problems with SiteRoot in Zope 2.5.1
Hi, I installed and tested apache and zope (2.4.3). I used SiteRoot to be able to use one page for both secure and non-secure access. (using http://www.zope.org/Members/unfo/apache_zserver_ssl) Everything works perfectly. Now I want to transfer my site to the production server. I thought this would be a nice opportunity to get the newest version of Apache and Zope. Unfortunately in Zope 2.5.1 I don't seem to be able to get SiteRoot functioning as ik does with Zope 2.4.3. Has something changed in Zope or SiteAcces? I know most people prefer VirtualSiteMonster. Does anybody know whether it is possible to have a configuration with both http and https directing to the same pages like the example in the above mentioned document (apache_zserver_ssl)? Thanks in advance. Ria Marinussen Webmaster Department of Computer Science University of Twente The Netherlands
Ria Marinussen wrote:
Unfortunately in Zope 2.5.1 I don't seem to be able to get SiteRoot functioning as ik does with Zope 2.4.3.
Can you elaborate on this a bit?
Has something changed in Zope or SiteAcces?
Yes, SiteRoots are no longer in favour with the powers that be. I still think they have their uses ;-)
Does anybody know whether it is possible to have a configuration with both http and https directing to the same pages like the example in the above mentioned document (apache_zserver_ssl)?
Yes, it is... cheers, Chris
Chris Withers wrote:
Yes, SiteRoots are no longer in favour with the powers that be. I still think they have their uses ;-)
Citizen Withers, your statement violates the Happy Voluntary Product Guidelines. Please report to the nearest PTB Help Station for assistance. ;-)
Does anybody know whether it is possible to have a configuration with both http and https directing to the same pages like the example in the above mentioned document (apache_zserver_ssl)?
Ria, we'll need more info on the problem you're having in order to help. If you do decide to try VHM, you should be able to get what you want with the following steps: 1. Create a VHM in your Zope root. Call it whatever you like, as long as the name doesn't clash with other objects ids, perhaps "vhm". 2. In the Apache VirtualHost section for port 80, replace the ProxyPass and ProxyPassReverse lines with the single line: ProxyPass / http://zope_server:8080/VirtualHostBase/http/www.domain.com:80/site_path/Vir... 3. In the Apache VirtualHost section for port 443 (https), replace the ProxyPass and ProxyPassReverse lines with the single line: ProxyPass / http://zope_server:8080/VirtualHostBase/https/www.domain.com:80/site_path/Vi... In the examples above, "zope_server:8080" is the host/port on which your Zope is listening, "www.domain.com" is your site's domain name, and "site_path" is the path from the root of your Zope to the Folder which contains this site (leave it out if your site lives in the Zope root). You can determine whether a particular request uses SSL by checking "REQUEST['URL'].startswith('https')". Cheers, Evan @ 4-am
So, speaking as a perennial Zope newbie, I have to say that I'm getting nervous about seeing all the things that I use fall one-by-one into the "that's depreciated, use this other cool product instead." I don't think I have a right to complain, but I'm complaining any way :-) Jack On Mon, 2002-07-29 at 10:04, Evan Simpson wrote:
Chris Withers wrote:
Yes, SiteRoots are no longer in favour with the powers that be. I still think they have their uses ;-)
Citizen Withers, your statement violates the Happy Voluntary Product Guidelines. Please report to the nearest PTB Help Station for assistance. ;-)
Does anybody know whether it is possible to have a configuration with both http and https directing to the same pages like the example in the above mentioned document (apache_zserver_ssl)?
Ria, we'll need more info on the problem you're having in order to help. If you do decide to try VHM, you should be able to get what you want with the following steps:
1. Create a VHM in your Zope root. Call it whatever you like, as long as the name doesn't clash with other objects ids, perhaps "vhm".
2. In the Apache VirtualHost section for port 80, replace the ProxyPass and ProxyPassReverse lines with the single line:
ProxyPass / http://zope_server:8080/VirtualHostBase/http/www.domain.com:80/site_path/Vir...
3. In the Apache VirtualHost section for port 443 (https), replace the ProxyPass and ProxyPassReverse lines with the single line:
ProxyPass / http://zope_server:8080/VirtualHostBase/https/www.domain.com:80/site_path/Vi...
In the examples above, "zope_server:8080" is the host/port on which your Zope is listening, "www.domain.com" is your site's domain name, and "site_path" is the path from the root of your Zope to the Folder which contains this site (leave it out if your site lives in the Zope root).
You can determine whether a particular request uses SSL by checking "REQUEST['URL'].startswith('https')".
Cheers,
Evan @ 4-am
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
-- Jack Coates Monkeynoodle: A Scientific Venture...
