[Zope] Apache/Zope Newbie How-To (maybe....)

[Chuck Mead]

On Tue, 25 May 1999, Michel Pelletier spewed into the bitstream:
> This brings me to a second point.  Someone out there *please* take a
> day's worth of time to help us sanify this whole Apache situation.
> There must be someone who is expert enough in Apache matters to make
> things easier on all of us.  All of us know that Zope works just fine
> with Apache, and most of us run it in this configuration, therefore the
> effort needed to come up with clear documentation on how to get Zope
> working with Apache in most configurations should be near
> optimal-minimum.  Whomever can write up a good tutorial on Zope + Apache
> matters and problem solving in a FAQ like format, will get a Zope
> T-shirt, attribution in the webserver.txt file, an area on www.zope.org
> to post your information, and the infinite respect of the Digital
> Creations team as a True Hero(tm) of Zope.

Hi!  I've not contributed a thing before now but reading the above and
liking Zope so much made me think it might be important... please
understand... I've got it working but I "DO NOT" know what I'm doing with
it yet so general Zope stuff is not gonna be my area for a while... OTOH I
do know Linux pretty well and Apache as well so I was actually able to
whip the authentication problem after reading through the list archives
and a lot of whining and bitching on the list the other night...
interestingly, nobody's answers worked for me until I found this.  I had
just seen Zope for the first time at Linux Expo so I was/am a rank newbie!

Here's what I did...........

THE OS
RH Linux 5.1 (fully updated, of course)


THE FILE LOCATION ENVIRONMENT

Apache Version: apache_modperl-1.3.6-1.19

File locations for Apache:
/etc/httpd/conf/ contains - access.conf, httpd.conf magic, srm.conf,
zope_auth

Apache's root is /home/httpd/ and it contains - cgi-bin, conf, html
icons, logs

The cgi-bin contains a copy (not a symlink) of Zope.cgi

The Zope Directory: /usr/local/lib/Zope-2.0.0a1-src/

CONFIGURATION FILE SETTINGS FOR APACHE

SETTING UP "srm.conf"

# in /etc/httpd/conf/srm.conf
# Note: without adding the cgi handler Zope is dead in the water!
# To use CGI scripts:
AddHandler cgi-script .cgi


# 'zope_auth' is created on the command line with 'htpasswd -c
# /etc/httpd/conf/zope_auth' 'username'.  The same username should
# be in /usr/local/lib/Zope-2.0.0a1-src/access and the plain text version
# of the password you enter with the htpasswd -c command string!  What
# this does is encrypt the password in the zope_auth file and then, in
# operation, apache passes it to Zope after it's verified a matching
# user/password pair. IOW if your access file for Zope says -
# user:password you would create a file called zope_auth by issuing the
# following command on the Linux command line:
# "htpasswd -c /path/where/you/want/to/put/the/file/zope_auth user" and
# then when it comes up with it's prompt requesting you enter the password
# you would type password hit enter and then type it again for
# verification.

<Location /cgi-bin/Zope/>
        AuthType Basic
        AuthName Zope-in
        AuthUserFile /path/where/you/want/to/put/the/file/zope_auth
        require valid-user
</Location>

SETTING UP "httpd.conf"

# in /etc/httpd/conf/httpd.conf
# Zope configuration maps /Zope/ to the Zope.cgi CGI script
RewriteEngine on
RewriteCond %{HTTP:Authorization}  ^(.*)

# Note: the following line is all on one line! The path to Zope.cgi has to
# match the actual path to your system's cgi-bin/Zope.cgi

RewriteRule ^/Zope/(.*) /home/httpd/cgi-bin/Zope.cgi/$1
[e=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]

SETTING UP THE Zope "access" file

Ensure that the user:password pair you use here is identical to the one in
zope_auth.  The only difference between the two files is that the password
in Zope's access file is not encrypted and the one in zope_auth is.  Do
not worry about this... it will work.  What Apache's doing is verifying
the user:password pair in it's own encrypted format and then passing it
(once verified) in the clear to Zope.cgi which brings the Zope access
file into play.  After messing with this for at least six hours I have a
very strong impression that this is not only "how" it works but the only
way that it will... at least with my version of Apache.

DOES IT WORK?

Yes it does but there are a couple of tricks remaining to mention.  

First of all what you "think" the url should be is no longer the case.  If
you're browsing from the localhost type this:

localhost/Zope/manage/

If not then adjust the hostname appropriately for your environment... just
be aware that the changes we've made to the httpd.conf have mapped Zope
(note that it is not Zope.cgi) to Zope.cgi.  If you can think of it this
way what we've done is "aliased" Zope.cgi to Zope!

By the time you've gotten to this document you're likely to have attempted
Zope access several times with failure.  If that's the case then I highly
recommend that you kill the Zope/python process before you hit the Zope
URL for your machine.  I was really frustrated by this because I had
everything set up correctly and still couldn't gain access until I killed
the process and let it start fresh. I was actually still trying to
troubleshoot the problem without realizing that it was already working but
screwed by the old process still running. Do a ps -aux to find it... what
you're looking for is something this:

nobody 3437 19.8 9.8 5056 4616 ?  S 12:02 0:04 python /usr/local/lib

do this:  kill -9 3437 (where 3437 is the process ID or "pid" for
python/Zope... your pid is likely to be different).

Now hit the web browser again and all should be well with the world.

CREDITS:

Infinite thanks to the posting of Sture Lygren, raver@box.dust.za.net URL:
"http://www.zope.org/pipermail/zope/1999-March/002471.html".  This was the
final answer for me and I've tried to re-state his method here for
everybody's benefit.

And me... well... I'm merely the interpreter of what he wrote so I won't
claim the credit for working it out.  If this document helps someone then
that's enough for me.  If you're looking for me you can find me at the URL
in my sig (please don't ask me general Zope questions... I'm trying to
figure it out myself!)


Cheers!
--                         
Chuck Mead, CTO - Moongroup Consulting, Inc.- http://www.moongroup.com/
Need help with sendmail/fetchmail/procmail or MUA's?  Join the mailhelp mailing list. 
Send "s-u-b-s-c-r-i-b-e" (no quotes and no hyphens) in the subject line to
mailhelp-request@moongroup.com to join.