I finally got this working with fastcgi from the Zope howto Apache, Zope and FastCGI... Be awaew of: /var/www/htdocs/zope 127.0.0.1:8089 Zope.fcgi is an auto generated file. My inexperience with Zope and Apache, but this works for me. Let me know if there is anything that makes no sense or how to get rid of the zope/Zope.fcgi from the URL. And this is the script that starts Zope #!/bin/sh export INSTANCE_HOME=/home/zope export PYTHONHOME=/usr/local/lib/zope umask 077 exec /usr/local/bin/python2.1 -O $PYTHONHOME/z2.py -F 8089 -D "$@" -u www -p /home/zope/Zope.cgi This is part of my httpd.conf #Section 1 ... LoadModule proxy_module /usr/lib/apache/modules/libproxy.so LoadModule rewrite_module /usr/lib/apache/modules/mod_rewrite.so LoadModule fastcgi_module /usr/lib/apache/modules/mod_fastcgi.so ... AddModule mod_proxy.c AddModule mod_alias.c AddModule mod_rewrite.c AddModule mod_access.c AddModule mod_auth.c AddModule mod_so.c AddModule mod_setenvif.c AddModule mod_ssl.c AddModule mod_fastcgi.c #Section 2 <IfModule mod_fastcgi.c> FastCGIExternalServer /var/www/htdocs/zope/Zope.fcgi \ -host 127.0.0.1:8089 \ -pass-header Authorization RewriteEngine on ReWriteCond %{HTTP:Authorization} ^/(.*) RewriteRule ^/(.*) /var/www/htdocs/zope/Zope.fcgi/$1 \ [e=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,L] <Directory /var/www/htdocs/zope> SetHandler fastcgi-script AddHandler fastcgi-script .fcgi AllowOverride none Options ExecCGI Order allow,deny Allow from all </Directory> </IfModule> <IfDefine SSL> Listen 80 Listen 443 </IfDefine> .... ## ## SSL Global Context ## ## All SSL configuration in this context applies both to ## the main server and all SSL-enabled virtual hosts. ## # # Some MIME-types for downloading Certificates and CRLs # <IfDefine SSL> AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl </IfDefine> <IfModule mod_ssl.c> SSLPassPhraseDialog builtin SSLSessionCache dbm:logs/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:logs/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLRandomSeed startup file:/dev/arandom 512 SSLLog logs/ssl_engine_log SSLLogLevel info </IfModule> <IfDefine SSL> # ## SSL Virtual Host Context ## <VirtualHost _default_:443> #DocumentRoot /var/www/htdocs/manual ServerName your.host.here ServerAdmin you@here.com ErrorLog logs/error_log TransferLog logs/access_log SSLEngine on SSLCertificateFile /etc/ssl/server.crt SSLCertificateKeyFile /etc/ssl/private/server.key CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> </IfDefine> HTH Alec Munro wrote:
Chris Withers wrote:
Alec Munro wrote:
virtual host monsters yet, I have almost no idea how to get SSL working. I need a secure connection to Zope.
Why? Surely that bit should be behind your firewall?
cheers,
Chris
I guess I misphrased it. I need a secure method of communication with Zope. I want to be able to log in to the ZMI, or other administration tools, from a remote location, without sending passwords flying across the internet in cleartext. The server is a dedicated box in San Antonio, and I'm in Halifax. I don't actually need the communication between Apache and Zope to be secure, at least as long as they are behind the same firewall.
I think I've got it figured out anyway, but I would still appreciate suggestions.