RE: [Zope] Apache/Zope newbie setup help
-----Original Message----- From: Randy Edwards [mailto:redwards@golgotha.net] Sent: Monday, May 24, 1999 8:10 PM To: zope@zope.org Subject: [Zope] Apache/Zope newbie setup help
Hi Folks,
I've been toying with Zope on an NT server machine for a few days and I'm interested enough to try it on the real server, my Debian GNU/Linux box running Apache-SSL 1.3.6.4.
I've read the install and webserver.txt docs but I still don't have the configuration just right. I can access Zope alright, and I put the rewrite rule in and that seems to be working. What I'm having a problem with is the access.
You are not alone, this particular step in Zope configuration has been dificult for many. Unfortunatly, the documentation is sparse, and the behavior of various zope Apache interactions is not entirely known enough to document thorougly. It is impossible to test and document Zope's behavior with each version of Apache, much less each *recent* version of Apache.
A couple of stupid questions, if you don't mind. What apache config file should the <Location...> block be put into; I'm assuming access.conf, correct? (And yes, I'm restarting apache to reread the config files (in case you're wondering).)
The apache I am most familiar with (the version escapes me) had a consolidated configuration file, httpd.conf. In reality the three file system is a holdover from NCSA server, and Apache just concatinates the three files anyway into one interal configuration, so the most recent versions of Apache have depreciated all but the primary (httpd.conf) file. Since it sounds like your Apache is older than the ones we have worked with (by nature of it's three file setup) you'll have to play with this a bit. First thing I would recommend doing is downloading Zap (avilable from the standard Download page on www.zope.org) and studing it's zap.conf file. Zap is a precompiled and preconfigured Zope + Apache for glibc6 linux systems. It's config file should give you a bit of a clue. Then, I would recommend turning on your RewriteLog, and setting the RewriteLogLevel to 9, and carefully looking at the log output (if you can't figure it out, send 1) your conf file (just relevant portions, please) 2) your rewriteloglovel 9 output (just a couple of hits) and 3) the exact circumstances in which it fails for you). This brings me to a second point. Someone out there *please* take a day's worth of time to help us sanify this whole Apache situation. There must be someone who is expert enough in Apache matters to make things easier on all of us. All of us know that Zope works just fine with Apache, and most of us run it in this configuration, therefore the effort needed to come up with clear documentation on how to get Zope working with Apache in most configurations should be near optimal-minimum. Whomever can write up a good tutorial on Zope + Apache matters and problem solving in a FAQ like format, will get a Zope T-shirt, attribution in the webserver.txt file, an area on www.zope.org to post your information, and the infinite respect of the Digital Creations team as a True Hero(tm) of Zope.
Though I get an authentication prompt, I just get an "Authentication failed. Retry?" prompt in Netscape. In the location block, I have AuthUserFile pointed at /usr/local/zope/access, which is the edited access file for my zope install. Does this sound correct?
Nope. It sounds like you are trying to get Apache to do the authorization for you. This is generally the wrong position to take unless you can't under any circumstances compile in or load in the rewrite module (you do have the rewrite module loaded right? Try 'httpd -l') . Don't use AuthUserFile at all, study the conf file that comes with Zap. In any case your stated config won't work at all, because Apache expects crypt()'ed passwords in the AuthUserFile, and Zope expects plain text.
Any tid-bits, smacks with a clue-bat, tips, and pointers to documentation would be greatly appreciated. Thanks in advance.
*Smack* study the zap.conf file. *Smack* study the zap.conf file. *Smack* study the zap.conf file. -Michel
-- Regards, | Windows98 (noun): 32 bit extensions and a . | graphical shell for a 16 bit patch to an 8 Randy | bit operating system originally coded for (redwards@golgotha.net) | a 4 bit microprocessor written by a 2 bit http://www.golgotha.net | company that can't stand 1 bit of competition.
