ldraney/mdview
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4

Bind puma to 0.0.0.0 and allow Tailscale host #6

Merged
ldraney merged 2 commits from fix/tunnel-compatibility into main 2026-05-19 11:18:07 +00:00
Conversation 1 Commits 2 Files changed 2 +3 -2
ldraney commented 2026-05-19 11:13:10 +00:00
Owner
Copy link

Summary

  • Bind puma to 0.0.0.0 instead of 127.0.0.1 so the cluster tunnel can reach it
  • Allow *.tail5b443a.ts.net in Rails host authorization

Changes

  • config/puma.rb -- port replaced with bind "tcp://0.0.0.0:..."
  • config/environments/development.rb -- added .tail5b443a.ts.net to allowed hosts

Test Plan

  • ss -tlnp | grep 3137 shows 0.0.0.0
  • curl https://mdview.tail5b443a.ts.net/ returns 200

Review Checklist

  • Passed automated review-fix loop
  • No secrets committed
  • No unnecessary file changes
  • Commit messages are descriptive

Related Notes

  • ldraney/mdview #5 — the Forgejo issue this PR implements

Closes #5

## Summary - Bind puma to `0.0.0.0` instead of `127.0.0.1` so the cluster tunnel can reach it - Allow `*.tail5b443a.ts.net` in Rails host authorization ## Changes - `config/puma.rb` -- `port` replaced with `bind "tcp://0.0.0.0:..."` - `config/environments/development.rb` -- added `.tail5b443a.ts.net` to allowed hosts ## Test Plan - [x] `ss -tlnp | grep 3137` shows `0.0.0.0` - [x] `curl https://mdview.tail5b443a.ts.net/` returns 200 ## Review Checklist - [ ] Passed automated review-fix loop - [ ] No secrets committed - [ ] No unnecessary file changes - [ ] Commit messages are descriptive ## Related Notes - `ldraney/mdview #5` — the Forgejo issue this PR implements Closes #5
Bind puma to 0.0.0.0 and allow Tailscale host
Some checks are pending
CI / scan_ruby (pull_request) Waiting to run
Details
CI / scan_js (pull_request) Waiting to run
Details
CI / lint (pull_request) Waiting to run
Details
121e313bf0 
Puma defaulted to 127.0.0.1, unreachable from the cluster tunnel.
Rails host authorization blocked the Tailscale Funnel domain.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ldraney commented 2026-05-19 11:13:59 +00:00
Author
Owner
Copy link

PR #6 Review

DOMAIN REVIEW

Stack: Ruby on Rails, Puma (application server config). Two config files changed, 3 additions / 1 deletion. Minimal, focused diff.

config/puma.rb -- bind address change

The change from port ENV.fetch("PORT", 3137) to bind "tcp://0.0.0.0:#{ENV.fetch("PORT", 3137)}" is correct Puma DSL. port binds to 0.0.0.0 by default in some Puma versions but the explicit bind form is more reliable and makes the intent (listen on all interfaces) unambiguous. String interpolation with ENV.fetch and a default value is the standard pattern. No issues.

config/environments/development.rb -- host authorization

config.hosts << ".tail5b443a.ts.net" -- the leading dot is Rails convention for wildcard subdomain matching, allowing any *.tail5b443a.ts.net hostname. This is correctly scoped to development.rb only, so production host authorization is unaffected. The tailnet domain tail5b443a is a Tailscale MagicDNS identifier, not a secret (it is not resolvable outside the tailnet).

Comment on the stale comment in puma.rb (line 31): The inline comment still reads # Specifies the 'port' that Puma will listen on... but the directive is now bind, not port. This is cosmetic, not blocking.

BLOCKERS

None.

This is a two-line infrastructure config change. No new application functionality is introduced, no user input is handled, no auth paths are modified, and no secrets are present. The BLOCKER criteria (test coverage for new functionality, unvalidated user input, secrets in code, DRY violations in auth paths) do not apply to this change.

NITS

  1. Stale comment (config/puma.rb line 31): The comment # Specifies the 'port' that Puma will listen on to receive requests; default is 3000. should be updated to reflect the bind directive and the actual default port 3137. Low priority.

