Forum: Ruby on Rails Deployment problem, FreeBSD, mongrel_cluster

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Eric N. (Guest)
on 2007-01-15 18:19
I've been trying to setup my first production environment and was
following along with Coda Hale's blog entry; I'm on a FreeBSD machine,
so I've had to tweak a few things from the Linux based presentation.
Generally most things have worked.  However I'm having a minor
difficulty with mongrel_cluster.

The cluster is configured and with the "address: 127.0.0.1" line
commented out I was able to verify that the three mongrels were active.
When I uncomment that line, commit, and redeploy, however the three
mongrels are still responding to requests directly when the tutorial
says they shouldn't be.  I've also tried using "localhost" instead of
127.0.0.1 as I know sometimes different platforms special case that
differently, but its behaving the same way.

Does anyone have any experience for what else I need to look at to
"lock-down" the individual mongrels of a mongrel_cluster under FreeBSD?

Thank you.

Eric
Philip H. (Guest)
on 2007-01-15 21:55
(Received via mailing list)
> says they shouldn't be.  I've also tried using "localhost" instead of
> 127.0.0.1 as I know sometimes different platforms special case that
> differently, but its behaving the same way.
>
> Does anyone have any experience for what else I need to look at to
> "lock-down" the individual mongrels of a mongrel_cluster under FreeBSD?

Are you by any chance using a jail?  If so, localhost/127.0.0.1 doesn't
really exist... the only thing that the jail can bind to is the public
IP
address... which is why you're still able to request it...

What you could do if you don't want people hitting mongrel directly is
in
the host (assuming this is a jail issue) have the firewall block
requests
to that port on the public IP if it's coming from the outside world
(based
on inbound traffic on the external nic).

-philip
Eric N. (Guest)
on 2007-01-15 22:02
Philip H. wrote:
> Are you by any chance using a jail?  If so, localhost/127.0.0.1 doesn't
> really exist... the only thing that the jail can bind to is the public
> IP
> address... which is why you're still able to request it...
>
> What you could do if you don't want people hitting mongrel directly is
> in
> the host (assuming this is a jail issue) have the firewall block
> requests
> to that port on the public IP if it's coming from the outside world
> (based
> on inbound traffic on the external nic).
>
> -philip

Thank you.  That explains it perfectly.  Yes I'm in a jail environment.

Could the jail have anything do to with a secondary problem I'm having
of my VirtualHost *:80 block that binds to the mongrel cluster not being
respected by Apache2?

Eric
Philip H. (Guest)
on 2007-01-15 23:41
(Received via mailing list)
>> -philip
>
> Thank you.  That explains it perfectly.  Yes I'm in a jail environment.
>
> Could the jail have anything do to with a secondary problem I'm having of my
> VirtualHost *:80 block that binds to the mongrel cluster not being respected
> by Apache2?

Don't know about that one...  I'm in a jail, and my apache block
contains
this:

   <Proxy balancer://mongrel_cluster>
     BalancerMember http://127.0.0.1:3000
   </Proxy>

(and my mongrel is 127.0.0.1 specified despite it not binding to it).
Apache honors it for me...

I can send you my whole thing off line if you want...
This topic is locked and can not be replied to.