[Zope] Apache ProxyPass and ZServer
ambrus@ittk.hu
ambrus@ittk.hu
Wed, 10 May 2000 22:46:55 +0200
>I haven't found anything in the HowTo that says how one would deal
>with SSL so I _guess_ it's not possible. Is that true?
>
>--Ragnar
Actually it _is_ possible. But only (well, to me at least) to some
degree.
And a bit of hacker' attitude (should we rather call it zen?) ,-)
I use Apache+mod_ssl on linux. First, download the siteaccess product.
Then add a dtml method to the root folder and then set it up as an
access rule.
I use the following setup
<dtml-call "REQUEST.set('SiteRootPATH', '/')">
<dtml-if "1+(_.string.find(PATH_INFO, 'manage'))">
<dtml-let HOSTNAME="_.string.replace(HOSTNAME, 'http://','https://')">
<dtml-call "REQUEST.set('SiteRootBASE', HOSTNAME)">
</dtml-let>
<dtml-else>
<dtml-call "REQUEST.set('SiteRootBASE', HOSTNAME)">
</dtml-if>
<dtml-call "REQUEST.setURL(base=SiteRootBASE, path=SiteRootPATH)">
It's rude, and by far not the best solution, but it works.
The variable HOSTNAME allows you to do virtualhosting and to set the
base url
on a per folder basis. e.g. you set the property on 'myfolder' to
http://mysite.com.
This way, you could add (from the ground up) ssl-ed sites as well, just
modify the above method to check if
HOSTNAME has https in it.
As You see, I primarily added the above to be able to securely
administer a site (and to do virtualhosting).
However, there still is a problem: you have to call the /managed URL
with the https:// perfix, otherwise
your password goes to the server UNencrypted. The interface actually
gets encrypted.
So, if zope sees an url with /manage at the end, it should redirect you
to the same url but with a https:// prefix.
Any ideas, zope gurus?
Have a nice day
Ambrose