hi! i use mod_proxy for this, here's the config snippet: <virtualhost 1.2.3.4:443> ServerName foo.com ServerAdmin bar@foo.com ProxyPass / http://localhost:8080/ ProxyPassReverse / http://localhost:8080/ ProxyPass /misc_ http://localhost:8080/misc_ ProxyPass /p_ http://localhost:8080/p_ ProxyVia on SSLEngine on SSLCertificateFile /path/to/my/server.crt SSLCertificateKeyFile /path/to/my/server.key </virtualhost> i have to admit that i never tried mod_rewrite on this issue before, so i can't tell you what's wrong with your config, i just can give you an working solution :) regards, juergen herrmann [ Reuven M. Lerner wrote:]

I've written a Zope application that needs to be behind SSL. I assumed that the most straightforward way to do this would be to (1) set up Zope on port 8080 and (2) use Apache to act as a proxy between the outside world and Zope. Unfortunately, while it was a piece of cake to set up a proxy for non-SSL access to Zope, I'm rather stumped regarding SSL. I've done non-SSL proxying for years with mod_rewrite, and it was really a snap, so I'm surprised that this is so difficult.

Zope is working just fine when I access it directly (using HTTP) on port 8080. I have installed the (self-signed) SSL certificate into Apache without any trouble, and am able to access individual documents on disk via SSL, using Apache. So if all I would want is to use Apache with SSL, I would be done by now.

Here is the relevant portion of the Apache configuration file (with names and numbers changed somewhat):

<VirtualHost 66.123.23.17:443> ServerName myserver.com ServerAdmin reuven@lerner.co.il

SSLProxyEngine on RewriteEngine On

RewriteRule ^/(.*) http://localhost:8080/VirtualHostBase/https/myserver.com:443/app/$1 [L,P]

</VirtualHost>

The above should make it possible (I believe), an HTTPS connection between my browser and my cup. Apache should then take that incoming SSL request and issue its own request to the Zope server. Zope will respond, sending it back to Apache, which (in turn) sends it back to me.

But of course, that doesn't happen. Zope's provides indicates that many of the requests begin with "\x80g\x01\x03". My guess is that the SSL request is being piped to Zope directly, but it's hard to know from just a few characters. Does this mean that I need to do some more translating, from HTTP into HTTPS?

Not that it should make any difference, but I'm running Apache 2.0.52 on Red Hat Enterprise 4.0, with Zope 2.7.5 and Python 2.3.4.

Thanks in advance for any advice you might have,

Reuven

_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )

_______________________________________________________________________

...

XLhost.de - eXperts in Linux hosting <<

Juergen Herrmann Weiherweg 10, 93051 Regensburg, Germany Fon: +49 (0)700 XLHOSTDE [0700 95467833] Fax: +49 (0)721 151 463027 ICQ: 27139974 - IRC: #XLhost@quakenet WEB: http://www.XLhost.de

Hi, I saw that others already answered to your question; however, they use the proxy module and you are using rewrite, which is what I use: <IfDefine SSL> <VirtualHost YOUR_IP:443> ServerName your.domain.com ServerAlias your.domain.com *.your.domain.com SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key RewriteEngine On RewriteRule ^/(.*) http://localhost:8080/VirtualHostBase/https/your.domain.com:443/VirtualHostR... [P,L] </VirtualHost> </IfDefine> Note: this module also depends on the proxy module, but the sintax is diferent. Regards, Josef Reuven M. Lerner wrote:

I've written a Zope application that needs to be behind SSL. I assumed that the most straightforward way to do this would be to (1) set up Zope on port 8080 and (2) use Apache to act as a proxy between the outside world and Zope. Unfortunately, while it was a piece of cake to set up a proxy for non-SSL access to Zope, I'm rather stumped regarding SSL. I've done non-SSL proxying for years with mod_rewrite, and it was really a snap, so I'm surprised that this is so difficult.

Zope is working just fine when I access it directly (using HTTP) on port 8080. I have installed the (self-signed) SSL certificate into Apache without any trouble, and am able to access individual documents on disk via SSL, using Apache. So if all I would want is to use Apache with SSL, I would be done by now. Here is the relevant portion of the Apache configuration file (with names and numbers changed somewhat):

<VirtualHost 66.123.23.17:443> ServerName myserver.com ServerAdmin reuven@lerner.co.il

SSLProxyEngine on RewriteEngine On

RewriteRule ^/(.*) http://localhost:8080/VirtualHostBase/https/myserver.com:443/app/$1 [L,P]

</VirtualHost>

The above should make it possible (I believe), an HTTPS connection between my browser and my cup. Apache should then take that incoming SSL request and issue its own request to the Zope server. Zope will respond, sending it back to Apache, which (in turn) sends it back to me.

But of course, that doesn't happen. Zope's provides indicates that many of the requests begin with "\x80g\x01\x03". My guess is that the SSL request is being piped to Zope directly, but it's hard to know from just a few characters. Does this mean that I need to do some more translating, from HTTP into HTTPS? Not that it should make any difference, but I'm running Apache 2.0.52 on Red Hat Enterprise 4.0, with Zope 2.7.5 and Python 2.3.4.

Thanks in advance for any advice you might have,

Reuven

_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )