Skip to content

Commit ef83666

Browse files
committed
Prepare Fluxheim 0.5.0 release
1 parent 1f9f0c1 commit ef83666

11 files changed

Lines changed: 440 additions & 45 deletions

CHANGELOG.md

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,14 @@ behavior when the change improves security or project direction.
1111

1212
### Added
1313

14+
- Nothing yet.
15+
16+
## 0.5.0 - Basic Sites Preview
17+
18+
Released: 2026-05-06
19+
20+
### Added
21+
1422
- GitHub CI, Dependabot, CodeQL, dependency policy, and release-check scripts.
1523
- Feature preflight validation for mutually exclusive TLS backends and
1624
zero-retention privacy-mode incompatibilities.
@@ -44,6 +52,8 @@ behavior when the change improves security or project direction.
4452
restricted redirect statuses.
4553
- Wolfi, Alpine, SUSE Micro, and Debian runtime Containerfiles.
4654
- Container image publish workflow for GitHub Container Registry and Docker Hub.
55+
- RPM packaging spec for RHEL/openSUSE-style builds from vendored Cargo
56+
dependencies.
4757
- Runtime UID/GID build args for container images, defaulting to non-root
4858
`65532:65532` while allowing deliberate root-runtime images.
4959
- Zero-retention privacy example config for `profile-privacy` builds.
@@ -92,6 +102,16 @@ behavior when the change improves security or project direction.
92102
`metrics`.
93103
- CodeQL uses the supported Rust `build-mode: none` setup.
94104

105+
### Notes
106+
107+
- This is a preview release for normal static HTML websites and simple
108+
whole-vhost proxying with static TLS certificates. It is not the `1.0.0`
109+
gateway release.
110+
- Known `1.0.0` gaps include SNI certificate selection across multiple
111+
certificates, route-level proxy/static/redirect behavior, websocket-safe
112+
proxying, per-route limits and timeouts, custom upstream error pages, and
113+
secure static alias/directory listing behavior.
114+
95115
## 0.1.0 - Repository Baseline
96116

97117
### Added

Cargo.lock

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[package]
22
name = "fluxheim"
3-
version = "0.1.0"
3+
version = "0.5.0"
44
edition = "2024"
55
rust-version = "1.95"
66
license = "EUPL-1.2"

README.md

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -23,18 +23,24 @@ Fluxheim is licensed under the European Union Public Licence 1.2.
2323

2424
## Status
2525

26-
Fluxheim is under active early development. The public `1.0` target is
27-
intentionally narrow:
26+
Fluxheim is under active early development. The current `0.5.x` release line is
27+
the basic-sites preview:
2828

2929
- static website hosting;
30-
- reverse proxying;
30+
- simple whole-vhost reverse proxying;
3131
- cache module baseline;
3232
- virtual hosts;
3333
- TLS with rustls as the default backend;
3434
- optional cleartext-to-HTTPS redirect;
3535
- strict request limits and secure defaults;
3636
- local and rootless Podman operation.
3737

38+
The public `1.0` target is the first release intended to migrate Fluxheim's own
39+
real multi-site gateway configs. That means route-level proxy/static/redirect
40+
behavior, SNI certificate selection, websocket-safe proxying, per-route limits
41+
and timeouts, custom upstream error pages, and secure static alias/directory
42+
handling must be implemented and tested before `1.0.0`.
43+
3844
Features such as load balancing, ACME automation, admin snapshots, metrics,
3945
WAF, Cloudflare origin support, PHP, CGI, and legacy protocols are planned as
4046
opt-in modules and are documented separately until they graduate.
@@ -299,7 +305,9 @@ layout for configs, TLS certificates, cache, state, logs, and static site roots.
299305

300306
Fluxheim will not treat every planned feature as part of `1.0`.
301307

302-
- `1.0`: stable static hosting and reverse proxy core.
308+
- `0.5`: basic vhosts, static HTML sites, static TLS, containers, and simple
309+
whole-vhost proxying.
310+
- `1.0`: route-aware gateway core sufficient for the posted real site configs.
303311
- `1.1`: TLS policy hardening.
304312
- `1.2`: operational pack: logging, admin snapshots, rollback, metrics.
305313
- `1.3`: load balancer support.

RELEASE_NOTES_0.5.0.md

Lines changed: 144 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,144 @@
1+
# Fluxheim 0.5.0 Release Notes
2+
3+
## Version
4+
5+
- Version: `0.5.0`
6+
- Release date: 2026-05-06
7+
- Git tag: `v0.5.0` after release validation
8+
- Git commit: fill in from `git rev-parse HEAD` before tagging
9+
- License: EUPL-1.2
10+
11+
## Scope
12+
13+
Fluxheim `0.5.0` is the basic-sites preview. It is intended for normal static
14+
HTML websites and simple whole-vhost reverse proxying with static TLS
15+
certificates.
16+
17+
Stable preview scope:
18+
19+
- static web serving for HTML, CSS, JavaScript, images, fonts, and other normal
20+
site assets;
21+
- vhost routing by Host header;
22+
- static downstream TLS certificates, with rustls as the default backend;
23+
- optional global HTTP-to-HTTPS redirect;
24+
- simple whole-vhost reverse proxying to one upstream;
25+
- request/header/body limits;
26+
- default `Server: fluxheim` response header, removable by config;
27+
- secure header mutation policy;
28+
- static cache headers, ETag, conditional requests, and byte ranges;
29+
- rootless Podman/container examples for Wolfi, Alpine, SUSE Micro, and Debian
30+
runtime variants;
31+
- RPM packaging spec for RHEL/openSUSE-style builds from vendored Cargo
32+
dependencies;
33+
- release checks for formatting, linting, tests, dependency policy, advisory
34+
policy, CodeQL, and local smoke coverage.
35+
36+
Default Cargo features:
37+
38+
- `proxy`
39+
- `web`
40+
- `cache`
41+
- `tls-rustls`
42+
- `security`
43+
44+
## Highlights
45+
46+
- Basic vhost static hosting and simple reverse proxying are now documented as
47+
the preview release promise.
48+
- Container deployment examples include explicit graceful shutdown settings so
49+
normal `podman compose down` does not fall back to `SIGKILL`.
50+
- The public `1.0.0` target is now defined as the gateway-ready release needed
51+
for representative real multi-site configs.
52+
53+
## Security And Stability Gate
54+
55+
Fill this in immediately before tagging:
56+
57+
- Gate command: `scripts/stable_release_gate.sh check` or stronger
58+
- Gate report directory:
59+
- Result:
60+
- `cargo audit` result:
61+
- `cargo deny check` result:
62+
- TLS scan result:
63+
- Load smoke result:
64+
- Request-framing smoke result:
65+
- Fuzz target compile result:
66+
- Podman smoke result:
67+
68+
## Reviewed Advisory Exceptions
69+
70+
- `protobuf < 3.7.2` may appear transitively through Pingora dependencies until
71+
upstream updates. Do not accept this exception silently: record the exact
72+
dependency path from `cargo audit`, confirm whether Fluxheim parses
73+
attacker-supplied protobuf through that dependency in this release, and remove
74+
the exception as soon as the upstream fix is available.
75+
76+
## Breaking Changes
77+
78+
- This is a pre-`1.0.0` preview release. Config shape and behavior may still
79+
change when the change improves security or the `1.0.0` gateway target.
80+
81+
## Upgrade Notes
82+
83+
- Prefer `upstreams = ["host:port"]` over the older single `upstream = "host:port"`
84+
field. Do not configure both in the same proxy block.
85+
- Use `[headers.*.add]`/`remove` for user-friendly header changes. The older
86+
`set`/`unset` names remain compatible.
87+
- For containers, keep the container stop timeout higher than
88+
`server.process.grace_period_seconds + graceful_shutdown_timeout_seconds`.
89+
90+
## Known Limitations
91+
92+
These are intentional `1.0.0` blockers, not `0.5.0` promises:
93+
94+
- no multi-certificate SNI selection at runtime yet;
95+
- no route/location layer yet;
96+
- no route-level redirect/proxy/static actions yet;
97+
- no websocket-specific upgrade support yet;
98+
- no per-route body limits or upstream timeouts yet;
99+
- no custom upstream error pages yet;
100+
- no static alias or directory listing support yet;
101+
- no runtime ACME issuance yet.
102+
103+
## Container Images
104+
105+
Planned image tags after release validation:
106+
107+
- GitHub Container Registry: `ghcr.io/valkyoth/fluxheim:v0.5.0-wolfi`
108+
- GitHub Container Registry: `ghcr.io/valkyoth/fluxheim:v0.5.0-alpine`
109+
- GitHub Container Registry: `ghcr.io/valkyoth/fluxheim:v0.5.0-suse-micro`
110+
- GitHub Container Registry: `ghcr.io/valkyoth/fluxheim:v0.5.0-debian`
111+
- Docker Hub: matching variant tags when Docker Hub credentials are configured
112+
- Runtime user: `65532:65532` by default
113+
- Default config path: `/etc/fluxheim/fluxheim.toml`
114+
- Static site path: operator-mounted, commonly `/srv/sites/...`
115+
- Cache path: `/var/cache/fluxheim`
116+
- State path: `/var/lib/fluxheim`
117+
118+
## RPM Packaging
119+
120+
The release includes [packaging/rpm/fluxheim.spec](packaging/rpm/fluxheim.spec)
121+
and [packaging/rpm/fluxheim.tmpfiles](packaging/rpm/fluxheim.tmpfiles).
122+
123+
The spec expects a source tarball plus a vendored Cargo dependency tarball, then
124+
builds with `cargo --offline`:
125+
126+
```bash
127+
cargo vendor vendor > /tmp/fluxheim-cargo-config.toml
128+
tar -czf fluxheim-0.5.0-vendor.tar.gz vendor
129+
```
130+
131+
The default RPM feature set is `profile-core`. Builders can override it with:
132+
133+
```bash
134+
rpmbuild -ba packaging/rpm/fluxheim.spec --define 'fluxheim_features profile-static-site'
135+
```
136+
137+
## Checksums And Signatures
138+
139+
Fill this in during the release:
140+
141+
- Source archive checksum:
142+
- Binary checksums:
143+
- Container digests:
144+
- Tag signature:

