apache ssl management pages
I recently got ssl working on my system and wanted to use ssl for the management pages of zope. I'm using apache + zope + vhm. I'd like to be able to type the normal http url and if a management screen is viewed have it "redirect" (is that the right term) everything through secure pages. Everything is working now but I have to actually type https://... (oh, the agony) rather than just http://... In other words, I'd rather just type .../manage at the end and just log in and start working. Currently, that isn't happening, I have to manually type in the https or it doesn't get encrypted. Here's the httpd.conf (mind the word wrap): =================================================== NameVirtualHost 192.168.100.253:80 NameVirtualHost 192.168.100.253:443 <VirtualHost 192.168.100.253:80> ServerName mydomain.org # Secure management screens RewriteCond %{SERVER_PORT} !443 RewriteCond %{REQUEST_URI} ^/(.*(manage).*) RewriteRule ^/(.*) http://127.0.0.1:9673/VirtualHostBase/https/%{HTTP_HOST}:443/jesse/VirtualHostRoot/$1 [L,P] # Rewrite rules for normal zope browsing RewriteCond %{HTTP_HOST} ^.*:80$ RewriteRule ^/(.*) http://127.0.0.1:9673/VirtualHostBase/http/%{HTTP_HOST}/jesse/VirtualHostRoot/$1 [L,P] # A "static" directory within zope RewriteCond %{REQUEST_URI} !^/nz/ RewriteRule ^/(.*) http://127.0.0.1:9673/VirtualHostBase/http/%{HTTP_HOST}:80/jesse/VirtualHostRoot/$1 [L,P] </VirtualHost> <VirtualHost 192.168.100.253:443> ServerName mydomain.org <IfModule mod_ssl.c> SSLEngine on SSLCertificateFile /etc/apache/ssl.crt/server.crt SSLCertificateKeyFile /etc/apache/ssl.key/server.key SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown </IfModule> RewriteEngine On RewriteRule ^/(.*) http://127.0.0.1:9673/VirtualHostBase/https/%{HTTP_HOST}:443/jesse/VirtualHostRoot/$1 [L,P] </VirtualHost>
Getting Zope (2.5, anyway) to recognize the https instead of http is tricky. One common workaround is to put a DTML Doc called is_https that manually specifies whether the pages below its containing folder should be served https. You might be better off using a different workaround, which is to put a method in the root folder called admin. This method has one line: <dtml-call "RESPONSE.redirect('https://my_server_url/manage') Or something like that. Make the method available to Anonymous since you don't want to start authentication until the https connection is made. Now, you can type: my_server_url/admin and you're there. HTH, Dylan At 09:10 AM 10/19/2002 -0400, you wrote:
I recently got ssl working on my system and wanted to use ssl for the management pages of zope. I'm using apache + zope + vhm.
I'd like to be able to type the normal http url and if a management screen is viewed have it "redirect" (is that the right term) everything through secure pages. Everything is working now but I have to actually type https://... (oh, the agony) rather than just http://... In other words, I'd rather just type .../manage at the end and just log in and start working. Currently, that isn't happening, I have to manually type in the https or it doesn't get encrypted.
Here's the httpd.conf (mind the word wrap): =================================================== NameVirtualHost 192.168.100.253:80 NameVirtualHost 192.168.100.253:443
<VirtualHost 192.168.100.253:80> ServerName mydomain.org
# Secure management screens RewriteCond %{SERVER_PORT} !443 RewriteCond %{REQUEST_URI} ^/(.*(manage).*) RewriteRule ^/(.*) http://127.0.0.1:9673/VirtualHostBase/https/%{HTTP_HOST}:443/jesse/VirtualHostRoot/$1 [L,P]
# Rewrite rules for normal zope browsing RewriteCond %{HTTP_HOST} ^.*:80$ RewriteRule ^/(.*) http://127.0.0.1:9673/VirtualHostBase/http/%{HTTP_HOST}/jesse/VirtualHostRoot/$1 [L,P]
# A "static" directory within zope RewriteCond %{REQUEST_URI} !^/nz/ RewriteRule ^/(.*) http://127.0.0.1:9673/VirtualHostBase/http/%{HTTP_HOST}:80/jesse/VirtualHostRoot/$1 [L,P] </VirtualHost>
<VirtualHost 192.168.100.253:443> ServerName mydomain.org <IfModule mod_ssl.c> SSLEngine on SSLCertificateFile /etc/apache/ssl.crt/server.crt SSLCertificateKeyFile /etc/apache/ssl.key/server.key SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown </IfModule> RewriteEngine On RewriteRule ^/(.*) http://127.0.0.1:9673/VirtualHostBase/https/%{HTTP_HOST}:443/jesse/VirtualHostRoot/$1 [L,P] </VirtualHost>
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
On Sat, 2002-10-19 at 11:08, Dylan Reinhardt wrote:
Getting Zope (2.5, anyway) to recognize the https instead of http is tricky. One common workaround is to put a DTML Doc called is_https that manually specifies whether the pages below its containing folder should be served https.
You might be better off using a different workaround, which is to put a method in the root folder called admin. This method has one line:
<dtml-call "RESPONSE.redirect('https://my_server_url/manage')
Or something like that. Make the method available to Anonymous since you don't want to start authentication until the https connection is made.
Now, you can type:
my_server_url/admin
and you're there.
Thanks Dylan, that worked perfectly. Jesse
participants (2)
-
Dylan Reinhardt -
Jesse Goerz