Yo, we have a website with 2 parts: a public part (http://www.greatsite.com) and a private part (https://www.greatsite.com/private/) We use the apache proxy + SiteRoot approach. (configuration added below ) Anyway, everything works perfectly for the users of the site. The problem is that we can't manage the site through https because the SiteRoot object for the public site returns http url's instead of https. Logical, but a nuissance. My idea is to patch the SiteRoot code so that the protocol for the virtual root is the same as the protocol used by the request. so https://www.greatsite.com/manage will return pages with urls of the form https://www.greatsite.com/<whatever>. This is probably 30 minutes of source code browsing and 5 minutes of patching and testing. My questions are: -) are there different solutions to this problem ? -) If I patch the SiteRoot, will you guys check it in our do I have to patch future releases again and again ( Syssiphus like torture ) TIA, Sloot ------- begin of configuration ------------------------ ###### Apache #### NameVirtualHost www.greatsite.com <VirtualHost www.greatsite.com> ServerName www.greatsite.com ProxyPass / http://127.0.0.1:8080/greatsite/ ProxyPassReverse / http://127.0.0.1:8080/greatsite/ </VirtualHost> NameVirtualHost www.greatsite.com:443 # <VIRTUALHOST www.greatsite.com:443> ServerName www.greatsite.com ProxyPass / http://127.0.0.1:8080/greatsite/ ProxyPassReverse / https://127.0.0.1:8080/greatsite/ SSLEngine on SSLCertificateFile /etc/httpd/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/ssl.key/server.key </VIRTUALHOST> and 2 SiteRoot objects (in the ZODB) in /greatsite folder base http://www.greatsite.com path : / in /greatsite/private folder base https://www.greatsite.com/private/ path : / ---------------------------- end of configuration ---------------- "Science can amuse and fascinate us all, but it is engineering that changes the world." Isaac Asimov
SiteRoots are an anachronism, there only because yanking it out would break applications that were built with them previously. I would highly recommend switching to using a virtual host monster which is a much more benign object in general (despite its name). Now I'm not sure if it solves the problem you describe directly, but it's worth a try. It'll certainly solve other problems. -Casey On Thu, 2002-06-20 at 05:54, Romain Slootmaekers wrote:
Yo, we have a website with 2 parts: a public part (http://www.greatsite.com) and a private part (https://www.greatsite.com/private/)
We use the apache proxy + SiteRoot approach. (configuration added below )
Anyway, everything works perfectly for the users of the site. The problem is that we can't manage the site through https because the SiteRoot object for the public site returns http url's instead of https. Logical, but a nuissance.
My idea is to patch the SiteRoot code so that the protocol for the virtual root is the same as the protocol used by the request. so https://www.greatsite.com/manage will return pages with urls of the form https://www.greatsite.com/<whatever>.
This is probably 30 minutes of source code browsing and 5 minutes of patching and testing.
My questions are:
-) are there different solutions to this problem ? -) If I patch the SiteRoot, will you guys check it in our do I have to patch future releases again and again ( Syssiphus like torture )
TIA,
Sloot
------- begin of configuration ------------------------
###### Apache #### NameVirtualHost www.greatsite.com <VirtualHost www.greatsite.com> ServerName www.greatsite.com ProxyPass / http://127.0.0.1:8080/greatsite/ ProxyPassReverse / http://127.0.0.1:8080/greatsite/ </VirtualHost>
NameVirtualHost www.greatsite.com:443 # <VIRTUALHOST www.greatsite.com:443> ServerName www.greatsite.com ProxyPass / http://127.0.0.1:8080/greatsite/ ProxyPassReverse / https://127.0.0.1:8080/greatsite/ SSLEngine on SSLCertificateFile /etc/httpd/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/ssl.key/server.key </VIRTUALHOST>
and 2 SiteRoot objects (in the ZODB)
in /greatsite folder base http://www.greatsite.com path : /
in /greatsite/private folder base https://www.greatsite.com/private/ path : /
---------------------------- end of configuration ----------------
"Science can amuse and fascinate us all, but it is engineering that changes the world." Isaac Asimov
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
On Thu, 2002-06-20 at 06:54, Romain Slootmaekers wrote:
Yo, we have a website with 2 parts: a public part (http://www.greatsite.com) and a private part (https://www.greatsite.com/private/)
Here is how you'd do it with VirtualHostMonster and apache: 1. add a single one virtual host monster to your Zope root. Give it any id you want. You can be creative, 'cause it won't matter :-) 2. In apache, change your configuration to read like below. To understand why the ProxyPass urls read like that, look at the VirtualHostMonster object or consult the SiteAccess2 documentation here: http://www.zope.org/Members/4am/SiteAccess2/info ### Apache ### # better to use the IP address instead of the name here, # to avoid dns lookups on apache initialization NameVirtualHost www.greatsite.com # better to use the IP address here too, for the same reason <VirtualHost www.greatsite.com> # here you put the server name instead of the address. # it won't result in a dns lookup. ServerName www.greatsite.com # secure /private RedirectMatch permanent ^/private https://www.greatsite.com/private$1 # the :80 below is NECESSARY. Don't ommit it ProxyPass / http://127.0.0.1:8080/VirtualHostBase/http/www.greatsite.com:80/greatsite/Vi... </VirtualHost> NameVirtualHost www.greatsite.com:443 <VirtualHost www.greatsite.com:443> ServerName www.greatsite.com # note the protocol specification after VirtualHostBase. As above, # the port specification is not optional ProxyPass / http://127.0.0.1:8080/VirtuaHostBase/https/www.greatsite.com:443/greatsite/V... SSLEngine on SSLCertificateFile /etc/httpd/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/ssl.key/server.key </VirtualHost> EOF I haven't tested the configuration above. I'd use RewriteRules instead of RedirectMatch and ProxyPass, but just because that's what I'm used to doing. Notice that ProxyPassReverse directives aren't needed, because the VirtualHostMonster, when presented with the above URLs, effectively convinces Zope that it's running in the above mentioned ports and protocols. No SiteRoot objects are needed. -- Ideas don't stay in some minds very long because they don't like solitary confinement.
participants (3)
-
Casey Duncan -
Leonardo Rochael Almeida -
Romain Slootmaekers