[Zope-CMF] Running Zope behind Squid on the same host
Marc Lindahl
marc@bowery.com
Sun, 27 Apr 2003 22:48:39 -0400
FWIW you never contacted me concerning the FAQ... it's worked for me,
with 3 separate computers.
Also concerning your note about Squid security -- I STRONGLY advise
anyone using Squid to thoroughly understand this - my first try at it
(relying on defaults) made me a SMTP relay (yes, spammers use Squid to
relay port 25!).
Marc Lindahl
http://www.zope.org/Members/bowerymarc/
On Wednesday, January 29, 2003, at 03:50 PM, J C Lawrence wrote:
>
> The typical advice is to run Zope behind Apache. For various reasons,
> among which are that I found Squid faster, I don't want to do that. I
> went thru the HOWTOs on zope.org and found them ineffective. In
> particular Marc Bowery's HOWTO at:
>
> http://www.zope.org/Members/bowerymarc/squid-zserver-virtual
>
> cost me two days before I abandoned it as a dead end and not quite what
> I needed. The below approach required little more than 45 minutes to
> discover, research, and implement.
>
> Note: I've not (yet) paid mind to implementing proper Squid cache
> security so as to not be operating an open cache for others to abuse.
> As such I won't be addressing those concerns. However, they are not
> difficult problems and there are thorough and articulate discussions
> of the area for Squid as a general product, outside of any Zope
> specifics. As such, I'll leave those discussions there.
>
> You don't want to be running an open cache any more than you want to
> be running an open mail relay. Pay attention. You have been warned.
>
> Here's how I got it working.
>
> Notes:
>
> - Nothing here is CMF specific. However, I'm not on the base Zope
> list and I am on this list. Please feel free to crosspost this to
> the base Zope lists as you see fit.
>
> - Some details are mildly Linux/Debian specific, butt they should
> be
> obvious and easy to translate for other Linux distributions or
> other
> Unixes.
>
> - Please forward corrections, suggestions, or updates to me at the
> above address and I'll look to incorporating them into this doc.
>
> Tools needed:
>
> - Zope -- http://www.zope.org
>
> - Squid -- http://www.squid-cache.org/
>
> - SquidGuard -- http://www.squidguard.org/
>
> - SiteAccessEnhanced --
> http://www.zope.org/Members/sfm/SiteAccessEnhanced
>
> *Note: I initially tried to use Jesred but was unable to get it to
> process http POSTs correctly and reliably. While it is simpler and
> smaller than SquidGuard, it also appears to be slower.*
>
> Installation:
>
> Install all the above in the normal way. For Linux/Debian Zope,
> Squid, and SquidGuard and be retrieved and installed via `apt-get`.
> You'll need to install SiteAccessEnhanced in the normal Zope way by
> unpacking it in your Zope products directory and restarting Zope.
>
> Configuration:
>
> If you have any questions on the below, please consult the relevant
> documentation, help files, web sites, and sources before asking me.
>
> - Zope:
>
> Using the ZMI create a VirtualHostMonster (the name of the product
> that SiteAccessEnhanced installs) in the root of your Zope system.
> Call it anything you want.
>
> - Squid:
>
> Use the following configuration options over and above the Debian
> defaults:
>
> http_port 80
> redirect_program /usr/bin/squidGuard -c
> /etc/squid/squidGuard.conf
> httpd_accel_host virtual
> httpd_accel_port 0
>
> Other changes may be necessary if you are not using Linux/Debian or
> have a different initial default squid.conf.
>
> - SquidGuard:
>
> Use the following SquidGuard configuration file::
>
> dbhome /var/lib/squidguard/db
> logdir /var/log/squid
> acl {
> default {
> redirect
> http://localhost:9673/VirtualHostBase/http/your.host.dom:80/
> root_folder/VirtualHostRoot/%p
> }
> }
>
> Where:
>
> your.host.dom -- is the FQDN of the host in question.
>
> root_folder -- is the Zope folder that you want to be the root
> folder of your site.
>
> 9673 -- Is the default port that Linux/Debian runs Zope on.
> Change to suit your installation.
>
> You could also use rewrite rules under SquidGuard instead of the
> redirect used above, but they are more expensive.
>
> - SiteAccessEnhanced
>
> Using the ZMI install a VirtualHostMonster object in the root
> folder
> of your Zope installatiom. You will not need to configure it for
> this simple HOWTO.
>
> Voila! Restart Zope and Squid for the changes to take effect and
> everything should be happily working on port 80.
>
> Note that you'll need to do something more complex and interesting for
> proper virtual host support. As this is a simple get-you-started HOWTO
> I've not covered that.
>
> I've also posted this HOWTO to Zope.org at:
>
> http://www.zope.org/Members/JCLawrence/LocalhostSquidHOWTO/index_html
>
> and will be the current version at any time.
>
> Enjoy.
>
> --
> J C Lawrence
> ---------(*) Satan, oscillate my metallic sonatas.
> claw@kanga.nu He lived as a devil, eh?
> http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
>
>
> _______________________________________________
> Zope-CMF maillist - Zope-CMF@zope.org
> http://lists.zope.org/mailman/listinfo/zope-cmf
>
> See http://collector.zope.org/CMF for bug reports and feature requests