[Zope-CMF] Running Zope behind Squid on the same host

Marc Lindahl marc@bowery.com
Sun, 27 Apr 2003 22:48:39 -0400


FWIW you never contacted me concerning the FAQ... it's worked for me,  
with 3 separate computers.

Also concerning your note about Squid security -- I STRONGLY advise  
anyone using Squid to thoroughly understand this - my first try at it  
(relying on defaults) made me a SMTP relay (yes, spammers use Squid to  
relay port 25!).

Marc Lindahl
http://www.zope.org/Members/bowerymarc/

On Wednesday, January 29, 2003, at 03:50  PM, J C Lawrence wrote:

>
> The typical advice is to run Zope behind Apache.  For various reasons,
> among which are that I found Squid faster, I don't want to do that.  I
> went thru the HOWTOs on zope.org and found them ineffective.  In
> particular Marc Bowery's HOWTO at:
>
>   http://www.zope.org/Members/bowerymarc/squid-zserver-virtual
>
> cost me two days before I abandoned it as a dead end and not quite what
> I needed.  The below approach required little more than 45 minutes to
> discover, research, and implement.
>
>   Note: I've not (yet) paid mind to implementing proper Squid cache
>   security so as to not be operating an open cache for others to abuse.
>   As such I won't be addressing those concerns.  However, they are not
>   difficult problems and there are thorough and articulate discussions
>   of the area for Squid as a general product, outside of any Zope
>   specifics.  As such, I'll leave those discussions there.
>
>   You don't want to be running an open cache any more than you want to
>   be running an open mail relay.  Pay attention.  You have been warned.
>
> Here's how I got it working.
>
>   Notes:
>
>     - Nothing here is CMF specific.  However, I'm not on the base Zope
>     list and I am on this list.  Please feel free to crosspost this to
>     the base Zope lists as you see fit.
>
>     - Some details are mildly Linux/Debian specific, butt they should  
> be
>     obvious and easy to translate for other Linux distributions or  
> other
>     Unixes.
>
>     - Please forward corrections, suggestions, or updates to me at the
>     above address and I'll look to incorporating them into this doc.
>
> Tools needed:
>
>   - Zope               -- http://www.zope.org
>
>   - Squid              -- http://www.squid-cache.org/
>
>   - SquidGuard         -- http://www.squidguard.org/
>
>   - SiteAccessEnhanced --  
> http://www.zope.org/Members/sfm/SiteAccessEnhanced
>
>   *Note: I initially tried to use Jesred but was unable to get it to
>   process http POSTs correctly and reliably.  While it is simpler and
>   smaller than SquidGuard, it also appears to be slower.*
>
> Installation:
>
>   Install all the above in the normal way.  For Linux/Debian Zope,
>   Squid, and SquidGuard and be retrieved and installed via `apt-get`.
>   You'll need to install SiteAccessEnhanced in the normal Zope way by
>   unpacking it in your Zope products directory and restarting Zope.
>
> Configuration:
>
>   If you have any questions on the below, please consult the relevant
>   documentation, help files, web sites, and sources before asking me.
>
>   - Zope:
>
>     Using the ZMI create a VirtualHostMonster (the name of the product
>     that SiteAccessEnhanced installs) in the root of your Zope system.
>     Call it anything you want.
>
>   - Squid:
>
>     Use the following configuration options over and above the Debian
>     defaults:
>
>       http_port 80
>       redirect_program /usr/bin/squidGuard -c  
> /etc/squid/squidGuard.conf
>       httpd_accel_host virtual
>       httpd_accel_port 0
>
>     Other changes may be necessary if you are not using Linux/Debian or
>     have a different initial default squid.conf.
>
>   - SquidGuard:
>
>     Use the following SquidGuard configuration file::
>
>        dbhome /var/lib/squidguard/db
>        logdir /var/log/squid
>        acl {
>            default {
>                redirect  
> http://localhost:9673/VirtualHostBase/http/your.host.dom:80/ 
> root_folder/VirtualHostRoot/%p
>             }
>        }
>
>     Where:
>
>       your.host.dom -- is the FQDN of the host in question.
>
>       root_folder -- is the Zope folder that you want to be the root
>       folder of your site.
>
>       9673 -- Is the default port that Linux/Debian runs Zope on.
>       Change to suit your installation.
>
>     You could also use rewrite rules under SquidGuard instead of the
>     redirect used above, but they are more expensive.
>
>   - SiteAccessEnhanced
>
>     Using the ZMI install a VirtualHostMonster object in the root  
> folder
>     of your Zope installatiom.  You will not need to configure it for
>     this simple HOWTO.
>
> Voila!  Restart Zope and Squid for the changes to take effect and
> everything should be happily working on port 80.
>
> Note that you'll need to do something more complex and interesting for
> proper virtual host support.  As this is a simple get-you-started HOWTO
> I've not covered that.
>
> I've also posted this HOWTO to Zope.org at:
>
>   http://www.zope.org/Members/JCLawrence/LocalhostSquidHOWTO/index_html
>
> and will be the current version at any time.
>
> Enjoy.
>
> --
> J C Lawrence
> ---------(*)                Satan, oscillate my metallic sonatas.
> claw@kanga.nu               He lived as a devil, eh?
> http://www.kanga.nu/~claw/  Evil is a name of a foeman, as I live.
>
>
> _______________________________________________
> Zope-CMF maillist  -  Zope-CMF@zope.org
> http://lists.zope.org/mailman/listinfo/zope-cmf
>
> See http://collector.zope.org/CMF for bug reports and feature requests