I''ve been trying to setup my first production environment and was following along with Coda Hale''s blog entry; I''m on a FreeBSD machine, so I''ve had to tweak a few things from the Linux based presentation. Generally most things have worked. However I''m having a minor difficulty with mongrel_cluster. The cluster is configured and with the "address: 127.0.0.1" line commented out I was able to verify that the three mongrels were active. When I uncomment that line, commit, and redeploy, however the three mongrels are still responding to requests directly when the tutorial says they shouldn''t be. I''ve also tried using "localhost" instead of 127.0.0.1 as I know sometimes different platforms special case that differently, but its behaving the same way. Does anyone have any experience for what else I need to look at to "lock-down" the individual mongrels of a mongrel_cluster under FreeBSD? Thank you. Eric -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
> I''ve been trying to setup my first production environment and was > following along with Coda Hale''s blog entry; I''m on a FreeBSD machine, > so I''ve had to tweak a few things from the Linux based presentation. > Generally most things have worked. However I''m having a minor > difficulty with mongrel_cluster. > > The cluster is configured and with the "address: 127.0.0.1" line > commented out I was able to verify that the three mongrels were active. > When I uncomment that line, commit, and redeploy, however the three > mongrels are still responding to requests directly when the tutorial > says they shouldn''t be. I''ve also tried using "localhost" instead of > 127.0.0.1 as I know sometimes different platforms special case that > differently, but its behaving the same way. > > Does anyone have any experience for what else I need to look at to > "lock-down" the individual mongrels of a mongrel_cluster under FreeBSD?Are you by any chance using a jail? If so, localhost/127.0.0.1 doesn''t really exist... the only thing that the jail can bind to is the public IP address... which is why you''re still able to request it... What you could do if you don''t want people hitting mongrel directly is in the host (assuming this is a jail issue) have the firewall block requests to that port on the public IP if it''s coming from the outside world (based on inbound traffic on the external nic). -philip --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Philip Hallstrom wrote:> Are you by any chance using a jail? If so, localhost/127.0.0.1 doesn''t > really exist... the only thing that the jail can bind to is the public > IP > address... which is why you''re still able to request it... > > What you could do if you don''t want people hitting mongrel directly is > in > the host (assuming this is a jail issue) have the firewall block > requests > to that port on the public IP if it''s coming from the outside world > (based > on inbound traffic on the external nic). > > -philipThank you. That explains it perfectly. Yes I''m in a jail environment. Could the jail have anything do to with a secondary problem I''m having of my VirtualHost *:80 block that binds to the mongrel cluster not being respected by Apache2? Eric -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
> Philip Hallstrom wrote: >> Are you by any chance using a jail? If so, localhost/127.0.0.1 doesn''t >> really exist... the only thing that the jail can bind to is the public IP >> address... which is why you''re still able to request it... >> >> What you could do if you don''t want people hitting mongrel directly is in >> the host (assuming this is a jail issue) have the firewall block requests >> to that port on the public IP if it''s coming from the outside world (based >> on inbound traffic on the external nic). >> >> -philip > > Thank you. That explains it perfectly. Yes I''m in a jail environment. > > Could the jail have anything do to with a secondary problem I''m having of my > VirtualHost *:80 block that binds to the mongrel cluster not being respected > by Apache2?Don''t know about that one... I''m in a jail, and my apache block contains this: <Proxy balancer://mongrel_cluster> BalancerMember http://127.0.0.1:3000 </Proxy> (and my mongrel is 127.0.0.1 specified despite it not binding to it). Apache honors it for me... I can send you my whole thing off line if you want... --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---