ROADMAP.md

Lines changed: 12 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -4,13 +4,14 @@ This roadmap is the working implementation plan. Keep it current as features
44
move from design to code.
55

66
Release sequencing is defined in [Versioning Plan](docs/versioning-plan.md).
7-
That plan keeps `1.0` intentionally small and promotes larger modules through
8-
later minor releases.
7+
That plan treats `0.5.x` as the basic-sites preview and `1.0.0` as the first
8+
gateway-ready release for Fluxheim's representative real multi-site configs.
9+
Larger modules still graduate through later minor releases.
910

1011
## Current MVP Goal
1112

12-
Fluxheim's first stable release should be a local/rootless-Podman friendly
13-
Pingora static web server and reverse proxy that can safely run small sites and
13+
Fluxheim's `0.5.x` preview should be a local/rootless-Podman friendly Pingora
14+
static web server and reverse proxy that can safely run small sites and simple
1415
origin frontends:
1516

1617
- vhost routing with static web serving and single-upstream proxying;
@@ -19,11 +20,13 @@ origin frontends:
1920
- strict header/body limits and basic secure header policy;
2021
- release checks, license checks, and rootless container packaging.
2122

22-
The near-term focus is hardening the already-working baseline rather than
23-
expanding into large research features. ACME runtime, SNI certificate selection,
24-
load balancing, admin snapshots, metrics, Sentinel Mesh/WireGuard,
25-
stale-while-revalidate, and persistent cache indexing remain important, but
26-
they should graduate after the `1.0` stable core according to the versioning
23+
The near-term focus is hardening the already-working baseline, then closing the
24+
`1.0.0` gateway gaps exposed by real configs: SNI certificate selection,
25+
path/location routing, route redirects, websocket-safe proxying, per-route body
26+
limits and timeouts, custom upstream error pages, static aliases, and directory
27+
listing. ACME runtime, load balancing, admin snapshots, metrics, Sentinel
28+
Mesh/WireGuard, stale-while-revalidate, and persistent cache indexing remain
29+
important, but they should graduate after `1.0.0` according to the versioning
2730
plan.
2831

2932
After `1.0`, the first dedicated minor release should focus on TLS policy:

docs/production-readiness.md

Lines changed: 23 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,15 @@
11
# Production Readiness
22

3-
Fluxheim is still pre-`1.0`. This page states what the first stable release is
4-
intended to support, what is deliberately outside the stable promise, and what
5-
operators should verify before using a build beyond local testing.
3+
Fluxheim is still pre-`1.0`. This page states what the current preview release
4+
is intended to support, what the first stable gateway release must support, and
5+
what operators should verify before using a build beyond local testing.
66

7-
## Stable 1.0 Target
7+
## 0.5 Basic-Sites Preview
88

9-
The `1.0` line is intentionally small:
9+
The `0.5.x` line is intentionally limited:
1010

1111
- static file hosting from configured vhost roots;
12-
- reverse proxying to one configured upstream target;
12+
- simple whole-vhost reverse proxying to one configured upstream target;
1313
- vhost routing by exact and wildcard host names;
1414
- cache code compiled by default, with runtime caching disabled until a storage
1515
tier is configured;
@@ -23,6 +23,23 @@ The `1.0` line is intentionally small:
2323
- local release gates for formatting, linting, tests, license policy,
2424
dependency advisories, core feature profiles, and localhost smoke checks.
2525

