Thursday, April 28, 2005, 8:23:27 AM, Reuven M. Lerner wrote:
I've written a Zope application that needs to be behind SSL. I assumed that the most straightforward way to do this would be to (1) set up Zope on port 8080 and (2) use Apache to act as a proxy between the outside world and Zope. Unfortunately, while it was a piece of cake to set up a proxy for non-SSL access to Zope, I'm rather stumped regarding SSL. I've done non-SSL proxying for years with mod_rewrite, and it was really a snap, so I'm surprised that this is so difficult. [snip]
I copy-paste bellow something similar... It's a bit more what you wanted, as it let you access the t1.net with HTTP and HTTPS, and t2.net with HTTP only. 1. In Zope, I have made a VirtualHostMonster. I guess doesn't mater where I do it, but it happens to be in the root of the ZODB. 2. In the Apache2 httpd.conf (the /siteRoot_t1.net is a Plone object that corresponds to http://t1.net/, etc.): ... NameVirtualHost *:80 <VirtualHost *:80> ServerName t1.net ProxyPass / http://localhost:8080/VirtualHostBase/http/t1.net:80/siteRoot_t1.net/Virtual... ProxyPassReverse / http://localhost:8080/VirtualHostBase/http/t1.net:80/siteRoot_t1.net/Virtual... </VirtualHost> <VirtualHost *:80> ServerName t2.net ProxyPass / http://localhost:8080/VirtualHostBase/http/t2.net:80/siteRoot_t2.net/Virtual... ProxyPassReverse / http://localhost:8080/VirtualHostBase/http/t2.net:80/siteRoot_t2.net/Virtual... </VirtualHost> <VirtualHost _default_:443> ServerName t1.net SSLEngine On SSLCertificateFile conf/ssl/t1.cert SSLCertificateKeyFile conf/ssl/t1.key SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 #CustomLog logs/ssl_request_log \ # "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" ProxyPass / http://localhost:8080/VirtualHostBase/https/t1.net:443/siteRoot_t1.net/Virtu... ProxyPassReverse / http://localhost:8080/VirtualHostBase/https/t1.net:443/siteRoot_t1.net/Virtu... </VirtualHost> ...