Securing CruiseControl.rb on Nginx
CruiseControl is great
Quick and easy to setup
But takes a few minutes to work out how to secure it.
we start cruise;
cruise@MerlotBuild:~/cruisecontrol.rb$ ./cruise start -d
=> Booting Mongrel
=> Rails 2.3.2 application starting on http://0.0.0.0:3333
Going directly by IP http://94.102.144.37:3333 we get our cruise install.
But that’s not good enough, we need to secure it from the outside world
In Nginx we do this;
server {
listen 80;
server_name cruise.matthewrudy.com;
auth_basic "Access";
auth_basic_user_file /opt/nginx/conf/htpasswd;
location / {
proxy_pass http://localhost:3333;
}
}
And we’re almost done
Except http://94.102.144.37:3333 still works, as mongrel allows requests from any host name
cruise@MerlotBuild:~/cruisecontrol.rb$ ./cruise start -d -b 127.0.0.1
=> Booting Mongrel
=> Rails 2.3.2 application starting on http://127.0.0.1:3333
Does the job… home… secure… safe?
