From: Itamar Shtull-Trauring <itamar@maxnm.com>
Problem 1: HTTP and HTTPS (more of a proxypass issue) ======================================================= I want to be able to serve both http and https versions of a site from Apache. Problem is, because of the way proxying works, there is no way for Zope to know if it is origially being accessed via http or https. My solution? Add a folder in top level of Zope called "ssl". If we see our path as proxied by Apache is /ssl/websites/example, we know we are being accessed via SSL. Because of the magic of acquisition, this works, but it's still an ugly hack, and slows things down.
If you think that's an ugly hack, you'll probably hate what I do ;-) I have Apache RewriteRules that look like these: RewriteRule ^/(.*) http://localhost:8080/_proxy/http/%{HTTP_HOST}/example/$1 [P,L] (with https instead of http in secure virtual hosts, of course) ...and an Access Rule in my root folder (stack is the traversal stack): if stack and stack[-1] == '_proxy': stack.pop() base = "%s://%s" % (stack.pop(), stack.pop()) request.setURL(base=base) request.set('SiteRootPATH', '/') Finally, I have blank SiteRoots in my site folders.
Problem 2: ZCatalog ===================== All the objects in /websites/example are being catalogged with paths such as /websites/example/folder/myObject. However, when I gets the objects path using getpath(), it's not adjusted based on the virtual hosting settings - it's still /websites/example/folder/myObject, not /folder/myObject as it should be.
This is one of the many ZCatalog problems that Chris P. is now valiantly tackling.
Problem 3: Management interface ================================= The breadcrumbs in the folder management screen (e.g. "/ folder1 / folder2"), still show the "/ websites / example", with links, when using the virtual hosting. That is, the managemnt interface shows folders that we are not supposed to be able to access when we are using virtual hosting.
As Chris Withers points out, this is due to deprecated data passed in calls to tabs_path_info. I'll see that it gets fixed.
Problem 4: Access to other virtual hosts (security issue?) ============================================================ When using virtual hosting, it is still possible to access the /websites folder for example, using acquistion. So I can view the contents of one website from the other: www.example.com/websites/example2, and www.example2.com/websites/example.
Unless this is a real security concern for you, and can't be address within the standard Zope security framework, I wouldn't worry about it. As you noticed, the optional 'hard' parameter to setVirtualRoot was a weak stab in this direction, but I never spent enough time on it to really get it working. That would involve (at least) providing some kind of replacement Application instance to root acquisition in. Cheers, Evan @ digicool & 4-am