Technically, no, you don't have a right to complain but you do have a very good point. I'd like to echo it and point out the problem is exacerbated by zope.org not having a strong way of marking docs and products as deprecated. I hate finding a cool product, downloading and installing, only to learn it fell out of fashion with 2.something. Ideally, such pages should be marked and linked to whatever is the latest greatest substitute or just marked as dead to Zopes 2.x+ I keep coming back to that scene in Apocalypse Now: "Who's in charge here, soldier?" "Ain't you?" http://www.rickmcginnis.com/movies/apocalypsenowredux.htm Granted, that's not a great metaphor for Zope but I do have that feeling with free software pretty often. FWIW, commercial development tools are often no better.
-----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of Jack Coates Sent: Monday, July 29, 2002 1:31 PM To: zope@zope.org Subject: Re: [Zope] future direction (was "problems with SiteRoot in Zope2.5.1")
So, speaking as a perennial Zope newbie, I have to say that I'm getting nervous about seeing all the things that I use fall one-by-one into the "that's depreciated, use this other cool product instead." I don't think I have a right to complain, but I'm complaining any way :-)
Jack
On Mon, 2002-07-29 at 10:04, Evan Simpson wrote:
Chris Withers wrote:
Yes, SiteRoots are no longer in favour with the powers that be. I still think they have their uses ;-)
Citizen Withers, your statement violates the Happy Voluntary Product Guidelines. Please report to the nearest PTB Help Station for assistance. ;-)
Does anybody know whether it is possible to have a configuration with both http and https directing to the same pages like the example in the above mentioned document (apache_zserver_ssl)?
Ria, we'll need more info on the problem you're having in order to help. If you do decide to try VHM, you should be able to get what you want with the following steps:
1. Create a VHM in your Zope root. Call it whatever you like, as long as the name doesn't clash with other objects ids, perhaps "vhm".
2. In the Apache VirtualHost section for port 80, replace the ProxyPass and ProxyPassReverse lines with the single line:
ProxyPass /
http://zope_server:8080/VirtualHostBase/http/www.domain.com:80/sit e_path/VirtualHostRoot/
3. In the Apache VirtualHost section for port 443 (https), replace the ProxyPass and ProxyPassReverse lines with the single line:
ProxyPass /
http://zope_server:8080/VirtualHostBase/https/www.domain.com:80/si te_path/VirtualHostRoot/
In the examples above, "zope_server:8080" is the host/port on
which your
Zope is listening, "www.domain.com" is your site's domain name, and "site_path" is the path from the root of your Zope to the Folder which contains this site (leave it out if your site lives in the Zope root).
You can determine whether a particular request uses SSL by checking "REQUEST['URL'].startswith('https')".
Cheers,
Evan @ 4-am
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
-- Jack Coates Monkeynoodle: A Scientific Venture...
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
I sympathize with this, it's a real job keeping up with Zope developments. But one person every couple of days locks themselves out of their site using a SiteRoot, and runs screaming to this list. ;-) Evan or someone else usually talks them down from the tower in gentle tones, but it's still... well, it's annoying. This is why VirtualHostMonsters are better.. they're inert unless you actually use them. And they do everything that SiteRoots do. Personally, I want to nuke SiteRoots out of Zope but I don't think it's going to happen (because lots of folks use and like them), so no worries in any case. They're going to stay around, probably until the bits fall out of them. We'll just need to prop Evan and a couple of other folks up in front of their PCs 24x7 to deal with the poor souls who innocently fill out a form and then find they can no longer access any of their data. ;-) - C ----- Original Message ----- From: "Jack Coates" <jack@monkeynoodle.org> To: <zope@zope.org> Sent: Monday, July 29, 2002 4:31 PM Subject: Re: [Zope] future direction (was "problems with SiteRoot in Zope2.5.1")
So, speaking as a perennial Zope newbie, I have to say that I'm getting nervous about seeing all the things that I use fall one-by-one into the "that's depreciated, use this other cool product instead." I don't think I have a right to complain, but I'm complaining any way :-)
Jack
On Mon, 2002-07-29 at 10:04, Evan Simpson wrote:
Chris Withers wrote:
Yes, SiteRoots are no longer in favour with the powers that be. I still think they have their uses ;-)
Citizen Withers, your statement violates the Happy Voluntary Product Guidelines. Please report to the nearest PTB Help Station for assistance. ;-)
Does anybody know whether it is possible to have a configuration with both http and https directing to the same pages like the example in the above mentioned document (apache_zserver_ssl)?
