有没有办法阻止Rails的内置服务器默认监听0.0.0.0？

I do a lot of web development on untrusted networks (coffeeshops, the neighbors' open wifi, DEF CON), and I get twitchy when random, assuredly buggy software (my Rails app under development, say) binds a port on 0.0.0.0 and starts taking requests from all comers. I know that I can specify the address of binding with the -b option to the server, but I'd like to change the default globally so it always runs that way unless I tell it otherwise. Of course I can also run some kind of firewall which will block the connection, but better not to listen in the first place. Is there a '.railsrc' file or similar -- at least a per-project settings file, but preferably some global settings file -- which I can use to force the server to only bind to 127.0.0.1 by default?

我在不受信任的网络（coffeeshops，邻居的开放wifi，DEF CON）上进行了大量的网络开发，当随机，确定无人驾驶的软件（我开发的Rails应用程序，比如说）绑定0.0.0.0上的端口时，我会感到抽搐。开始接受所有人的请求。我知道我可以用服务器的-b选项指定绑定的地址，但是我想全局更改默认值，所以它总是以这种方式运行，除非我告诉它。当然我也可以运行某种阻止连接的防火墙，但最好不要先听。是否存在'.railsrc'文件或类似文件 - 至少是每个项目的设置文件，但最好是一些全局设置文件 - 我可以使用它来强制服务器默认只绑定到127.0.0.1？

3 个解决方案

#1

You can update the /script/rails file in you rails app to reflect the following:

您可以更新rails应用程序中的/ script / rails文件以反映以下内容：

#!/usr/bin/env ruby
# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.

APP_PATH = File.expand_path('../../config/application',  __FILE__)
require File.expand_path('../../config/boot',  __FILE__)

# START NEW CODE
require "rails/commands/server"
module Rails
  class Server
    def default_options
      super.merge({
        :Host        => 'my-host.com',
        :Port        => 3000,
        :environment => (ENV['RAILS_ENV'] || "development").dup,
        :daemonize   => false,
        :debugger    => false,
        :pid         => File.expand_path("tmp/pids/server.pid"),
        :config      => File.expand_path("config.ru")            
      })
    end
  end
end
# END NEW CODE

require 'rails/commands'

This will bind the rails app to my-host.com when it starts up. You can still override the options from the command line.

这将在启动时将rails应用程序绑定到my-host.com。您仍然可以从命令行覆盖选项。

I am not sure why this is not reflected in the Rails::Server API docs. You can have a look at https://github.com/rails/rails/blob/master/railties/lib/rails/commands/server.rb to see the server implementation.

我不确定为什么这不会反映在Rails :: Server API文档中。您可以查看https://github.com/rails/rails/blob/master/railties/lib/rails/commands/server.rb以查看服务器实现。

Note that in Rails 4, the /script/rails file has been moved to /bin/rails.

请注意，在Rails 4中，/ script / rails文件已移至/ bin / rails。

#2

Use the --binding=ip parameter:

使用--binding = ip参数：

rails s --binding=127.0.0.1

https://github.com/rails/rails/blob/master/railties/lib/rails/commands/server.rb

#3

There's no way to change it globally, you'll have to use -b.

全局无法改变它，你必须使用-b。

rails s -b <ip address>

rails s -b

#1