SOP COMPLIANCE

  • Branch named after issue: Branch is fix/tunnel-compatibility. SOP expects {issue-number}-{kebab-case-purpose} (e.g., 5-tunnel-compatibility). The fix/ prefix convention diverges from the standard. Non-blocking for this repo given no enforced branch policy was found, but noted.
  • PR body follows template: Has Summary, Changes, Test Plan, Review Checklist, Related Notes. Complete.
  • Related references plan slug: No plan slug exists (confirmed by caller). Related section references the Forgejo issue, which is sufficient given there is no plan.
  • No secrets committed: Tailnet domain identifier is not a secret. No API keys, tokens, or credentials present.
  • No unnecessary file changes: Exactly two files changed, both directly related to the issue.
  • Commit messages are descriptive: PR title is clear and specific.

PROCESS OBSERVATIONS

  • Very small, low-risk config change. Two-line diff with clear intent.
  • Test plan is manual (ss -tlnp, curl) which is appropriate for infrastructure binding changes that are not unit-testable in the traditional sense.
  • No automated tests are affected or needed -- this is server configuration, not application logic.

VERDICT: APPROVED

## PR #6 Review ### DOMAIN REVIEW **Stack**: Ruby on Rails, Puma (application server config). Two config files changed, 3 additions / 1 deletion. Minimal, focused diff. **`config/puma.rb` -- bind address change** The change from `port ENV.fetch("PORT", 3137)` to `bind "tcp://0.0.0.0:#{ENV.fetch("PORT", 3137)}"` is correct Puma DSL. `port` binds to `0.0.0.0` by default in some Puma versions but the explicit `bind` form is more reliable and makes the intent (listen on all interfaces) unambiguous. String interpolation with `ENV.fetch` and a default value is the standard pattern. No issues. **`config/environments/development.rb` -- host authorization** `config.hosts << ".tail5b443a.ts.net"` -- the leading dot is Rails convention for wildcard subdomain matching, allowing any `*.tail5b443a.ts.net` hostname. This is correctly scoped to `development.rb` only, so production host authorization is unaffected. The tailnet domain `tail5b443a` is a Tailscale MagicDNS identifier, not a secret (it is not resolvable outside the tailnet). **Comment on the stale comment in puma.rb (line 31)**: The inline comment still reads `# Specifies the 'port' that Puma will listen on...` but the directive is now `bind`, not `port`. This is cosmetic, not blocking. ### BLOCKERS None. This is a two-line infrastructure config change. No new application functionality is introduced, no user input is handled, no auth paths are modified, and no secrets are present. The BLOCKER criteria (test coverage for new functionality, unvalidated user input, secrets in code, DRY violations in auth paths) do not apply to this change. ### NITS 1. **Stale comment** (`config/puma.rb` line 31): The comment `# Specifies the 'port' that Puma will listen on to receive requests; default is 3000.` should be updated to reflect the `bind` directive and the actual default port 3137. Low priority. ### SOP COMPLIANCE - [ ] **Branch named after issue**: Branch is `fix/tunnel-compatibility`. SOP expects `{issue-number}-{kebab-case-purpose}` (e.g., `5-tunnel-compatibility`). The `fix/` prefix convention diverges from the standard. Non-blocking for this repo given no enforced branch policy was found, but noted. - [x] **PR body follows template**: Has Summary, Changes, Test Plan, Review Checklist, Related Notes. Complete. - [ ] **Related references plan slug**: No plan slug exists (confirmed by caller). Related section references the Forgejo issue, which is sufficient given there is no plan. - [x] **No secrets committed**: Tailnet domain identifier is not a secret. No API keys, tokens, or credentials present. - [x] **No unnecessary file changes**: Exactly two files changed, both directly related to the issue. - [x] **Commit messages are descriptive**: PR title is clear and specific. ### PROCESS OBSERVATIONS - Very small, low-risk config change. Two-line diff with clear intent. - Test plan is manual (`ss -tlnp`, `curl`) which is appropriate for infrastructure binding changes that are not unit-testable in the traditional sense. - No automated tests are affected or needed -- this is server configuration, not application logic. ### VERDICT: APPROVED
Remove stale port comment from puma config
Some checks are pending
CI / scan_ruby (pull_request) Waiting to run
Details
CI / scan_js (pull_request) Waiting to run
Details
CI / lint (pull_request) Waiting to run
Details
3c73f6bd4f 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ldraney deleted branch fix/tunnel-compatibility 2026-05-19 11:18:08 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
ldraney/mdview!6
No description provided.