I've had a Zope-based site up and running with no problems for about nine months, and now am having some strange behavior with pcgi. I am using Apache-SSL with mod_rewrite to server secure Zope pages via pcgi. Occasionally (several times per day) I get error messages from pcgi, including: - 102 - failure during connect - 116 - unable to connect, fd = 8 Whenever these pop up, the secure connection to the site is useless, but I can still connect directly to the ZServer on port 8080 with no problems. I've looked through the pcgi source a little bit, but don't see what would cause this. Any ideas? As a related question, does anyone have experiences good or bad with using theM2Crypto package to setup a secure ZServer? If that works well, I'd just assume cut out the Apache layer and use ZServer directly. Thanks, -jason -- Jason Abate Research and Development Hostway Corporation jason@hostway.com
Jason Abate wrote:
As a related question, does anyone have experiences good or bad with using theM2Crypto package to setup a secure ZServer? If that works well, I'd just assume cut out the Apache layer and use ZServer directly.
I had a bad experience with it, but that was an older version and it's improved since then, I'd guess. If all you're using is SSL (no vanilla HTTP), then stunnel may be the way to go - it's certainly the easiest. The problems are overhead, and the fact that all connections are listed as coming from localhost (you have to combine stunnel's logs with Zope's somehow - may be difficult...). -- Itamar S.T. itamars@ibm.net
Out of interest, www.zope.org appears to be suffering from this exact same problem this morning, except obviously no SSL is involved... Chris Itamar Shtull-Trauring wrote:
Jason Abate wrote:
As a related question, does anyone have experiences good or bad with using theM2Crypto package to setup a secure ZServer? If that works well, I'd just assume cut out the Apache layer and use ZServer directly.
I had a bad experience with it, but that was an older version and it's improved since then, I'd guess.
If all you're using is SSL (no vanilla HTTP), then stunnel may be the way to go - it's certainly the easiest. The problems are overhead, and the fact that all connections are listed as coming from localhost (you have to combine stunnel's logs with Zope's somehow - may be difficult...).
-- Itamar S.T. itamars@ibm.net
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
participants (3)
-
Chris Withers -
Itamar Shtull-Trauring -
Jason Abate