Mongrel users - Jul 2006 - Mongrel, lighty, pound, and request.remote_ip

Is anyone using the setup described at the Rails blog?

http://weblog.rubyonrails.org/2006/7/3/pound-makes-lighty-and-mongrel- 
play-nice

I''m using it in production, and the only problem I have is the same  
as people have described in the comments over there, namely that  
Rails thinks all requests come from localhost.

See http://isabont.com/requestinfo for the headers.

Any suggestions on what to try? Should I just replace lighty+pound  
with Apache?

/Lars

On Jul 8, 2006, at 2:28 AM, Lars Pind wrote:
> Is anyone using the setup described at the Rails blog?
>
> http://weblog.rubyonrails.org/2006/7/3/pound-makes-lighty-and-mongrel-
> play-nice
>
> I''m using it in production, and the only problem I have is the
same
> as people have described in the comments over there, namely that
> Rails thinks all requests come from localhost.
>
> See http://isabont.com/requestinfo for the headers.
>
> Any suggestions on what to try? Should I just replace lighty+pound
> with Apache?
>
> /Lars
http://www.apsis.ch/pound

"REQUEST LOGGING

As a general rule, Pound passes all headers as they arrive from the  
client browser to the back-end server(s). There are two exceptions to  
this rule: Pound may add information about the SSL client certificate  
(as described below), and it will add an X-Forwarded-For header. The  
general format is:

         X-Forwarded-for: client-IP-address

The back-end server(s) may use this extra information in order to  
create their log-files with the real client address (otherwise all  
requests will appear to originate from Pound itself, which is rather  
useless)."


- Jason

Right, but how does that help fix the problem?

The problem is that Pound overrides the X-Forwarded-For header  
already being added by lighty.

Is there a way to get Pound to not mess with that header? I''ve looked  
at the source, and there doesn''t appear to be any.

Alternatively, one could get Pound to read the current X-Forwarded- 
For header when it exists and use the same IP address in the X- 
Forwarded-For header it itself adds, that should solve it, too. But  
again, I don''t see a way to do that, either.

I guess I''ll just have to switch to Apache until lighty sorts out the  
proxying.

/Lars

On Jul 8, 2006, at 6:20 PM, Jason A. Hoffman wrote:
> On Jul 8, 2006, at 2:28 AM, Lars Pind wrote:
>
>> Is anyone using the setup described at the Rails blog?
>>
>> http://weblog.rubyonrails.org/2006/7/3/pound-makes-lighty-and- 
>> mongrel-
>> play-nice
>>
>> I''m using it in production, and the only problem I have is the
same
>> as people have described in the comments over there, namely that
>> Rails thinks all requests come from localhost.
>>
>> See http://isabont.com/requestinfo for the headers.
>>
>> Any suggestions on what to try? Should I just replace lighty+pound
>> with Apache?
>>
>> /Lars
>
> http://www.apsis.ch/pound
>
> "REQUEST LOGGING
>
> As a general rule, Pound passes all headers as they arrive from the
> client browser to the back-end server(s). There are two exceptions to
> this rule: Pound may add information about the SSL client certificate
> (as described below), and it will add an X-Forwarded-For header. The
> general format is:
>
>          X-Forwarded-for: client-IP-address
>
> The back-end server(s) may use this extra information in order to
> create their log-files with the real client address (otherwise all
> requests will appear to originate from Pound itself, which is rather
> useless)."
>
>
> - Jason
>
>
> _______________________________________________
> Mongrel-users mailing list
> Mongrel-users at rubyforge.org
> http://rubyforge.org/mailman/listinfo/mongrel-users

FYI, I''ve found that pen lets you disable the X-Forwarded-For header,  
so I''m using that instead, and Rails picks up the right IP address.

I also noticed that pen.c has code to not add an X-Forwarded-For  
header if one is already present, but it didn''t seem to be working  
for me.

