184

I'm using Ubuntu/vagrant as my development environment. I'm getting these messages on rails console:

Started GET "/assets/home-fcec5b5a277ac7c20cc9f45a209a3bcd.js?body=1" for 10.0.2.2 at 2015-04-02 15:48:31 +0000
Cannot render console from 10.0.2.2! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255

Is it possible to disable those "cannot render..." messages or allow them in any way?

arogachev
  • 33,150
  • 7
  • 114
  • 117
Leandro França
  • 1,884
  • 2
  • 11
  • 11

15 Answers15

223

You need to specifically allow the 10.0.2.2 network space in the Web Console config.

So you'll want something like this:

class Application < Rails::Application
  config.web_console.permissions = '10.0.2.2'
end

Read here for more information.

As pointed out by pguardiario, this wants to go into config/environments/development.rb rather than config/application.rb so it is only applied in your development environment.

ydaetskcoR
  • 53,225
  • 8
  • 158
  • 177
  • 8
    I think you only want the second line inside `config/environments/development.rb`, @ydaetskcoR – Ehtesh Choudhury Nov 04 '15 at 16:56
  • 2
    For Vagrant in particular, something like this might also be good as the right side of the assignment: `ENV.fetch('SSH_CLIENT', '127.0.0.1').split(' ').first`. In general, this will probably be 10.0.2.2, but it should reflect whatever network configuration is active (vagrant or not, really -- which of course may or may not be what you want). – lindes Dec 17 '17 at 22:56
  • 4
    There's two different things happening here. the first is the web console being rendered on your local machine when rails is running in a vagrant box. This is controlled by `config.web_console.whitelisted_ips`. The second is the error messages that you are seeing in your logs. This is controlled by `config.web_console.whiny_requests`. Finally, and this was the issue that I faced, the whitelist Ip error was caused because rails was trying to render the console as a default mechanism to handle another error. So either fixing the other error, or changing the default should also help. – kapad Jul 05 '18 at 15:17
  • 1
    You generally don't want to hardcode things. See [my answer](https://stackoverflow.com/a/58702345/52499). – x-yuri Nov 04 '19 at 23:15
  • Can I whitelist all IP addresses? – Aaron Franke Nov 14 '19 at 03:22
  • 3
    Note that since version 4 (latest), the syntax is `config.web_console.permissions`, not `config.web_console.whitelisted_ips`. See https://github.com/rails/web-console/commit/61ce65b599f56809de1bd8da6590a80acbd92017 – stwr667 Dec 09 '19 at 07:01
99

You can whitelist single IP's or whole networks.

Say you want to share your console with 192.168.0.100. You can do this:

class Application < Rails::Application
  config.web_console.whitelisted_ips = '192.168.0.100'
end

If you want to whitelist the whole private network, you can do:

class Application < Rails::Application
  config.web_console.whitelisted_ips = '192.168.0.0/16'
end

If you don't wanna see this message anymore, set this option to false:

class Application < Rails::Application
  config.web_console.whiny_requests = false
end

Be careful what you wish for, 'cause you might just get it all

This is probably only for development purposes so you might prefer to place it under config/environments/development.rb instead of config/application.rb.

Flavio Wuensche
  • 9,460
  • 1
  • 57
  • 54
  • I use the OS X "computer name" feature under System Prefs > Sharing and bind the Webrick source IP to a alphabetical name (e.g., myname.local:3000), however, Webrick won't start up when I attempt to whitelist this. Any suggestions? – nipponese Jan 23 '16 at 03:28
  • 1
    As a note the `whiny_requests` option does not _disable_ the permissions, it simply _hides_ the warning message. I misunderstood that until I tried to use it. – Topher Fangio May 05 '23 at 16:00
58

Hardcoding an IP into a configuration file isn't good. What about other devs? What if the ip changes?

Docker-related config should not leak into the rails app whenever possible. That's why you should use env vars in the config/environments/development.rb file:

class Application < Rails::Application
  # Check if we use Docker to allow docker ip through web-console
  if ENV['DOCKERIZED'] == 'true'
    config.web_console.whitelisted_ips = ENV['DOCKER_HOST_IP']
  end
end

You should set correct env vars in a .env file, not tracked into version control.

In docker-compose.yml you can inject env vars from this file with env_file:

app:
  build: .
  ports:
   - "3000:3000"
  volumes:
    - .:/app
  links:
    - db
  environment:
    - DOCKERIZED=true
  env_file:
    - ".env"

Based on the feebdack received in comments, we can also build a solution without environment variables:

class Application < Rails::Application
  # Check if we use Docker to allow docker ip through web-console
  if File.file?('/.dockerenv') == true
    host_ip = `/sbin/ip route|awk '/default/ { print $3 }'`.strip
    config.web_console.whitelisted_ips << host_ip
  end
end

I'll leave the solutions with env var for learning purposes.

Pak
  • 2,123
  • 22
  • 28
  • 1
    My DOCKER_HOST_IP env var is not set. Any idea what could have changed since feb 22? – dennis-tra May 15 '16 at 12:45
  • You should specify it yourself in your environment file. – Pak May 15 '16 at 13:04
  • Thanks for the answer - it was basically exactly what I was looking for. With regards to `DOCKER_HOST_IP`, if you set it in the environment file, isn't that a case of Docker-related configuration leaking into the rails app? – Brian Kung Jul 05 '16 at 20:49
  • 1
    @BrianKung I believe it's okay : `.env` should not be checked into version control, anyone may override it in its own environment. The docker information leaks anyway into the app, we just minimize the damage here :) – Pak Jul 05 '16 at 22:04
  • 1
    Perfect, I just learned about the `env_file` and `environment` options in `docker-compose.yml` from your answer, too. – Brian Kung Jul 05 '16 at 22:49
  • 7
    No need to create the `DOCKERIZED`-env variable. Docker creates a `/.dockerenv`-file, which you can check for: `File.file?('/.dockerenv') => true` and you're inside a container. – jottr Nov 18 '17 at 14:07
  • No need to add `DOCKER_HOST_IP` env variable too. You can use this code to find the host IP `host_ip = \`/sbin/ip route|awk '/default/ { print $3 }'\`.strip`. Source https://stackoverflow.com/a/24716645/4862360. See my answer with full solution below – Aleksander Ryhlitski Apr 16 '19 at 20:56
  • No need to spawn processes :) See [my answer](https://stackoverflow.com/a/58702345/52499). – x-yuri Nov 04 '19 at 23:18
28

Auto discovery within your config/development.rb

config.web_console.whitelisted_ips = Socket.ip_address_list.reduce([]) do |res, addrinfo|
    addrinfo.ipv4? ? res << IPAddr.new(addrinfo.ip_address).mask(24) : res
end

Of course might need to add 

require 'socket'
require 'ipaddr'

Within your file.

GabLeRoux
  • 16,715
  • 16
  • 63
  • 81
Meta Lambda
  • 703
  • 1
  • 7
  • 13
  • 2
    Best answer - just newer then the rest – Jono Sep 13 '17 at 17:23
  • this seems to work excellently for me as I'm running Rails in a Docker container – FireDragon Jun 12 '18 at 20:45
  • Personally, I would prefer readability of a select + map combination: `config.web_console.whitelisted_ips = Socket.ip_address_list.select(&:ipv4?).map{ |addrinfo| IPAddr.new(addrinfo.ip_address).mask(24) }` – Alexis Sep 17 '19 at 08:11
  • 2
    also, why is this better than simple `config.web_console.whitelisted_ips = ['10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16']` from @kwerle's [answer](https://stackoverflow.com/a/46105295/786948)? – Alexis Sep 17 '19 at 08:15
  • I also want to know. Why is this better than the simple config? – Anwar Oct 29 '19 at 04:28
  • @Anwar It feature auto-discovery instead of hardcoding IP addresses that would be subject to change. Using configuration variables would also be a good option. – Meta Lambda Oct 30 '19 at 09:38
  • Best solution so far. But why stop there? You can [make use of `Socket.getifaddrs`](https://stackoverflow.com/a/58702345/52499) to be able to specify the correct netmask. – x-yuri Nov 04 '19 at 23:20
23

Anyone on any of my private networks is welcome.

I run in a docker container and I don't care which network it wants to use this week.

config/environments/development.rb add line

config.web_console.whitelisted_ips = ['10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16']
kwerle
  • 2,225
  • 22
  • 25
9

If you run your site locally (on the host) it generally works out, since 127.0.0.1 is always permitted. But if you're going to put your site into a container (not in production, locally), you might want to add this into config/environments/development.rb:

require 'socket'
require 'ipaddr'
Rails.application.configure do
  ...
  config.web_console.permissions = Socket.getifaddrs
    .select { |ifa| ifa.addr.ipv4_private? }
    .map { |ifa| IPAddr.new(ifa.addr.ip_address + '/' + ifa.netmask.ip_address) }
  ...
end

P.S. Most of the time you want it to whine (don't want to do config.web_console.whiny_requests = false). Because it might mean you're running web-console in production (which you shouldn't do).

x-yuri
  • 16,722
  • 15
  • 114
  • 161
  • code golf with one loop: `Socket.getifaddrs.map { |ifa| ifa.addr.ip_address + '/' + ifa.netmask.ip_address if ifa.addr.ipv4_private? }.compact` – SMAG Jun 20 '23 at 20:41
8

For development environment: Detect if it's docker, then determine the IP address and whitelist it

# config/environments/development.rb
require 'socket'
require 'ipaddr'

Rails.application.configure do
  ...

