Re: [Zope] zope fastcgi connection
stay on the list Maric MICHAUD wrote:
With zope 2.6... Oh ! So I think both WEBSERVER.txt and README.debian need a little update... they describe PCGI, FastCGI but no mod_proxy... (I used FastCGI cause it is told faster than PGCI and it's packaged for debian).
Debian needs a lot more than a little update, like a boot to the happysack, but thats neither here nor there. I would strongly advise against using the Debian package for Zope.
Is the mod_proxy use described in zope 2.7's WEBSERVER.txt ?
No, WEBSERVER.txt is just misleading documentation that ships with Zope for no good reason. Despite that FastCGI *can* be used, as you've found out, it doesn't really work all that well. The mod_rewrite technique isn't documented in that file, but it is documented in the Zope Book online, which you should read, its full of good information. The thing you need to understand when it comes to setting up Zope, is that there is really only 1 good way to do it, and a lot of somewhat crappy ways to do it, which people tend to continue to offer as viable alterntatives, even though they aren't. The 1 good way, is to put an HTTP gateway server in front of Zope's ZServer, and tell the gateway to sanitize and rewrite requests before handing them to ZServer. Generally this means you bind ZServer to the loopback interface of your host on an unpriviliged port (it defaults to 8080, but thats a stupid default as 8080 is already commonly used by proxy servers; thats one thing Debian did well, was default to a more reasonable port), then forward requests from your gateway server (usually listenting on port 80 and/or 443) to the loopback interface where ZServer is listening. When using apache as your gateway server, the best technique is to use mod_rewrite w/mod_proxy loaded for the [P] option, as documented in the Zope Book. There is another technique which uses mod_proxy's ProxyPass directives, but that technique isn't as flexible and is more prone to painful misconfigurations that lead to security holes. I really wish people would stop recommending the latter technique or even documenting how it works, but unfortunately, it too is mentioned in the Zope Book. -- Jamie Heilman http://audible.transient.net/~jamie/ "Paranoia is a disease unto itself, and may I add, the person standing next to you may not be who they appear to be, so take precaution." -Sathington Willoughby
Jamie Heilman a écrit :
stay on the list
Maric MICHAUD wrote:
With zope 2.6... Oh ! So I think both WEBSERVER.txt and README.debian need a little update... they describe PCGI, FastCGI but no mod_proxy... (I used FastCGI cause it is told faster than PGCI and it's packaged for debian).
Debian needs a lot more than a little update, like a boot to the happysack, but thats neither here nor there. I would strongly advise against using the Debian package for Zope.
For me it's a very good way to do, I got working zope 2.6 and plone ,in an instance with just a apt-get command. Once understood the zopectl.conf, two "tar xvzf" later and an instance with nuxeo CPS and one with plone are up ! I think it's not so bad...
Is the mod_proxy use described in zope 2.7's WEBSERVER.txt ?
No, WEBSERVER.txt is just misleading documentation that ships with Zope for no good reason. Despite that FastCGI *can* be used, as you've found out, it doesn't really work all that well. The mod_rewrite technique isn't documented in that file, but it is documented in the Zope Book online, which you should read, its full of good information.
I knew the zope book before, and did not remember of a Where I expect to find infos about server configuration (ZB 2.6 online chapt. 4 "Installing and Starting Zope" - http://www.zope.org/Members/anser/apache_zserver, I think it's the good one) I just found a very basic explanation of the idea (no example with ProxyPass). Also, there are references to the famous WEBSERVER.txt, and to an article on Devshed(?) which explain both PCGI and FastCGI confs and only mentions the mod_proxy one, but at less, here you'll find a link back to zope.org : http://www.zope.org/Members/anser/apache_zserver where finally the method is fully exposed ! As I very often go directly to the source of Zope for documentation it's not to surprise me, but for such a basic task (configure the server !) I think there's surely a little problem in the documentation...
The thing you need to understand when it comes to setting up Zope, is that there is really only 1 good way to do it, and a lot of somewhat crappy ways to do it, which people tend to continue to offer as viable alterntatives, even though they aren't. The 1 good way, is to put an HTTP gateway server in front of Zope's ZServer, and tell the gateway to sanitize and rewrite requests before handing them to ZServer.