Ria, we'll need more info on the problem you're having in order to help. If you do decide to try VHM, you should be able to get what you want with the following steps:
1. Create a VHM in your Zope root. Call it whatever you like, as long as the name doesn't clash with other objects ids, perhaps "vhm".
2. In the Apache VirtualHost section for port 80, replace the ProxyPass and ProxyPassReverse lines with the single line:
ProxyPass /
http://zope_server:8080/VirtualHostBase/http/www.domain.com:80/site_ path/VirtualHostRoot/
3. In the Apache VirtualHost section for port 443 (https),
replace the
ProxyPass and ProxyPassReverse lines with the single line:
ProxyPass /
http://zope_server:8080/VirtualHostBase/https/www.domain.com:80/site _path/VirtualHostRoot/
In the examples above, "zope_server:8080" is the host/port on
which your
Zope is listening, "www.domain.com" is your site's domain name, and "site_path" is the path from the root of your Zope to the Folder which contains this site (leave it out if your site lives in the Zope root).
You can determine whether a particular request uses SSL by checking "REQUEST['URL'].startswith('https')".
Cheers,
Evan @ 4-am
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
-- Jack Coates Monkeynoodle: A Scientific Venture...
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
On Mon, Jul 29, 2002 at 05:18:19PM -0400, Chris McDonough wrote:
I sympathize with this, it's a real job keeping up with Zope developments. But one person every couple of days locks themselves out of their site using a SiteRoot, and runs screaming to this list. ;-) Evan or someone else usually talks them down from the tower in gentle tones, but it's still... well, it's annoying. This is why VirtualHostMonsters are better.. they're inert unless you actually use them. And they do everything that SiteRoots do.
Personally, I want to nuke SiteRoots out of Zope but I don't think it's going to happen (because lots of folks use and like them), so no worries in any case. They're going to stay around, probably until the bits fall out of them. We'll just need to prop Evan and a couple of other folks up in front of their PCs 24x7 to deal with the poor souls who innocently fill out a form and then find they can no longer access any of their data. ;-)
How about a check to prevent them from being installed in Zope's root directory? Then people could get to the undo tab without any real effort. It is kind of a pet peeve that there is not a section in the book about "Best Practices" (gad, I hate that term). Anyway, it would seem to me to be a best practice that Zope's root be open only to your most trusted administrators, contain anything that is security conscious (database connectors spring to mind), and not contain anything that can lock you out of your site (siteroots, VHMs, and third party user folders spring to mind.) Jim Penny
- C
On Mon, 2002-07-29 at 14:31, Jim Penny wrote:
On Mon, Jul 29, 2002 at 05:18:19PM -0400, Chris McDonough wrote:
I sympathize with this, it's a real job keeping up with Zope developments. But one person every couple of days locks themselves out of their site using a SiteRoot, and runs screaming to this list. ;-) Evan or someone else usually talks them down from the tower in gentle tones, but it's still... well, it's annoying. This is why VirtualHostMonsters are better.. they're inert unless you actually use them. And they do everything that SiteRoots do.
Personally, I want to nuke SiteRoots out of Zope but I don't think it's going to happen (because lots of folks use and like them), so no worries in any case. They're going to stay around, probably until the bits fall out of them. We'll just need to prop Evan and a couple of other folks up in front of their PCs 24x7 to deal with the poor souls who innocently fill out a form and then find they can no longer access any of their data. ;-)
How about a check to prevent them from being installed in Zope's root directory? Then people could get to the undo tab without any real effort.
This sounds like the sensible solution -- there's an AAA system in place, so using it to prevent stupid things is better than removing the useful tool that someone inadvertently does stupid things with. I read the SiteRoot documentation and used it as directed and it worked. Can't say the same for dtml-tree :-)
It is kind of a pet peeve that there is not a section in the book about "Best Practices" (gad, I hate that term). Anyway, it would seem to me to be a best practice that Zope's root be open only to your most trusted administrators, contain anything that is security conscious (database connectors spring to mind), and not contain anything that can lock you out of your site (siteroots, VHMs, and third party user folders spring to mind.)
Hear hear.
Jim Penny
- C
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
-- Jack Coates Monkeynoodle: A Scientific Venture...
Evan Simpson wrote:
Yes, SiteRoots are no longer in favour with the powers that be. I still think they have their uses ;-)
Citizen Withers, your statement violates the Happy Voluntary Product Guidelines. Please report to the nearest PTB Help Station for assistance. ;-)
I am a domain name, not an IP address... ...or somethink... gimme coffeeeee.... Chris
participants (7)
-
Charlie Reiman -
Chris McDonough -
Chris Withers -
Evan Simpson -
Jack Coates -
Jim Penny -
Ria Marinussen