  # When inside a docker container
  if File.file?('/.dockerenv')
    # Whitelist docker ip for web console
    # Cannot render console from 172.27.0.1! Allowed networks: 127.0.0.1
    Socket.ip_address_list.each do |addrinfo|
      next unless addrinfo.ipv4?
      next if addrinfo.ip_address == "127.0.0.1" # Already whitelisted

      ip = IPAddr.new(addrinfo.ip_address).mask(24)

      Logger.new(STDOUT).info "Adding #{ip.inspect} to config.web_console.whitelisted_ips"

      config.web_console.whitelisted_ips << ip
    end
  end
end

For me this prints the following and the warning goes away 

Adding 172.27.0.0 to config.web_console.whitelisted_ips
Adding 172.18.0.0 to config.web_console.whitelisted_ips

My solution was to combine

Scymex
  • 954
  • 9
  • 17
  • 1
    Thank you for your answer! For me this code returned: `undefined method <<' for nil:NilClass (NoMethodError)`. So I created a variable called `whitelisted_ips = [ ]`, used it inside the loop adding the ips, and after the loop: `config.web_console.whitelisted_ips = whitelisted_ips` and then it worked for me! So, thanks! – Pedro Paiva Dec 11 '19 at 02:55
7

For me, whitelisted_ips didn't seem to work in a new project. The Readme states the corresponding configuration entry is supposed to be permissions now:

Rails.application.configure do
  config.web_console.permissions = '192.168.0.0/16'
end

https://github.com/rails/web-console/blob/master/README.markdown

Fabian Kübler
  • 71
  • 1
  • 1
5

If you want to stop seeing this error message you can add this line in development.rb

config.web_console.whiny_requests = false
Sai Ram Reddy
  • 1,079
  • 13
  • 14
4

If you are using Docker most likely you don't want neither to introduce new ENV variables nor to hardcode your specific IP address.

Instead you may want to check that you are in Docker using /proc/1/cgroup, and to allow your host IP (both for web_console and better_errors). Add to your config/environments/development.rb

  # https://stackoverflow.com/a/20012536/4862360
  if File.read('/proc/1/cgroup').include?('docker')
    # https://stackoverflow.com/a/24716645/4862360
    host_ip = `/sbin/ip route|awk '/default/ { print $3 }'`.strip

    BetterErrors::Middleware.allow_ip!(host_ip) if defined?(BetterErrors::Middleware)
    config.web_console.whitelisted_ips << host_ip
  end
Aleksander Ryhlitski
  • 658
  • 7
  • 14
4

Note that only the last 'config.web_console.whitelisted_ips' will be used. So

  config.web_console.whitelisted_ips = '10.0.2.2'
  config.web_console.whitelisted_ips = '192.168.0.0/16'

will only whitelist 192.168.0.0/16, not 10.0.2.2.

Instead, use:

  config.web_console.whitelisted_ips = ['10.0.2.2', '192.168.0.0/16']
djm
  • 69
  • 6
3
class Application < Rails::Application
  config.web_console.whitelisted_ips = %w( 0.0.0.0/0 ::/0 )
end
Dayvson Lima
  • 101
  • 4
0

I just want to add this because my own mistake caused me to get the same error.

I was missing this from the controller

load_and_authorize_resource except: [:payment_webhook]

Basically I was using cancancan to place authorization on that route, which was causing a 404 to be returned. I saw the message and assumed the two were related, when in fact they were not

Cannot render console from xxxxxx Allowed networks: xxxxx

So if you are getting an error message, it's possible that it has nothing to do with the Cannot render console from xxxxxx Allowed networks: xxxxx you see - look for other problems!

stevec
  • 41,291
  • 27
  • 223
  • 311
0

While related to the original question and similar to another answer that didn't work for me, I wanted to point out that the BetterErrors gem with a console breaks from the same Docker container issue and both can be fixed together. You will need to add permission for the Docker IP address through BetterErrors with: BetterErrors::Middleware.allow_ip!

require 'socket'
require 'ipaddr'

Rails.application.configure do
  ...
  Socket.getifaddrs.map { |ifa| ifa.addr.ip_address + '/' + ifa.netmask.ip_address if ifa.addr.ipv4_private? }.compact.then do |docker_ips|
    config.web_console.permissions = docker_ips
      # Allow the better_errors gem to work in Docker
    docker_ips.each { |docker_ip| BetterErrors::Middleware.allow_ip!(docker_ip) } if defined?(BetterErrors::Middleware)
  end
  ...
end

NOTE:

  • don't forget to restart your container for the changes to take effect.
  • The other answer didn't work for me because we are /proc/1/cgroup file did not include docker and failed the check
SMAG
  • 652
  • 6
  • 12
0

In add config/environments/development.rb configure block add config.web_console.permissions = '0.0.0.0/0'

Constantin De La Roche
  • 2,530
  • 23
  • 24