/Lars

On Jul 9, 2006, at 3:14 PM, Lars Pind wrote:
> Right, but how does that help fix the problem?
>
> The problem is that Pound overrides the X-Forwarded-For header
> already being added by lighty.
>
> Is there a way to get Pound to not mess with that header? I''ve
looked
> at the source, and there doesn''t appear to be any.
>
> Alternatively, one could get Pound to read the current X-Forwarded-
> For header when it exists and use the same IP address in the X-
> Forwarded-For header it itself adds, that should solve it, too. But
> again, I don''t see a way to do that, either.
>
> I guess I''ll just have to switch to Apache until lighty sorts out
the
> proxying.
>
> /Lars
>
> On Jul 8, 2006, at 6:20 PM, Jason A. Hoffman wrote:
>
>> On Jul 8, 2006, at 2:28 AM, Lars Pind wrote:
>>
>>> Is anyone using the setup described at the Rails blog?
>>>
>>> http://weblog.rubyonrails.org/2006/7/3/pound-makes-lighty-and-
>>> mongrel-
>>> play-nice
>>>
>>> I''m using it in production, and the only problem I have is
the same
>>> as people have described in the comments over there, namely that
>>> Rails thinks all requests come from localhost.
>>>
>>> See http://isabont.com/requestinfo for the headers.
>>>
>>> Any suggestions on what to try? Should I just replace lighty+pound
>>> with Apache?
>>>
>>> /Lars
>>
>> http://www.apsis.ch/pound
>>
>> "REQUEST LOGGING
>>
>> As a general rule, Pound passes all headers as they arrive from the
>> client browser to the back-end server(s). There are two exceptions to
>> this rule: Pound may add information about the SSL client certificate
>> (as described below), and it will add an X-Forwarded-For header. The
>> general format is:
>>
>>          X-Forwarded-for: client-IP-address
>>
>> The back-end server(s) may use this extra information in order to
>> create their log-files with the real client address (otherwise all
>> requests will appear to originate from Pound itself, which is rather
>> useless)."
>>
>>
>> - Jason
>>
>>
>> _______________________________________________
>> Mongrel-users mailing list
>> Mongrel-users at rubyforge.org
>> http://rubyforge.org/mailman/listinfo/mongrel-users
>
> _______________________________________________
> Mongrel-users mailing list
> Mongrel-users at rubyforge.org
> http://rubyforge.org/mailman/listinfo/mongrel-users

Lars,
How did you get pen to disable the x-forwarded-for header. I didnt see an
option in the pen man page. I only see the below option

-H Adds X-Forwarded-For header to http requests.Thanks!
Sunder


On 7/9/06, Lars Pind <lars at pinds.com> wrote:
>
> FYI, I''ve found that pen lets you disable the X-Forwarded-For
header,
> so I''m using that instead, and Rails picks up the right IP
address.
>
> I also noticed that pen.c has code to not add an X-Forwarded-For
> header if one is already present, but it didn''t seem to be working
> for me.
>
> /Lars
>
> On Jul 9, 2006, at 3:14 PM, Lars Pind wrote:
>
> > Right, but how does that help fix the problem?
> >
> > The problem is that Pound overrides the X-Forwarded-For header
> > already being added by lighty.
> >
> > Is there a way to get Pound to not mess with that header?
I''ve looked
> > at the source, and there doesn''t appear to be any.
> >
> > Alternatively, one could get Pound to read the current X-Forwarded-
> > For header when it exists and use the same IP address in the X-
> > Forwarded-For header it itself adds, that should solve it, too. But
> > again, I don''t see a way to do that, either.
> >
> > I guess I''ll just have to switch to Apache until lighty sorts
out the
> > proxying.
> >
> > /Lars
> >
> > On Jul 8, 2006, at 6:20 PM, Jason A. Hoffman wrote:
> >
> >> On Jul 8, 2006, at 2:28 AM, Lars Pind wrote:
> >>
> >>> Is anyone using the setup described at the Rails blog?
> >>>
> >>> http://weblog.rubyonrails.org/2006/7/3/pound-makes-lighty-and-
> >>> mongrel-
> >>> play-nice
> >>>
> >>> I''m using it in production, and the only problem I
have is the same
> >>> as people have described in the comments over there, namely
that
> >>> Rails thinks all requests come from localhost.
> >>>
> >>> See http://isabont.com/requestinfo for the headers.
> >>>
> >>> Any suggestions on what to try? Should I just replace
lighty+pound
> >>> with Apache?
> >>>
> >>> /Lars
> >>
> >> http://www.apsis.ch/pound
> >>
> >> "REQUEST LOGGING
> >>
> >> As a general rule, Pound passes all headers as they arrive from
the
> >> client browser to the back-end server(s). There are two exceptions
to
> >> this rule: Pound may add information about the SSL client
certificate
> >> (as described below), and it will add an X-Forwarded-For header.
The
> >> general format is:
> >>
> >>          X-Forwarded-for: client-IP-address
> >>
> >> The back-end server(s) may use this extra information in order to
> >> create their log-files with the real client address (otherwise all
> >> requests will appear to originate from Pound itself, which is
rather
> >> useless)."
> >>
> >>
> >> - Jason
> >>
> >>
> >> _______________________________________________
> >> Mongrel-users mailing list
> >> Mongrel-users at rubyforge.org
> >> http://rubyforge.org/mailman/listinfo/mongrel-users
> >
> > _______________________________________________
> > Mongrel-users mailing list
> > Mongrel-users at rubyforge.org
> > http://rubyforge.org/mailman/listinfo/mongrel-users
>
> _______________________________________________
> Mongrel-users mailing list
> Mongrel-users at rubyforge.org
> http://rubyforge.org/mailman/listinfo/mongrel-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://rubyforge.org/pipermail/mongrel-users/attachments/20060709/d7c09396/attachment.html

