I've been trying to setup my first production environment and was
following along with Coda Hale's blog entry; I'm on a FreeBSD machine,
so I've had to tweak a few things from the Linux based presentation.
Generally most things have worked. However I'm having a minor
difficulty with mongrel_cluster.
The cluster is configured and with the "address: 127.0.0.1" line
commented out I was able to verify that the three mongrels were active.
When I uncomment that line, commit, and redeploy, however the three
mongrels are still responding to requests directly when the tutorial
says they shouldn't be. I've also tried using "localhost" instead of
127.0.0.1 as I know sometimes different platforms special case that
differently, but its behaving the same way.
Does anyone have any experience for what else I need to look at to
"lock-down" the individual mongrels of a mongrel_cluster under FreeBSD?
Are you by any chance using a jail? If so, localhost/127.0.0.1 doesn't really exist... the only thing that the jail can bind to is the public IP address... which is why you're still able to request it...
What you could do if you don't want people hitting mongrel directly is in the host (assuming this is a jail issue) have the firewall block requests to that port on the public IP if it's coming from the outside world (based on inbound traffic on the external nic).