I'm wondering how PCGI should be supported in Zope moving forward. We currently have: - A PCGI server in ZServer - A pcgi directory that contains: o A cgi program that is very thin and whos only job is to forward requests to an app server running pcgi o An unused PCGI "publisher", which would be used by a Python application server that wasn't running ZServer. o A debugging tool named MrCreosote. I don't know if anyone is using this. I'd like to continue supporting PCGI in ZServer as long as it is used. I'd like to omit the pcgi directory fron the Zope distribution and make it a separate distribution. Would anyone object to these changes for Zope 2.7? Jim -- Jim Fulton mailto:jim@zope.com Python Powered! CTO (888) 344-4332 http://www.python.org Zope Corporation http://www.zope.com http://www.zope.org
Having only ever used Zope-behind-PCGI myself, if we drop it, what would be the prevailing approach for running Zope behind Apache? Has everyone switched to FastCGI (or Quixote's SCGI) but me? Be aware that there are Zope-specific patches (some of which I provided) in the version of PCGI that Zope ships with, so you can't refer everyone to the non-Zope version of PCGI available elsewhere on the web. The patches relate to error handling and meaningful reporting, not core functionality. -Jeff Dieter Maurer wrote:
Jim Fulton wrote at 2003-2-13 11:30 -0500:
I'm wondering how PCGI should be supported in Zope moving forward. Do we still need it?
I would prefer to drop it (to reduce complexity).
Hi I have always run Zope behind Apache utilising mod_proxy. I have to admit I never tried or really even evaluated pcgi, and don't build it when I install Zope. Is there a benefit of pcgi over using mod_proxy ? Rgds Tim Hoffman On Fri, 2003-02-14 at 09:16, Jeff Rush wrote:
Having only ever used Zope-behind-PCGI myself, if we drop it, what would be the prevailing approach for running Zope behind Apache? Has everyone switched to FastCGI (or Quixote's SCGI) but me?
Be aware that there are Zope-specific patches (some of which I provided) in the version of PCGI that Zope ships with, so you can't refer everyone to the non-Zope version of PCGI available elsewhere on the web. The patches relate to error handling and meaningful reporting, not core functionality.
-Jeff
Dieter Maurer wrote:
Jim Fulton wrote at 2003-2-13 11:30 -0500:
I'm wondering how PCGI should be supported in Zope moving forward. Do we still need it?
I would prefer to drop it (to reduce complexity).
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
I had thought (obviously incorrectly) that mod_proxy was hard to configure correctly to pass all headers, particularly in complex virtual hosting scenarios. But I'm no Apache expert. And I thought that mod_redirect added overhead to every request, doing the redirect cycle via the browser. It also exposed the port 8000-based Zope to direct access, which some admin's might not want. But mostly I thought PCGI (and FastCGI) was the preferred way, since it is covered in detail in Zope's doc/WEBSERVER.TXT and neither mod_proxy nor mod_redirect are mentioned in there. ;-) I just figured PCGI was cleaner and let me delegate responsibility to each hosting client, to manage their own CGI-BIN stuff w/o access to Apache's config files.. So if we drop PCGI, we'll need an action item to rework that file and perhaps ZopeBook et. al. -Jeff Tim Hoffman wrote:
I have always run Zope behind Apache utilising mod_proxy.
I have to admit I never tried or really even evaluated pcgi, and don't build it when I install Zope.
Is there a benefit of pcgi over using mod_proxy ?
Guido van Rossum wrote:
AFAIK most people use Apache's mod_redirect to a Zope HTTP server running at (e.g.) port 8000. No additional software needed.
On Fri, 2003-02-14 at 09:16, Jeff Rush wrote:
Having only ever used Zope-behind-PCGI myself, if we drop it, what would be the prevailing approach for running Zope behind Apache? Has everyone switched to FastCGI (or Quixote's SCGI) but me?
But mostly I thought PCGI (and FastCGI) was the preferred way, since it is covered in detail in Zope's doc/WEBSERVER.TXT and neither mod_proxy nor mod_redirect are mentioned in there. ;-)
Unfortunately thats more a matter of documentation inertia more than anything. There are more articles on Zope.org about PCGI as well simply because it has been around the longest, although almost everyone I know runs through mod_proxy nowadays. -- Andy McKay
Andy McKay wrote:
Unfortunately thats more a matter of documentation inertia more than anything. There are more articles on Zope.org about PCGI as well simply because it has been around the longest, although almost everyone I know runs through mod_proxy nowadays.
