Rubycas-server permanently bound to 127.0.0.1

[luizesramos]

Hi, I'm trying to access rubycas-server (repository cloned from github) without SSL, using webrick, listening on port 443, on a server with IP 10.0.0.1. When I start the server, the process is bound to 127.0.0.1:443. Within localhost, the service works perfectly. Nmap shows that port 443 is open for localhost, but closed for 10.0.0.1, even specifying "bind_address 0.0.0.0" in config.yml. Thus, I could not access the CAS server from a remote host.

The only thing that fixed the problem for me was changing lib/casserver/server.rb, from: :Host => bind || config[:bind_address], into :Host => config[:bind_address] || "0.0.0.0",

Is this a bug or am I introducing a vulnerability into my copy of the server? Thanks!

[mitfik]

Actually much more sens will be with:

:Host => config[:bind_address] || bind

Another thing is that if you are not using SSL why you bother about 443? The server will be run by default on 3000 and it does not matter if 443 is open or not.

[luizesramos]

I'm disabling SSL for the time being to simplify things (eventually I want to enable it). Forget about the port. 443 is just an example. It could be whatever port the parameter "port" is set to. The issue was that with or without SSL enabled, I couldn't bind to the server's IP, only to 127.0.0.1. I'll try out your suggested modification ":Host => config[:bind_address] || bind". Thanks.

[luizesramos]

":Host => config[:bind_address] || bind" solves the problem! Thanks mitfik!