SiteAccess, Set Access Rule, Proxy, ReWrite or Virtual Host Monster
There seems to be many ways to connect a domain name to a folder in Zope without :8080 in the URL. All I care about is being able to have access to REMOTE_ADDR in my application and the hiding of "ugly URLs". I've got a structure like this: /app/members/ /member1 /member2 Both member1 and member2 deserve a SiteAccess object there. If I use Apache:80 to ProxyPass to 127.0.0.1:8080/app/members/member1 Everything looks nice and as it should, but I loose the very important REMOTE_ADDR So I add ProxyVia on in the VirtualHost definition in httpd.conf Doesn't help. REMOTE_ADDR remains being 127.0.0.1 and <dtml-var HTTP_VIA> returns "1.1 domain.server" (where the domain name is e.g. domain.server.org, if you see what I mean) So the hints of using HTTP_VIA and "ProxyVia on" fails. :( I want to be able to use Aquisition. Which one of all the things mentioned in my subject line is the most common and "modern"? I see that there are a lot of How-To's using various techniques, but I can't tell which one the pros recommend. Virtual Host Monster is pretty new I think, but I don't understand how to use it. As far as I've understood, the Virtual Host Monster's main feature is that you can have many folders somewhere else to point _into_ some other folder tree. I looked at this http://www.zope.org/Members/unfo/apache_zserver_ssl But I don't want to use SSL at this stage. I tried that syntax but it fails as mentioned above. Why? I am apparently not alone about this. Peter
From: "Peter Bengtsson" <peter@grenna.net>
There seems to be many ways to connect a domain name to a folder in Zope without :8080 in the URL. All I care about is being able to have access to REMOTE_ADDR in my application and the hiding of "ugly URLs". [snip] Which one of all the things mentioned in my subject line is the most common and "modern"? I see that there are a lot of How-To's using various techniques, but I can't tell which one the pros recommend.
When I first needed virtual host support in Zope 2.x, SiteRoots were the simplest way I could think of to encapsulate virtual host root behavior. Access Rules were necessary if I wanted to redirect different host names to different folders without using Apache's virtual host support. Together, they worked for me, so I stopped there and released them as the SiteAccess Product. Since I designed tools rather than a simple drop-in solution, people had to figure out how to best apply those tools, and several of them helpfully wrote HowTos. It has become painfully obvious over time, though, that Access Rules are more complicated and dangerous than many users are ready to deal with, and SiteRoots are too blunt a tool. In particular, Access Rules and SiteRoots trigger whether you want them to or not, and I've had to tell many a panicked email correspondent how to disable one or the other (put _SUPPRESS_ACCESSRULE or _SUPPRESS_SITEROOT in the right place in your URL) because they were locked out of their Zope. Just before SiteAccess was brought into the core, in Zope 2.3, I came up with the idea for Virtual Host Monsters. They are intended to be the drop-in solution that everyone always wanted. They are totally inert unless you use specially-rewritten URLs, so they can't lock you out of Zope. They don't require (or allow, yet) any sort of configuration. You simply take your existing Apache RewriteRule or ProxyPass directive and add a few path elements. Here are some example Apache directives, before and after adapting them for use with a Virtual Host Monster: # Simple HTTP front-ends BEFORE: ProxyPass / http://localhost:8080/ - AFTER: ProxyPass / http://localhost:8080/VirtualHostBase/http/www.hostname.com:80/ BEFORE: RewriteRule ^/(.*) http://localhost:8080/$1 [P,L] - AFTER: RewriteRule ^/(.*) http://localhost:8080/VirtualHostBase/http/www.hostname.com:80/$1 [P,L] # Simple HTTPS front-ends BEFORE: ProxyPass / http://localhost:8080/ - AFTER: ProxyPass / http://localhost:8080/VirtualHostBase/https/www.hostname.com:443/ BEFORE: RewriteRule ^/(.*) http://localhost:8080/$1 [P,L] - AFTER: RewriteRule ^/(.*) http://localhost:8080/VirtualHostBase/https/www.hostname.com:443/$1 [P,L] # Apache virtual host in a Zope sub-folder BEFORE: ProxyPass / http://localhost:8080/host1 - AFTER: ProxyPass / http://localhost:8080/VirtualHostBase/http/www.hostname.com:80/host1/Virtual HostRoot BEFORE: RewriteRule ^/(.*) http://localhost:8080/host1/$1 [P,L] - AFTER: RewriteRule ^/(.*) http://localhost:8080/VirtualHostBase/http/www.hostname.com:80/host1/Virtual HostRoot/$1 [P,L] # Entire Zope in an Apache sub-folder BEFORE: ProxyPass /subZope http://localhost:8080/ - AFTER: ProxyPass /subZope http://localhost:8080/VirtualHostBase/http/www.hostname.com:80/VirtualHostRo ot/_vh_subZope BEFORE: RewriteRule ^/subZope(.*) http://localhost:8080$1 [P,L] - AFTER: RewriteRule ^/subZope(.*) http://localhost:8080/VirtualHostBase/http/www.hostname.com:80/VirtualHostRo ot/_vh_subZope$1 [P,L] ========== REMOTE_ADDR is a much tougher nut to crack. It isn't derived from anything in the REQUEST headers. It is determined at the ZServer level, from the IP address of the actual connection. If that connection is always coming from an Apache proxy on localhost, REMOTE_ADDR will always be 127.0.0.1. There are patches available, as you found, to make Apache's REMOTE_ADDR available to Zope, but this behavior isn't supported by ZServer (it doesn't look for HTTP_VIA). What we really want is to create a standard mod_zope, to take care of this and any other Apache integration issues. Cheers, Evan @ digicool & 4-am
participants (2)
-
Evan Simpson -
Peter Bengtsson