_______________________________________________ Zope maillist - Zope@zope.org http://www.zope.org/mailman/listinfo/zope
(For developer-specific issues, use the companion list, zope-dev@zope.org - http://www.zope.org/mailman/listinfo/zope-dev )
On Tue, 25 May 1999, Michel Pelletier spewed into the bitstream:
This brings me to a second point. Someone out there *please* take a day's worth of time to help us sanify this whole Apache situation. There must be someone who is expert enough in Apache matters to make things easier on all of us. All of us know that Zope works just fine with Apache, and most of us run it in this configuration, therefore the effort needed to come up with clear documentation on how to get Zope working with Apache in most configurations should be near optimal-minimum. Whomever can write up a good tutorial on Zope + Apache matters and problem solving in a FAQ like format, will get a Zope T-shirt, attribution in the webserver.txt file, an area on www.zope.org to post your information, and the infinite respect of the Digital Creations team as a True Hero(tm) of Zope.
Hi! I've not contributed a thing before now but reading the above and liking Zope so much made me think it might be important... please understand... I've got it working but I "DO NOT" know what I'm doing with it yet so general Zope stuff is not gonna be my area for a while... OTOH I do know Linux pretty well and Apache as well so I was actually able to whip the authentication problem after reading through the list archives and a lot of whining and bitching on the list the other night... interestingly, nobody's answers worked for me until I found this. I had just seen Zope for the first time at Linux Expo so I was/am a rank newbie! Here's what I did........... THE OS RH Linux 5.1 (fully updated, of course) THE FILE LOCATION ENVIRONMENT Apache Version: apache_modperl-1.3.6-1.19 File locations for Apache: /etc/httpd/conf/ contains - access.conf, httpd.conf magic, srm.conf, zope_auth Apache's root is /home/httpd/ and it contains - cgi-bin, conf, html icons, logs The cgi-bin contains a copy (not a symlink) of Zope.cgi The Zope Directory: /usr/local/lib/Zope-2.0.0a1-src/ CONFIGURATION FILE SETTINGS FOR APACHE SETTING UP "srm.conf" # in /etc/httpd/conf/srm.conf # Note: without adding the cgi handler Zope is dead in the water! # To use CGI scripts: AddHandler cgi-script .cgi # 'zope_auth' is created on the command line with 'htpasswd -c # /etc/httpd/conf/zope_auth' 'username'. The same username should # be in /usr/local/lib/Zope-2.0.0a1-src/access and the plain text version # of the password you enter with the htpasswd -c command string! What # this does is encrypt the password in the zope_auth file and then, in # operation, apache passes it to Zope after it's verified a matching # user/password pair. IOW if your access file for Zope says - # user:password you would create a file called zope_auth by issuing the # following command on the Linux command line: # "htpasswd -c /path/where/you/want/to/put/the/file/zope_auth user" and # then when it comes up with it's prompt requesting you enter the password # you would type password hit enter and then type it again for # verification. <Location /cgi-bin/Zope/> AuthType Basic AuthName Zope-in AuthUserFile /path/where/you/want/to/put/the/file/zope_auth require valid-user </Location> SETTING UP "httpd.conf" # in /etc/httpd/conf/httpd.conf # Zope configuration maps /Zope/ to the Zope.cgi CGI script RewriteEngine on RewriteCond %{HTTP:Authorization} ^(.*) # Note: the following line is all on one line! The path to Zope.cgi has to # match the actual path to your system's cgi-bin/Zope.cgi RewriteRule ^/Zope/(.*) /home/httpd/cgi-bin/Zope.cgi/$1 [e=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l] SETTING UP THE Zope "access" file Ensure that the user:password pair you use here is identical to the one in zope_auth. The only difference between the two files is that the password in Zope's access file is not encrypted and the one in zope_auth is. Do not worry about this... it will work. What Apache's doing is verifying the user:password pair in it's own encrypted format and then passing it (once verified) in the clear to Zope.cgi which brings the Zope access file into play. After messing with this for at least six hours I have a very strong impression that this is not only "how" it works but the only way that it will... at least with my version of Apache. DOES IT WORK? Yes it does but there are a couple of tricks remaining to mention. First of all what you "think" the url should be is