[Zope-CMF] Running Zope behind Squid on the same host
sean.upton@uniontrib.com
sean.upton@uniontrib.com
Thu, 30 Jan 2003 14:41:20 -0800
Thanks for the write-up on this. As a fellow Squid+Zope user, I think this
is helpful. I haven't used SquidGuard, though I considered it at one point;
I might also recommend considering using Pyredir
(http://freshmeat.net/projects/pyredir/) as your redirector instead of
Squidguard; it is written in Python (thus can be easily hacked, for example,
I turned off logging), and has a simple configuration file syntax (one line
per rule, an example is below).
#============= Top part of my pyredir.conf file =======
methods: GET,POST,HEAD,ICP_QUERY
clients: 0.0.0.0/0
^http://classifieds.uniontrib.com[/]?(.*)
=http://nodes:9673/Classifieds/VirtualHostBase/http/classifieds.uniontrib.co
m:80/Classifieds/VirtualHostRoot/\1
#======================================================
I haven't noticed there being any issues with speed, though this is likely
to be slower than a redirector written in C. For an accelerator, it would
be nice to minimize this, by optionally caching redirection values (thus
saving Squid the time needed for communication between the redirector
process and itself, as well as the CPU time needed by the redirector);
unfortunately, Squid, at the moment does not cache redirector return values,
though one could likely take the code in Squid for IP lookup caching and use
the same idea to cache the returned resulting URLs passed from the
redirector. I may look to do this in the future, one day when I have time.
Sean
-----Original Message-----
From: J C Lawrence [mailto:claw@kanga.nu]
Sent: Wednesday, January 29, 2003 12:50 PM
To: zope-cmf@zope.org
Subject: [Zope-CMF] Running Zope behind Squid on the same host
The typical advice is to run Zope behind Apache. For various reasons,
among which are that I found Squid faster, I don't want to do that. I
went thru the HOWTOs on zope.org and found them ineffective. In
particular Marc Bowery's HOWTO at:
http://www.zope.org/Members/bowerymarc/squid-zserver-virtual
cost me two days before I abandoned it as a dead end and not quite what
I needed. The below approach required little more than 45 minutes to
discover, research, and implement.
Note: I've not (yet) paid mind to implementing proper Squid cache
security so as to not be operating an open cache for others to abuse.
As such I won't be addressing those concerns. However, they are not
difficult problems and there are thorough and articulate discussions
of the area for Squid as a general product, outside of any Zope
specifics. As such, I'll leave those discussions there.
You don't want to be running an open cache any more than you want to
be running an open mail relay. Pay attention. You have been warned.
Here's how I got it working.
Notes:
- Nothing here is CMF specific. However, I'm not on the base Zope
list and I am on this list. Please feel free to crosspost this to
the base Zope lists as you see fit.
- Some details are mildly Linux/Debian specific, butt they should be
obvious and easy to translate for other Linux distributions or other
Unixes.
- Please forward corrections, suggestions, or updates to me at the
above address and I'll look to incorporating them into this doc.
Tools needed:
- Zope -- http://www.zope.org
- Squid -- http://www.squid-cache.org/
- SquidGuard -- http://www.squidguard.org/
- SiteAccessEnhanced -- http://www.zope.org/Members/sfm/SiteAccessEnhanced
*Note: I initially tried to use Jesred but was unable to get it to
process http POSTs correctly and reliably. While it is simpler and
smaller than SquidGuard, it also appears to be slower.*
Installation:
Install all the above in the normal way. For Linux/Debian Zope,
Squid, and SquidGuard and be retrieved and installed via `apt-get`.
You'll need to install SiteAccessEnhanced in the normal Zope way by
unpacking it in your Zope products directory and restarting Zope.
Configuration:
If you have any questions on the below, please consult the relevant
documentation, help files, web sites, and sources before asking me.
- Zope:
Using the ZMI create a VirtualHostMonster (the name of the product
that SiteAccessEnhanced installs) in the root of your Zope system.
Call it anything you want.
- Squid:
Use the following configuration options over and above the Debian
defaults:
http_port 80
redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
httpd_accel_host virtual
httpd_accel_port 0
Other changes may be necessary if you are not using Linux/Debian or
have a different initial default squid.conf.
- SquidGuard:
Use the following SquidGuard configuration file::
dbhome /var/lib/squidguard/db
logdir /var/log/squid
acl {
default {
redirect
http://localhost:9673/VirtualHostBase/http/your.host.dom:80/root_folder/Virt
ualHostRoot/%p
}
}
Where:
your.host.dom -- is the FQDN of the host in question.
root_folder -- is the Zope folder that you want to be the root
folder of your site.
9673 -- Is the default port that Linux/Debian runs Zope on.
Change to suit your installation.
You could also use rewrite rules under SquidGuard instead of the
redirect used above, but they are more expensive.
- SiteAccessEnhanced
Using the ZMI install a VirtualHostMonster object in the root folder
of your Zope installatiom. You will not need to configure it for
this simple HOWTO.
Voila! Restart Zope and Squid for the changes to take effect and
everything should be happily working on port 80.
Note that you'll need to do something more complex and interesting for
proper virtual host support. As this is a simple get-you-started HOWTO
I've not covered that.
I've also posted this HOWTO to Zope.org at:
http://www.zope.org/Members/JCLawrence/LocalhostSquidHOWTO/index_html
and will be the current version at any time.
Enjoy.
--
J C Lawrence
---------(*) Satan, oscillate my metallic sonatas.
claw@kanga.nu He lived as a devil, eh?
http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
_______________________________________________
Zope-CMF maillist - Zope-CMF@zope.org
http://lists.zope.org/mailman/listinfo/zope-cmf
See http://collector.zope.org/CMF for bug reports and feature requests