/ 
Mojolicious-9.42
River stage four • 1087 direct dependents • 1232 total dependents
⭐ Starred 2674 GitHub stars
/ Mojolicious::Command::prefork
Security Advisories (2)
CVE-2024-58134 (2025-05-03)

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user's session.

CVE-2024-58135 (2025-05-03)

Mojolicious versions from 7.28 for Perl may generate weak HMAC session secrets. When creating a default app with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.

NAME

Mojolicious::Command::prefork - Pre-fork command

SYNOPSIS

Usage: APPLICATION prefork [OPTIONS]

  ./myapp.pl prefork
  ./myapp.pl prefork -m production -p -l http://*:8080
  ./myapp.pl prefork -l http://127.0.0.1:8080 -l https://[::]:8081
  ./myapp.pl prefork -l 'https://*:443?cert=./server.crt&key=./server.key'
  ./myapp.pl prefork -l http+unix://%2Ftmp%2Fmyapp.sock -w 12
  ./myapp.pl prefork -l http://127.0.0.1:8080 -p 127.0.0.0/8 -p fc00::/7

Options:
  -a, --accepts <number>               Number of connections for workers to
                                       accept, defaults to 10000
  -b, --backlog <size>                 Listen backlog size, defaults to
                                       SOMAXCONN
  -c, --clients <number>               Maximum number of concurrent
                                       connections, defaults to 1000
  -G, --graceful-timeout <seconds>     Graceful timeout, defaults to 120.
  -I, --heartbeat-interval <seconds>   Heartbeat interval, defaults to 5
  -H, --heartbeat-timeout <seconds>    Heartbeat timeout, defaults to 50
  -h, --help                           Show this summary of available options
      --home <path>                    Path to home directory of your
                                       application, defaults to the value of
                                       MOJO_HOME or auto-detection
  -i, --inactivity-timeout <seconds>   Inactivity timeout, defaults to the
                                       value of MOJO_INACTIVITY_TIMEOUT or 30
  -k, --keep-alive-timeout <seconds>   Keep-alive timeout, defaults to the
                                       value of MOJO_KEEP_ALIVE_TIMEOUT or 5
  -l, --listen <location>              One or more locations you want to
                                       listen on, defaults to the value of
                                       MOJO_LISTEN or "http://*:3000"
  -m, --mode <name>                    Operating mode for your application,
                                       defaults to the value of
                                       MOJO_MODE/PLACK_ENV or "development"
  -P, --pid-file <path>                Path to process id file, defaults to
                                       "prefork.pid" in a temporary directory
  -p, --proxy [<network>]              Activate reverse proxy support,
                                       defaults to the value of
                                       MOJO_REVERSE_PROXY, optionally takes
                                       one or more trusted proxy addresses or
                                       networks
  -r, --requests <number>              Maximum number of requests per
                                       keep-alive connection, defaults to 100
  -s, --spare <number>                 Temporarily spawn up to this number of
                                       additional workers, defaults to 2
  -w, --workers <number>               Number of workers, defaults to 4

DESCRIPTION

Mojolicious::Command::prefork starts applications with the Mojo::Server::Prefork backend.

This is a core command, that means it is always enabled and its code a good example for learning to build new commands, you're welcome to fork it.

See "COMMANDS" in Mojolicious::Commands for a list of commands that are available by default.

ATTRIBUTES

Mojolicious::Command::prefork inherits all attributes from Mojolicious::Command and implements the following new ones.

description

my $description = $prefork->description;
$prefork        = $prefork->description('Foo');

Short description of this command, used for the command list.

usage

my $usage = $prefork->usage;
$prefork  = $prefork->usage('Foo');

Usage information for this command, used for the help screen.

METHODS

Mojolicious::Command::prefork inherits all methods from Mojolicious::Command and implements the following new ones.

build_server

my $server = $daemon->build_server(@ARGV);

Build Mojo::Server::Prefork instance from command line arguments.

run

$prefork->run(@ARGV);

Run this command.

SEE ALSO

Mojolicious, Mojolicious::Guides, https://mojolicious.org.