有没有一种方法可以阻止Rails的内置服务器默认情况下不监听0.0.0.0? [英] Is there a way to stop Rails' built-in server from listening on 0.0.0.0 by default?
问题描述
我在不受信任的网络(咖啡店,邻居的开放wifi,DEF CON)上进行了大量的Web开发,并且当随机的,肯定有错误的软件(例如我正在开发的Rails应用)绑定了端口0.0时,我会抽搐.0.0,并开始接受所有用户的请求.我知道我可以使用-b选项指定到服务器的绑定地址,但是我想全局更改默认值,因此除非我另有说明,否则它始终以这种方式运行.当然,我也可以运行某种会阻止连接的防火墙,但最好不要首先监听.是否存在".railsrc"文件或类似文件(至少是每个项目的设置文件,但最好是一些全局设置文件),我可以使用该文件强制服务器默认情况下仅绑定到127.0.0.1?
I do a lot of web development on untrusted networks (coffeeshops, the neighbors' open wifi, DEF CON), and I get twitchy when random, assuredly buggy software (my Rails app under development, say) binds a port on 0.0.0.0 and starts taking requests from all comers. I know that I can specify the address of binding with the -b option to the server, but I'd like to change the default globally so it always runs that way unless I tell it otherwise. Of course I can also run some kind of firewall which will block the connection, but better not to listen in the first place. Is there a '.railsrc' file or similar -- at least a per-project settings file, but preferably some global settings file -- which I can use to force the server to only bind to 127.0.0.1 by default?
推荐答案
您可以在rails应用程序中更新/script/rails文件,以反映以下内容:
You can update the /script/rails file in you rails app to reflect the following:
#!/usr/bin/env ruby
# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
APP_PATH = File.expand_path('../../config/application', __FILE__)
require File.expand_path('../../config/boot', __FILE__)
# START NEW CODE
require "rails/commands/server"
module Rails
class Server
def default_options
super.merge({
:Host => 'my-host.com',
:Port => 3000,
:environment => (ENV['RAILS_ENV'] || "development").dup,
:daemonize => false,
:debugger => false,
:pid => File.expand_path("tmp/pids/server.pid"),
:config => File.expand_path("config.ru")
})
end
end
end
# END NEW CODE
require 'rails/commands'
这将在启动时将Rails应用绑定到my-host.com.您仍然可以从命令行覆盖这些选项.
This will bind the rails app to my-host.com when it starts up. You can still override the options from the command line.
我不确定为什么Rails :: Server API文档中没有反映出这一点.您可以查看 https://github .com/rails/rails/blob/master/railties/lib/rails/commands/server.rb 来查看服务器的实现.
I am not sure why this is not reflected in the Rails::Server API docs. You can have a look at https://github.com/rails/rails/blob/master/railties/lib/rails/commands/server.rb to see the server implementation.
请注意,在Rails 4中,/script/rails文件已移至/bin/rails.
Note that in Rails 4, the /script/rails file has been moved to /bin/rails.
这篇关于有没有一种方法可以阻止Rails的内置服务器默认情况下不监听0.0.0.0?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!