Generally this means you bind ZServer to the loopback interface of your host on an unpriviliged port (it defaults to 8080, but thats a stupid default as 8080 is already commonly used by proxy servers; thats one thing Debian did well, was default to a more reasonable port), then forward requests from your gateway server (usually listenting on port 80 and/or 443) to the loopback interface where ZServer is listening.
When using apache as your gateway server, the best technique is to use mod_rewrite w/mod_proxy loaded for the [P] option, as documented in the Zope Book. There is another technique which uses mod_proxy's ProxyPass directives, but that technique isn't as flexible and is more prone to painful misconfigurations that lead to security holes. I really wish people would stop recommending the latter technique or even documenting how it works, but unfortunately, it too is mentioned in the Zope Book.
Maric MICHAUD wrote:
I knew the zope book before, and did not remember of a Where I expect to find infos about server configuration (ZB 2.6 online chapt. 4 "Installing and Starting Zope" - http://www.zope.org/Members/anser/apache_zserver, I think it's the good one)
Close, but you want to keep reading until... http://zope.org/Documentation/Books/ZopeBook/2_6Edition/VirtualHosting.stx -- Jamie Heilman http://audible.transient.net/~jamie/
Jamie Heilman a écrit :
Close, but you want to keep reading until... http://zope.org/Documentation/Books/ZopeBook/2_6Edition/VirtualHosting.stx
That's what I said :
one) I just found a very basic explanation of the idea (no example with ProxyPass).
Maric MICHAUD a écrit :
Jamie Heilman a écrit :
Close, but you want to keep reading until... http://zope.org/Documentation/Books/ZopeBook/2_6Edition/VirtualHosting.stx
That's what I said :
one) I just found a very basic explanation of the idea (no example with ProxyPass).
Ok, my mistake... as I read the two configurations schemes, the one in the ZB doesn't require the use of ProxyPass directive.
Jamie Heilman a écrit :
stay on the list
Maric MICHAUD wrote:
With zope 2.6... Oh ! So I think both WEBSERVER.txt and README.debian need a little update... they describe PCGI, FastCGI but no mod_proxy... (I used FastCGI cause it is told faster than PGCI and it's packaged for debian).
Debian needs a lot more than a little update, like a boot to the happysack, but thats neither here nor there. I would strongly advise against using the Debian package for Zope.
I really want to know why this advice, I pointed that the Zope Book is up-to-date for now and as far as I experienced all debian packaged products work like a charm... also you'll get automatic securities updates and it's not a little point especially for Zope (which administrator do it manually ?).
Maric MICHAUD wrote:
I really want to know why this advice, I pointed that the Zope Book is up-to-date for now and as far as I experienced all debian packaged products work like a charm... also you'll get automatic securities updates and it's not a little point especially for Zope (which administrator do it manually ?).
Well actually, the problem is... you don't get automatic security updates, because the maintainer is MIA when it comes to actually getting the job done. hence http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=196590 -- Jamie Heilman http://audible.transient.net/~jamie/ "...thats the metaphorical equivalent of flopping your wedding tackle into a lion's mouth and flicking his lovespuds with a wet towel, pure insanity..." -Rimmer
Oh ! bad news... Is testing/unstable versions (2.6.4-1.1) also out of date with security issues ? Jamie Heilman a écrit :
Maric MICHAUD wrote:
I really want to know why this advice, I pointed that the Zope Book is up-to-date for now and as far as I experienced all debian packaged products work like a charm... also you'll get automatic securities updates and it's not a little point especially for Zope (which administrator do it manually ?).
Well actually, the problem is... you don't get automatic security updates, because the maintainer is MIA when it comes to actually getting the job done. hence http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=196590
Maric MICHAUD wrote:
Oh ! bad news... Is testing/unstable versions (2.6.4-1.1) also out of date with security issues ?
Only to the same degree that 2.6.4 in general is, its not nearly as bad as Debian stable though. It remains to be seen if the 2.6 branch will be any better maintained [by Debian] than the 2.5 branch was though, and I'm not holding my breath. -- Jamie Heilman http://audible.transient.net/~jamie/ "I was in love once -- a Sinclair ZX-81. People said, "No, Holly, she's not for you." She was cheap, she was stupid and she wouldn't load -- well, not for me, anyway." -Holly
participants (2)
-
Jamie Heilman -
Maric MICHAUD