError: Exception while executing as user@99.99.99.99: undefined method `[]' for nil:NilClass

NoMethodError: undefined method `[]' for nil:NilClass

Tasks: TOP => passenger:restart

This is due to an incompatibility in capistrano-passenger with Passenger 5.0.22 and later. Please upgrade capistrano-passenger to 0.2.0 or later.