26+
## Stable 1.0 Target
27+
28+
The `1.0` line should be the first gateway-ready release for representative
29+
real multi-site configs. In addition to the `0.5.x` behavior, it must support:
30+
31+
- SNI certificate selection across multiple configured certificates;
32+
- route-level exact, prefix, and fallback matching;
33+
- route actions for proxy, static serving, and redirects;
34+
- cleartext ACME challenge exception routes plus HTTPS redirect for everything
35+
else;
36+
- apex/`www` redirect vhosts that preserve the request URI safely;
37+
- websocket-safe proxying and prefix stripping for routes such as `/chat/`;
38+
- per-route body limits and upstream connect/read/send timeouts;
39+
- custom upstream error pages;
40+
- static aliases and secure directory listing;
41+
- container DNS behavior suitable for local Podman deployments.
42+
2643
## Not Stable In 1.0
2744

2845
These features may exist in code, documentation, or feature flags, but they are

docs/release-checklist.md

Lines changed: 17 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -46,16 +46,18 @@ scripts/release_checks.sh
4646

4747
The wrapper runs formatting, clippy, tests, selected feature builds, example
4848
config validation, `cargo deny check`, `cargo audit`, and localhost smoke tests.
49-
It may include incubator-module smoke checks during development; the `1.0` core
50-
build matrix below defines what is stable release scope.
49+
It may include incubator-module smoke checks during development. The `0.5.x`
50+
preview scope is basic static/proxy/TLS behavior; the `1.0` gateway scope is
51+
defined in the versioning plan and must cover representative multi-site gateway
52+
configs before a stable tag.
5153

5254
For the stable-release gate without incubator module checks, use:
5355

5456
```bash
5557
scripts/stable_release_gate.sh release
5658
```
5759

58-
Run the 1.0 core localhost smoke directly when changing stable static/proxy
60+
Run the core localhost smoke directly when changing stable static/proxy
5961
behavior:
6062

6163
```bash
@@ -70,14 +72,14 @@ Confirm GitHub CodeQL default setup is enabled for `main`. Do not also enable an
7072
advanced CodeQL workflow for the same repository; GitHub rejects advanced SARIF
7173
uploads when default setup is active.
7274

73-
Confirm the Rust CI workflow still runs the `1.0` core feature matrix in both
74-
check and release modes, plus the `scripts/smoke_1_0_core.sh` localhost smoke.
75+
Confirm the Rust CI workflow still runs the core feature matrix in both check
76+
and release modes, plus the `scripts/smoke_1_0_core.sh` localhost smoke.
7577

7678
## TLS And Certificate Storage
7779

7880
- Static certificate chains and private keys are supported. Bought certificates
7981
remain a first-class deployment mode.
80-
- The 1.0 core smoke generates a temporary static certificate and proves both
82+
- The core smoke generates a temporary static certificate and proves both
8183
static and proxied vhosts over a TLS listener.
8284
- ACME config and renewal queue planning are implemented, but account/order and
8385
challenge runtime work is not release-ready yet. Do not document automated
@@ -91,11 +93,12 @@ fluxheim --config path/to/fluxheim.toml --check-tls-storage
9193
On Unix, private keys should be owner-only (`0600`) and ACME storage directories
9294
should be owner-only (`0700`).
9395

94-
## 1.0 Core Build Matrix
96+
## Core Build Matrix
9597

96-
For a `1.0.x` release, confirm the stable core binaries compile. This matrix
97-
intentionally excludes post-1.0 modules such as load balancing, metrics, admin,
98-
ACME runtime, WAF, PHP/CGI, Cloudflare automation, legacy HTTP, and WASM.
98+
For a `0.5.x` preview or `1.0.x` release, confirm the stable core binaries
99+
compile. This matrix intentionally excludes post-1.0 modules such as load
100+
balancing, metrics, admin, ACME runtime, WAF, PHP/CGI, Cloudflare automation,
101+
legacy HTTP, and WASM.
99102

100103
```bash
101104
scripts/validate-1-0-core.sh release
@@ -112,9 +115,10 @@ scripts/validate-1-0-core.sh check
112115

113116
Passing memory-safe Rust builds is not enough for a proxy. Before every stable
114117
release, run this gate against the stable modules included in that release and
115-
record the results in the release notes. For `1.0.x`, the target is the
116-
static/proxy/TLS core. For later minors, include every module promoted to
117-
`stable` in that release.
118+
record the results in the release notes. For `0.5.x`, the target is the
119+
documented basic-sites preview. For `1.0.x`, the target is the gateway core
120+
needed for representative multi-site configs. For later minors, include every
121+
module promoted to `stable` in that release.
118122

119123
Local checks that can be run from this repository:
120124

0 commit comments

Comments
 (0)