> How did you get pen to disable the x-forwarded-for header. I didnt  
> see an option in the pen man page. I only see the below option
>
> -H Adds X-Forwarded-For header to http requests.Thanks!
> Sunder
Yes, just don''t specify the -H switch, and it won''t add the
header,
hence it''ll let the one put in there by lighttpd stay there.

pen 7999 localhost:8000 localhost:8001 localhost:8002

is roughly what my pen command looks like.

/Lars

Since we''re talking about load balancing... Has anybody used HAProxy?

http://haproxy.1wt.eu/

Corey


On Jul 9, 2006, at 6:29 AM, Lars Pind wrote:
> FYI, I''ve found that pen lets you disable the X-Forwarded-For
header,
> so I''m using that instead, and Rails picks up the right IP
address.
>
> I also noticed that pen.c has code to not add an X-Forwarded-For
> header if one is already present, but it didn''t seem to be working
> for me.
>
> /Lars
>
> On Jul 9, 2006, at 3:14 PM, Lars Pind wrote:
>
>> Right, but how does that help fix the problem?
>>
>> The problem is that Pound overrides the X-Forwarded-For header
>> already being added by lighty.
>>
>> Is there a way to get Pound to not mess with that header? I''ve
looked
>> at the source, and there doesn''t appear to be any.
>>
>> Alternatively, one could get Pound to read the current X-Forwarded-
>> For header when it exists and use the same IP address in the X-
>> Forwarded-For header it itself adds, that should solve it, too. But
>> again, I don''t see a way to do that, either.
>>
>> I guess I''ll just have to switch to Apache until lighty sorts
out the
>> proxying.
>>
>> /Lars
>>
>> On Jul 8, 2006, at 6:20 PM, Jason A. Hoffman wrote:
>>
>>> On Jul 8, 2006, at 2:28 AM, Lars Pind wrote:
>>>
>>>> Is anyone using the setup described at the Rails blog?
>>>>
>>>> http://weblog.rubyonrails.org/2006/7/3/pound-makes-lighty-and-
>>>> mongrel-
>>>> play-nice
>>>>
>>>> I''m using it in production, and the only problem I
have is the same
>>>> as people have described in the comments over there, namely
that
>>>> Rails thinks all requests come from localhost.
>>>>
>>>> See http://isabont.com/requestinfo for the headers.
>>>>
>>>> Any suggestions on what to try? Should I just replace
lighty+pound
>>>> with Apache?
>>>>
>>>> /Lars
>>>
>>> http://www.apsis.ch/pound
>>>
>>> "REQUEST LOGGING
>>>
>>> As a general rule, Pound passes all headers as they arrive from the
>>> client browser to the back-end server(s). There are two  
>>> exceptions to
>>> this rule: Pound may add information about the SSL client  
>>> certificate
>>> (as described below), and it will add an X-Forwarded-For header.
The
>>> general format is:
>>>
>>>          X-Forwarded-for: client-IP-address
>>>
>>> The back-end server(s) may use this extra information in order to
>>> create their log-files with the real client address (otherwise all
>>> requests will appear to originate from Pound itself, which is
rather
>>> useless)."
>>>
>>>
>>> - Jason
>>>
>>>
>>> _______________________________________________
>>> Mongrel-users mailing list
>>> Mongrel-users at rubyforge.org
>>> http://rubyforge.org/mailman/listinfo/mongrel-users
>>
>> _______________________________________________
>> Mongrel-users mailing list
>> Mongrel-users at rubyforge.org
>> http://rubyforge.org/mailman/listinfo/mongrel-users
>
> _______________________________________________
> Mongrel-users mailing list
> Mongrel-users at rubyforge.org
> http://rubyforge.org/mailman/listinfo/mongrel-users

On 10/07/06, Corey Jewett <ml at syntheticplayground.com>
wrote:
> Since we''re talking about load balancing... Has anybody used
HAProxy?
>
> http://haproxy.1wt.eu/
We''re planning on setting it up in the next week or so and then
running some tests against it / pen / pound with a small cluster.  If
anyone has tips on HAProxy config let me know.

Paul.

Hi,

i''am very new to ruby and mongrel but i have some experience with
haproxy ;-))

With what ''tips'' can i help you ;-)

BTW: Have anybody experience with the *select* limitation in ruby, is
     there any?!

Regards

Alex