Tunneling in capistrano twice

Hi there,

The default recipe expects you to be able to access your web server
directly from your local machine.

On our web server, for security purposes, it is only possible to ssh
to it through one particular ip (which is also a remote machine.)

The capistrano source is so compact and tidy it looks very hackable.
But rather than messing around I thought I’d ask first if anyone else
has any ideas?

Cheers
Henry

Henry T. wrote:

has any ideas?
Seems doable to me.

I’d probably leave the deploy task alone and create before_deploy and
after_deploy tasks that did whatever you need to do. If you can tunnel
through the intermediate host, this is pretty easy to do.

If you have more restrictive networking rules that block port
forwarding, and you can run code on the intermediate server, you could
just do

ssh user@particularip ‘cd /path/to && rake deploy’

My memory is that this will send the sudo prompt back to you, but I
could be wrong about that. In some production environments, this might
be the easiest way to go.

Ray

I remeber having had the same problem, but I don’t remember the
solution. But why don’t you proxy to mongrel and serve the static
files with apache ? That is much easier to setup and works very well
for me.

Greetings,

I’ve set up apache as a proxy for my lightTPD server as describe in JDD
essay: http://duncandavidson.com/essay/2006/01/railsonapache

Everything works great except if I try to access my site like this:
http://softdist6.berkeley.edu

Then my webrowser tries to download the dispatch.fcgi from the webdir of
my app. I have no idea why this is happening. If I do
softdist6.berkeley.edu/all or any sub directory of
softdist6.berkeley.edu
then everything works fine.

My lighthttpd.conf and vhost.conf files are below. Anyone have any
ideas?

[lightTPD]
server.document-root = “/srv/www/ror-apps/software_central/public”
server.modules = (“mod_rewrite”, “mod_accesslog”, “mod_fastcgi”)
server.port = 81
server.username = “wwwrun”
server.groupname = “www”
server.pid-file = CWD + “/tmp/lighttpd.pid”
accesslog.filename = CWD + “/log/access_log”
server.errorlog = CWD + “/log/error_log”
server.indexfiles = ( “index.html” )

mimetype.assign = (
“.css” => “text/css”,
“.gif” => “image/gif”,
“.html” => “text/html”,
“.jpeg” => “image/jpeg”,
“.jpg” => “image/jpeg”,
“.js” => “text/javascript”,
“.pdf” => “application/pdf”,
“.png” => “image/png”,
“.txt” => “text/plain”,
)

var.appname = “/srv/www/ror-apps/software_central”

$HTTP[“host”] == “softdist6.berkeley.edu” {
server.document-root = CWD + “/public”
url.rewrite = ( “^/$” => “index.html”, “^([^.]+)$” => “$1.html” )
server.error-handler-404 = “/dispatch.fcgi”
fastcgi.server = ( “.fcgi” =>
( “localhost” =>
( “min-procs” => 5,
“max-procs” => 5,
“socket” => CWD + “/tmp/sockets/fcgi.socket”,
“bin-path” => CWD + “/public/dispatch.fcgi”,
“bin-environment” => ( “RAILS_ENV” => “development” )
)
)
)
}
[/lightTPD]

[apache]
<VirtualHost *:80>
ServerName softdist6.berkeley.edu
DocumentRoot /srv/www/htdocs/softdist6
ProxyPass /wsspurch !

ProxyPass /i http://softdist6.berkeley.edu:81/
ProxyPassReverse / http://softdist6.berkeley.edu:81
ProxyPreserveHost on

[/apache]

Well, if I can’t fix this problem then I may consider doing that, but
for the time being I’d like find a working solution for lightTPD.

“Why would you prefer to use three things when two will do?”

???

Who is using 3 things? There are two options that were discussed:

  1. Apache being the proxy for lightTPD
  2. Apache being the proxy for mongrel

At least that’s how I understood the suggestion.

-Steven

Why would you prefer to use three things when two will do?


– Tom M.

On Jun 7, 2006, at 11:31 AM, Steven H. wrote:

“Why would you prefer to use three things when two will do?”

???

Who is using 3 things? There are two options that were discussed:

  1. Apache being the proxy for lightTPD

Lighty then passes Rails requests to FastCGI, which makes it three.

  1. Apache being the proxy for mongrel

Where mongrel handles the Rails requests, making it two.


– Tom M.