I'd actually say it's because PCGI is the hardest to get working right ;-) mod_proxy and mod_rewrite work wonderfully for us. Never heard of mod_rewrite forcing redirects at the browser and all our 8xxx ports are blocked at the firewall... I'd vote to see PCGI vanish. cheers, Chris
Jeff Rush wrote:
I had thought (obviously incorrectly) that mod_proxy was hard to configure correctly to pass all headers, particularly in complex virtual hosting scenarios. But I'm no Apache expert.
funny, because that was the exactly the reason we chose mod_proxy over PCGI: the easy of configuration. it's only 5 lines in your virtual host configuration. of course, you should also close port 8080 (or whatever your zope server runs on) from any access from hosts other than 127.0.0.1 Sloot.
Romain Slootmaekers wrote:
it's only 5 lines in your virtual host configuration.
Did you remember to block VirtualHost{Base,Host} and _vh_* ? Actually there's a solid argument to be made for blocking any request with "/_" in the path_info. -- Jamie Heilman http://audible.transient.net/~jamie/ "...thats the metaphorical equivalent of flopping your wedding tackle into a lion's mouth and flicking his lovespuds with a wet towel, pure insanity..." -Rimmer
of course, you should also close port 8080 (or whatever your zope server runs on) from any access from hosts other than 127.0.0.1
Actually, I think you can do this already by *binding* that port only on 127.0.0.1. I believe there's a "host" parameter that lets you specify the host to bind to. --Guido van Rossum (home page: http://www.python.org/~guido/)
Jeff Rush wrote:
I had thought (obviously incorrectly) that mod_proxy was hard to configure correctly to pass all headers, particularly in complex virtual hosting scenarios.
No, that's when it's easy. :) The onlyhard part is getting the original IP adress into the logs, and most people simply ignore this and use Apaches logs instead.
It also exposed the port 8000-based Zope to direct access, which some admin's might not want.
Not necessarily. Often you set up 8000-ports to only be accessible on an internal IP-adress. Besides, it's usually a good idea to be able to go directly when Apache gets weird. :)
But mostly I thought PCGI (and FastCGI) was the preferred way, since it is covered in detail in Zope's doc/WEBSERVER.TXT and neither mod_proxy nor mod_redirect are mentioned in there. ;-)
Well, that's just Zopes normal standard of documentation, aint it. :) I happily submit my Zope+Apache how-to for scrutiny by experts to be included (and hopefully even expanded) in the docs instead of the CGI docs if PCGI is removed from the standard distribution. :)
Having only ever used Zope-behind-PCGI myself, if we drop it, what would be the prevailing approach for running Zope behind Apache? Has everyone switched to FastCGI (or Quixote's SCGI) but me?
AFAIK most people use Apache's mod_redirect to a Zope HTTP server running at (e.g.) port 8000. No additional software needed. --Guido van Rossum (home page: http://www.python.org/~guido/)
Jeff Rush wrote:
Having only ever used Zope-behind-PCGI myself, if we drop it, what would be the prevailing approach for running Zope behind Apache?
RewriteRules, and to a lesser extent, ProxyPass, has almost completely replaced any CGI method with Apache. However, I don't know the status with other servers, primarily IIS, so I think it shouldn't be dropped completely.
RewriteRules, and to a lesser extent, ProxyPass, has almost completely replaced any CGI method with Apache. However, I don't know the status with other servers, primarily IIS, so I think it shouldn't be dropped completely.
Good point regarding IIS. I think its possible to make the ASP 404 script best practice with IIS now (thanks to Leonardo http://www.zope.org/Members/hiperlogica/ASP404). As long as we make PCGI available there should be no problem. -- Andy McKay
participants (10)
-
Andy McKay -
Chris Withers -
Dieter Maurer -
Guido van Rossum -
Jamie Heilman -
Jeff Rush -
Jim Fulton -
Lennart Regebro -
Romain Slootmaekers -
Tim Hoffman