no longer the case. If you're browsing from the localhost type this: localhost/Zope/manage/ If not then adjust the hostname appropriately for your environment... just be aware that the changes we've made to the httpd.conf have mapped Zope (note that it is not Zope.cgi) to Zope.cgi. If you can think of it this way what we've done is "aliased" Zope.cgi to Zope! By the time you've gotten to this document you're likely to have attempted Zope access several times with failure. If that's the case then I highly recommend that you kill the Zope/python process before you hit the Zope URL for your machine. I was really frustrated by this because I had everything set up correctly and still couldn't gain access until I killed the process and let it start fresh. I was actually still trying to troubleshoot the problem without realizing that it was already working but screwed by the old process still running. Do a ps -aux to find it... what you're looking for is something this: nobody 3437 19.8 9.8 5056 4616 ? S 12:02 0:04 python /usr/local/lib do this: kill -9 3437 (where 3437 is the process ID or "pid" for python/Zope... your pid is likely to be different). Now hit the web browser again and all should be well with the world. CREDITS: Infinite thanks to the posting of Sture Lygren, raver@box.dust.za.net URL: "http://www.zope.org/pipermail/zope/1999-March/002471.html". This was the final answer for me and I've tried to re-state his method here for everybody's benefit. And me... well... I'm merely the interpreter of what he wrote so I won't claim the credit for working it out. If this document helps someone then that's enough for me. If you're looking for me you can find me at the URL in my sig (please don't ask me general Zope questions... I'm trying to figure it out myself!) Cheers! -- Chuck Mead, CTO - Moongroup Consulting, Inc.- http://www.moongroup.com/ Need help with sendmail/fetchmail/procmail or MUA's? Join the mailhelp mailing list. Send "s-u-b-s-c-r-i-b-e" (no quotes and no hyphens) in the subject line to mailhelp-request@moongroup.com to join.
Thanks to all who responded to my newbie pleas. It's very much appreciated. Well, Zope's up and running -- which is both good and bad. Good because it's now looking more interesting than ever; bad because I've got a lot of work to do! :-) Unfortunately, I'm not sure exactly what the problem was. I went through many different installs and configurations/reconfigurations. My final configuration that I've settled on uses apache-ssl and no browser authentication. I'm thinking (maybe wishful thinking, but...:-) that I had the configuration right several times and that probably the single biggest item of correction was Chuck's suggestion to kill the python processes to force a clean restart. I was killing Apache like a crazed cowboy after every config file edit, but never thought to do the same to python. -- Regards, | Debian GNU/ __ o http://www.debian.org . | / / _ _ _ _ _ __ __ Randy | / /__ / / / \// //_// \ \/ / (redwards@golgotha.net) | /____/ /_/ /_/\/ /___/ /_/\_\ http://www.golgotha.net | because lockups should only be for convicts.
On Tue, 25 May 1999, Randy Edwards spewed into the bitstream:
Thanks to all who responded to my newbie pleas. It's very much appreciated.
Well, Zope's up and running -- which is both good and bad. Good because it's now looking more interesting than ever; bad because I've got a lot of work to do! :-)
Unfortunately, I'm not sure exactly what the problem was. I went through many different installs and configurations/reconfigurations. My final configuration that I've settled on uses apache-ssl and no browser authentication.
I'm thinking (maybe wishful thinking, but...:-) that I had the configuration right several times and that probably the single biggest item of correction was Chuck's suggestion to kill the python processes to force a clean restart. I was killing Apache like a crazed cowboy after every config file edit, but never thought to do the same to python.
I'm telling you man... 4 in the morning and I was absolutely spitting bullets when I realized that had been my hang up for at least the last two hours! Sheesh! I'm glad you got it running... it does look interesting doesn't it!?! Cheers! -- Chuck Mead, CTO - Moongroup Consulting, Inc.- http://www.moongroup.com/ Need help with sendmail/fetchmail/procmail or MUA's? Join the mailhelp mailing list. Send "s-u-b-s-c-r-i-b-e" (no quotes and no hyphens) in the subject line to mailhelp-request@moongroup.com to join.
participants (3)
-
Chuck Mead -
Michel Pelletier -
Randy Edwards