Install gems from behind corporate firewall

Ram Iyer's Avatar

Ram Iyer

22 Jul, 2014 09:50 PM

Hello,

I using capistrano to deploy a rails application to stage and production instances which are behind the corporate firewall. When capistrano tries to run the "bundle install" it is encountering errors -

DEBUG[0cd7da3a] Fetching source index from https://rubygems.org/
DEBUG[9ac5ea96] Fetching source index from https://rubygems.org/
DEBUG[9ac5ea96] Retrying source fetch due to error (2/3): Bundler::HTTPError Could not fetch specs from https://rubygems.org/
DEBUG[0cd7da3a] Retrying source fetch due to error (2/3): Bundler::HTTPError Could not fetch specs from https://rubygems.org/
DEBUG[9ac5ea96] Retrying source fetch due to error (3/3): Bundler::HTTPError Could not fetch specs from https://rubygems.org/
DEBUG[0cd7da3a] Retrying source fetch due to error (3/3): Bundler::HTTPError Could not fetch specs from https://rubygems.org/
DEBUG[9ac5ea96] Could not fetch specs from https://rubygems.org/
DEBUG[0cd7da3a] Could not fetch specs from https://rubygems.org/

I have requested firewall holes to be opened up from the stage machine to https://rubygems.org So telnet rubygems.org 443 works.

Can you tell me if there are other hosts with ports to be whitelisted as well for the bundle commands to work?

Thanks,
Ram

  1. 1 Posted by adam21e on 04 Aug, 2014 10:59 PM

    adam21e's Avatar

    I would guess that due to load balancing you are probably hitting a bunch of different IP's that aren't specified in your firewall rules. If they are using EC2 then it might be impossible to give you a definite list of static IP's.

    Do you have a proxy? That would probably be more reliable.

    First test directly on your box without Capistrano and try a simple 'gem install' command to verify that the issue isn't with Bundler or Capistrano.

    To set proxy in your environment use:
    export https_proxy=http://user:password@host:port
    # sometimes it needs to be uppercase depending on the OS
    export HTTPS_PROXY=http://user:password@host:port

    Also try http_proxy or HTTP_PROXY

  2. 2 Posted by Ram Iyer on 05 Aug, 2014 05:58 PM

    Ram Iyer's Avatar

    I found the answer.

    If you are behind teh firewall then you need allow access to these servers/ports

    To rubygems.org 443
    To github.com 443
    To s3.amazonaws.com 443

  3. Support Staff 3 Posted by Evan Phoenix on 13 Aug, 2014 04:12 PM

    Evan Phoenix's Avatar

    Closing.

  4. Evan Phoenix closed this discussion on 13 Aug, 2014 04:12 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac