Deployment problem, FreeBSD, mongrel_cluster

I've been trying to setup my first production environment and was following along with Coda Hale's blog entry; I'm on a FreeBSD machine, so I've had to tweak a few things from the Linux based presentation. Generally most things have worked. However I'm having a minor difficulty with mongrel_cluster.

The cluster is configured and with the "address: 127.0.0.1" line commented out I was able to verify that the three mongrels were active. When I uncomment that line, commit, and redeploy, however the three mongrels are still responding to requests directly when the tutorial says they shouldn't be. I've also tried using "localhost" instead of 127.0.0.1 as I know sometimes different platforms special case that differently, but its behaving the same way.

Does anyone have any experience for what else I need to look at to "lock-down" the individual mongrels of a mongrel_cluster under FreeBSD?

Are you by any chance using a jail? If so, localhost/127.0.0.1 doesn't really exist... the only thing that the jail can bind to is the public IP address... which is why you're still able to request it...

What you could do if you don't want people hitting mongrel directly is in the host (assuming this is a jail issue) have the firewall block requests to that port on the public IP if it's coming from the outside world (based on inbound traffic on the external nic).

-philip

Philip Hallstrom wrote:

Are you by any chance using a jail? If so, localhost/127.0.0.1 doesn't really exist... the only thing that the jail can bind to is the public IP address... which is why you're still able to request it...

What you could do if you don't want people hitting mongrel directly is in the host (assuming this is a jail issue) have the firewall block requests to that port on the public IP if it's coming from the outside world (based on inbound traffic on the external nic).

-philip

Thank you. That explains it perfectly. Yes I'm in a jail environment.

Could the jail have anything do to with a secondary problem I'm having of my VirtualHost *:80 block that binds to the mongrel cluster not being respected by Apache2?

Don't know about that one... I'm in a jail, and my apache block contains this:

   <Proxy balancer://mongrel_cluster>      BalancerMember http://127.0.0.1:3000    </Proxy>

(and my mongrel is 127.0.0.1 specified despite it not binding to it). Apache honors it for me...

I can send you my whole thing off line if you want...