有没有一种方法可以阻止Rails的内置服务器默认情况下不监听0.0.0.0? [英] Is there a way to stop Rails' built-in server from listening on 0.0.0.0 by default?

问题描述

我在不受信任的网络(咖啡店，邻居的开放wifi，DEF CON)上进行了大量的Web开发，并且当随机的，肯定有错误的软件(例如我正在开发的Rails应用)绑定了端口0.0时，我会抽搐.0.0，并开始接受所有用户的请求.我知道我可以使用-b选项指定到服务器的绑定地址，但是我想全局更改默认值，因此除非我另有说明，否则它始终以这种方式运行.当然，我也可以运行某种会阻止连接的防火墙，但最好不要首先监听.是否存在".railsrc"文件或类似文件(至少是每个项目的设置文件，但最好是一些全局设置文件)，我可以使用该文件强制服务器默认情况下仅绑定到127.0.0.1?

I do a lot of web development on untrusted networks (coffeeshops, the neighbors' open wifi, DEF CON), and I get twitchy when random, assuredly buggy software (my Rails app under development, say) binds a port on 0.0.0.0 and starts taking requests from all comers. I know that I can specify the address of binding with the -b option to the server, but I'd like to change the default globally so it always runs that way unless I tell it otherwise. Of course I can also run some kind of firewall which will block the connection, but better not to listen in the first place. Is there a '.railsrc' file or similar -- at least a per-project settings file, but preferably some global settings file -- which I can use to force the server to only bind to 127.0.0.1 by default?

推荐答案

您可以在rails应用程序中更新/script/rails文件，以反映以下内容:

You can update the /script/rails file in you rails app to reflect the following:

#!/usr/bin/env ruby
# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.

APP_PATH = File.expand_path('../../config/application',  __FILE__)
require File.expand_path('../../config/boot',  __FILE__)

# START NEW CODE
require "rails/commands/server"
module Rails
  class Server
    def default_options
      super.merge({
        :Host        => 'my-host.com',
        :Port        => 3000,
        :environment => (ENV['RAILS_ENV'] || "development").dup,
        :daemonize   => false,
        :debugger    => false,
        :pid         => File.expand_path("tmp/pids/server.pid"),
        :config      => File.expand_path("config.ru")            
      })
    end
  end
end
# END NEW CODE

require 'rails/commands'

这将在启动时将Rails应用绑定到my-host.com.您仍然可以从命令行覆盖这些选项.

This will bind the rails app to my-host.com when it starts up. You can still override the options from the command line.

我不确定为什么Rails :: Server API文档中没有反映出这一点.您可以查看 https://github .com/rails/rails/blob/master/railties/lib/rails/commands/server.rb 来查看服务器的实现.

I am not sure why this is not reflected in the Rails::Server API docs. You can have a look at https://github.com/rails/rails/blob/master/railties/lib/rails/commands/server.rb to see the server implementation.

请注意，在Rails 4中，/script/rails文件已移至/bin/rails.

Note that in Rails 4, the /script/rails file has been moved to /bin/rails.

这篇关于有没有一种方法可以阻止Rails的内置服务器默认情况下不监听0.0.0.0?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！