I''m trying to set up shared rails websites, so every user has its own public_html for rails scripts. I''m not really satisfied with the fastcgi approach (cgi scripts can sometimes be nasty security problems) so I''d like to try the another approach. (If someone knows a good tutorial on installing rails on FreeBSD including the fastcgi configuration that would be nice). Each user gets to run its own webrick server and mod_proxy redirects all requests. Is that possible? I can''t find any relevant documentation in mod_proxy to redirect to a specific port, does someone use a similar setup? And is it possible to run multiple rails sites on 1 webrick instance? It would be very useful because then I can give every user his own local port for mod_proxy, otherwise I''d probably have to go for multiple rules in mod_proxy? Bart -- "May the source be with you"
Would not that be excruciatingly slow? And even more if you want to have multiple rails sites with a single webrick instance? Why would fastcgi be unsafe anyway, as each process would run under different user? Zsombor On 5/6/05, Aquila <braempje-VsqqI1RANlHk1uMJSBkQmQ@public.gmane.org> wrote:> I''m trying to set up shared rails websites, so every user has its own > public_html for rails scripts. > > I''m not really satisfied with the fastcgi approach (cgi scripts can > sometimes be nasty security problems) so I''d like to try the another > approach. (If someone knows a good tutorial on installing rails on FreeBSD > including the fastcgi configuration that would be nice). > > Each user gets to run its own webrick server and mod_proxy redirects all > requests. Is that possible? I can''t find any relevant documentation in > mod_proxy to redirect to a specific port, does someone use a similar setup? > And is it possible to run multiple rails sites on 1 webrick instance? It > would be very useful because then I can give every user his own local port > for mod_proxy, otherwise I''d probably have to go for multiple rules in > mod_proxy? > > Bart > -- > "May the source be with you" > > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >-- http://deezsombor.blogspot.com
Bart, I''d strongly advise against using Webrick in a production environment. Webrick is nice for development IMHO, but isn''t suitable for heavy loads and/or "more secure" applications. Another thing is that Webrick and Rails in combination with MySQL somehow doesn''t close the MySQL connections properly, so after some time you''ll get "Too many connection" errors. Also keep in mind that you''ll be starting a new instance of Webrick for every site, I''m not sure what the performance implications are, but I can image that it isn''t very load/cpu/performance effective like this. About your mod_proxy problem. It should be possible to proxy certain url''s to certain ports. Just do http://yoururl:yourportnumber. It works fine, I do the same with Apache -> Lighttp. Flurin Aquila wrote:>I''m trying to set up shared rails websites, so every user has its own >public_html for rails scripts. > >I''m not really satisfied with the fastcgi approach (cgi scripts can >sometimes be nasty security problems) so I''d like to try the another >approach. (If someone knows a good tutorial on installing rails on FreeBSD >including the fastcgi configuration that would be nice). > >Each user gets to run its own webrick server and mod_proxy redirects all >requests. Is that possible? I can''t find any relevant documentation in >mod_proxy to redirect to a specific port, does someone use a similar setup? >And is it possible to run multiple rails sites on 1 webrick instance? It >would be very useful because then I can give every user his own local port >for mod_proxy, otherwise I''d probably have to go for multiple rules in >mod_proxy? > >Bart > >
Dee Zsombor wrote:> Why would > fastcgi be unsafe anyway, as each process would run under different > user?I thought they all ran as the apache user, that''s new for me. I''ll try fastcgi and lighttpd or apache then... Any suggestion on which of the two is best for supporting rails sites for each user? My main intent is to be able to say to users "here is your account, with a public_html folder where you put your rails scripts". Of course I''d like to be able to do that without having to install rails for every user separately. Thanks for fast replies Flurin and Dee! Bart -- "May the source be with you"
Using suEXEC (http://httpd.apache.org/docs/suexec.html) you can have each fastcgi process run as a seperate user (for more of an overview see http://www.trilithium.com/johan/2005/04/apache2-fastcgi/). sam On 5/6/05, Aquila <braempje-VsqqI1RANlHk1uMJSBkQmQ@public.gmane.org> wrote:> Dee Zsombor wrote: > > > Why would > > fastcgi be unsafe anyway, as each process would run under different > > user? > > I thought they all ran as the apache user, that''s new for me. > I''ll try fastcgi and lighttpd or apache then... Any suggestion on which of > the two is best for supporting rails sites for each user? > My main intent is to be able to say to users "here is your account, with a > public_html folder where you put your rails scripts". Of course I''d like to > be able to do that without having to install rails for every user > separately. > > Thanks for fast replies Flurin and Dee! > Bart > -- > "May the source be with you" > > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >-- sam http://www.magpiebrain.com/
On Fri, 6 May 2005, Aquila wrote:> I''m not really satisfied with the fastcgi approach (cgi scripts can > sometimes be nasty security problems) so I''d like to try the anotherLots of things can turn out to be nasty security problems; I wouldn''t dismiss CGI so blindly. In fact, I think if you look into it you''ll find more problems with the various mod_perl, mod_python, etc.. modules than with plain vanilla CGI. --Steve
> On Fri, 6 May 2005, Aquila wrote: > >> I''m not really satisfied with the fastcgi approach (cgi scripts can >> sometimes be nasty security problems) so I''d like to try the another > > Lots of things can turn out to be nasty security problems; I wouldn''t > dismiss CGI so blindly. In fact, I think if you look into it you''ll find > more problems with the various mod_perl, mod_python, etc.. modules than > with plain vanilla CGI.You are probably right... I am now installing Lighttpd/FastCGI but FastCGI fails to compile. Oh well that''s what you get when trying to use FreeBSD :-) -- "May the source be with you"
I''ve got lighttpd + fastcgi running just fine on 5.3. And I guess that doesn''t help out a lot...but what errors are you getting? Send a message to the freebsd-questions list and you''ll get it sorted out quickly, I''m sure. On 5/6/05, Aquila <braempje-VsqqI1RANlHk1uMJSBkQmQ@public.gmane.org> wrote:> > On Fri, 6 May 2005, Aquila wrote: > > > >> I''m not really satisfied with the fastcgi approach (cgi scripts can > >> sometimes be nasty security problems) so I''d like to try the another > > > > Lots of things can turn out to be nasty security problems; I wouldn''t > > dismiss CGI so blindly. In fact, I think if you look into it you''ll find > > more problems with the various mod_perl, mod_python, etc.. modules than > > with plain vanilla CGI. > > You are probably right... I am now installing Lighttpd/FastCGI but FastCGI > fails to compile. Oh well that''s what you get when trying to use > FreeBSD :-) > -- > "May the source be with you" > > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >