Paul Blair wrote:
> Thanks for the quick reply. I should have mentioned that we're having
> no problems setting up the web server as a front end to Rails on
> Glassfish. The only issue is in restricting access to Glassfish so
> that it can only be accessed via the proxy. E.g., if I have Glassfish
> running on port 3442, I don't want my users circumventing my web
> server and accessing the app by calling URLs on port 3442 directly.
>
> Am I correct in concluding that the Glassfish gem does not currently
> support allowing/denying access based on IP or host? I don't see
> anything on that topic in the resources you referenced. Is there a way
> that this can be done in glassfish.yml?
>
Sorry, I thought its about issues with reverse proxy. I understand what
you are trying to do. No this is currently not possible with glassfish
gem or in the jruby container in glassfish v3 server. Can you report a
bug at glassfish gem at rubyforge or
https://glassfish.dev.java.net/servlets/ProjectIssues? A fix should be
in order shortly.
thanks,
-vivek.
> Thanks,
>
> Paul
>
> On Fri, Oct 9, 2009 at 12:03 PM, Vivek Pandey <Vivek.Pandey_at_sun.com
> <mailto:Vivek.Pandey_at_sun.com>> wrote:
>
> Hi Paul,
>
> The domain.xml virtual-server facility is not exposed thru
> glassfish.yml for a reason - it is meant to be used only with
> Glassfish web container (servlet/ejb etc.). I know its bit
> confusing for the users all of this will become much simpler when
> glassfish gem is implemented using Glassfish embedded API. Infact
> you should avoid making changes to domain.xml by yourself.
> glassfish.yml is the only contract that you should go for.
>
> Having said that, there are many users frontend glassfish gem with
> apache or similar servers in production. I am not familiar with
> Sun Java System Web Server specific mechanism but since we know
> pelple are using with Apache/Squid etc. so it will work with Sun
> Web server as well. Here are few links:
>
> http://kenai.com/projects/jruby/pages/JRubyOnRailsWithGlassfishGem
> http://blog.arungupta.me/2009/06/totd-84-using-apache-mod_proxy_balancer-to-load-balance-ruby-on-rails-running-on-glassfish/
> http://blog.headius.com/2009/04/apache-jruby-rails-glassfish-easy.html
>
> Let us know how it goes,
>
> -vivek.
>
> Paul Blair wrote:
>
> Hello Glassfish team --
>
> We are using the Glassfish gem with JRuby 1.3.1 and Rails
> 2.3.4, behind a Sun Java System Web Server acting as a reverse
> proxy. We have the web server handling all authentication and
> authorization, and we'd like to avoid having to reimplement
> this in the Rails app. So we'd like to set up a configuration
> whereby the only way to access the Rails app is through the
> web server.
>
> I don't see any options for this in glassfish.yml; however, I
> do see that Glassfish allows the virtual-server properties
>
> allowRemoteAddress
> denyRemoteAddress
> allowRemoteHost
> denyRemoteHost
>
> to be set in domain.xml. If I set one of these properties in
> $JRUBY_HOME/lib/ruby/gems/1.8/gems/glassfish-0.9.5-universal-java/domains/domain1/config/domain.xml,
> I can see it being carried over to the
> $RAILS_HOME/tmp/.glassfish/config/domain.xml file. However,
> none of them seem to have any effect.
>
> For example, if I have in the gem's domain.xml
>
> <virtual-server id="server"
> http-listeners="http-listener-1">
> <property
> value="${com.sun.aas.instanceRoot}/docroot" name="docroot"/>
> <property
> value="${com.sun.aas.instanceRoot}/logs/access" name="accesslog"/>
> <property value="false" name="sso-enabled"/>
> <property name="allowRemoteAddress"
> value="127.0.0.1"/>
> </virtual-server>
> I would expect this to be if anything overly restrictive, but
> I can still access the Rails app directly from my browser on
> an external host. I've tried the other properties with equal
> lack of success.
>
> The above domain.xml entry gets translated to the following
> entry in the domain.xml under $RAILS_HOME:
>
> <virtual-server id="server"
> docroot="[RAILS_HOME]/tmp/.glassfish/docroot"
> access-log="[RAILS_HOME]/tmp/.glassfish/logs/access"
> network-listeners="http-listener-1">
> <property name="allowRemoteAddress"
> value="127.0.0.1"></property>
> </virtual-server>
>
> Thanks for any help you can give.
>
>
> --
> Paul Blair
> pblair_at_cyrusinnovation.com <mailto:pblair_at_cyrusinnovation.com>
>
> Cyrus Innovation LLC
> 200 Varick, Suite 902
> New York, NY 10014
> phone: (212) 647-7186
> fax: (212) 591-6043
> http://cyrusinnovation.com
>
> ~~~~~~~~~~~~~~~~~
>
> Cyrus ranked #231 on the Inc 500 fastest growing companies:
> http://www.marketwire.com/press-release/Cyrus-Innovation-Llc-1029552.html
>
> ~~~~~~~~~~~~~~~~~
>