[Zope] Zope & SSL on Cobalt RAQ3, how to do it.

Simon Blandford home@simonb.org.uk
Sun, 18 Mar 2001 17:10:20 +0000


A while ago I posted a message asking how. Now I am posting a message
saying how so that anyone searching through the archives will find it.
I've used some information from the Howtos on the Zope site and
adapted it to be RAQ3 specific. There is no need to re-compile Apache
on the RAQ3 unless you are a glutten for punishment.

First install Zope and get it running on it's default port of 8080. You
probably want a start up script for init.d so here is one included at
the end of this post. I installed Zope as user "zope" in /home/zope and
created a special start script called "startd" for the init.d script to
call which is as follows...
#! /bin/sh
reldir=`dirname $0`
PYTHONHOME=`cd $reldir; pwd`
export PYTHONHOME
exec /home/zope/zope/bin/python \
     $PYTHONHOME/z2.py \
     -D "$@" \
     -u zope &
This starts Zope as user "zope" when called by root.

When Zope is up and running and starts and stops OK we need to get it
SSLed through Apache. Make sure that SSL is enabled in the Server/Site
management for the domain you are intending to Zopify. Next we need to
add the following lines to /etc/httpd/conf/httpd.conf at the following
point of the file...



# Proxy Server directives. Uncomment the following line to
# enable the proxy server:

#Turn Proxy on
ProxyRequests On

<Directory proxy:*>
        Order deny,allow
        Allow from all
</Directory>

#Direct proxy to Zope
ProxyPass /Zope http://www.yourdomain.org:8080/
ProxyPassReverse /Zope http://www.yourdomain.org:8080/
ProxyPass /misc_ http://www.yourdomain.org:8080/misc_
ProxyPass /p_ http://www.yourdomain.org:8080/p_
ProxyVia on

# To enable the cache as well, edit and uncomment the following lines:


We now need to restart Apache to recognize the changes with
/etc/rc.d/init.d/httpd restart. Check there are no errors reported.
I did not add the Proxy directives to the Virtual Host section becuase
this section of the httpd.conf file is overwritten by a bunch of Perl
scripts whenever you make any changes to the site. I don't mind having a

/Zope directory added to all the sites as it is highly unlikely anyone
will need a /Zope directory for anything else.

Next, Zope must allow for all the /Zope being added to everything. Go
into Zope on port 8080 and create a SiteRoot object called SiteRoot.
SiteRoot is now part of the Zope distribution and there is no need to
download it all over again. Enter the following information...

ID : SiteRoot
Tite: The base path for BK Zope with SSL
Base : https://www.yourdomain.org
Path : /Zope/

You should now find Zope completely unusable on port 8080 but magically
wonderful on ports 80 and 443. Notice we set the base to https, not
http. This forces any links in Zope to use SSL. If you completely mess
up your SiteRoot in Zope and you need to rescue it you will need this
magic URL...
http://www.yourdomain.org:8080/__no_before_traverse__/SiteRoot/manage_main

This got me out of a few jams.


Hope someone out there finds all this helpful,
Regards,
Simon Blandford.




Startup Script for Zope.

#!/bin/bash
#
#       /etc/rc.d/init.d/zope
#
# Starts the zope daemon - by Markoer
# Modified by S.Blandford to prevent infinite loop possibility if Zope
processes don't start.
#
# processname: zope

# Source function library.
. /etc/rc.d/init.d/functions

case "$1" in
  start)
        # Check if zope is already running
        if [ ! -f /var/lock/subsys/zope ] ; then
                echo -n 'Starting zope daemon: '
                /home/zope/zope/startd 2> /dev/null
                i=0
                while [ $i -lt 30 ]; do
                        [ -f /home/zope/zope/var/Z2.pid ] && break
                        sleep 1 && echo -n "."
                        let i=i+1
                done
                if [ $i -ge 30 ] ; then
                        echo "Time out."
                        exit 1
                else
                        cat /home/zope/zope/var/Z2.pid >
/var/lock/subsys/zope
                        touch /var/lock/subsys/zope
                        cat /home/zope/zope/var/Z2.pid >
/var/run/zope.pid
                        touch /var/run/zope
                        echo " OK"
                fi
        else
                echo "zope already running."
        fi
        echo
        ;;
  stop)
        echo -n 'Stopping zope daemon: '
        [ -f /home/zope/zope/var/Z2.pid ] && kill `cat
/home/zope/zope/var/Z2.pid`
                rm -f /var/lock/subsys/zope
                rm -f /home/zope/zope/var/Z2.pid
                rm -f /home/zope/zope/var/pcgi.soc
                rm -f /home/zope/zope/var/Data.fs.lock
                rm -f /home/zope/zope/var/zProcessManager.pid
                echo " OK"
        echo
        ;;
  reload|restart)
        $0 stop
        $0 start
        ;;
  status)
        if [ -f /home/zope/zope/var/Z2.pid ] ; then
                cat /home/zope/zope/var/Z2.pid > /var/lock/subsys/zope
                touch /var/lock/subsys/zope
                cat /home/zope/zope/var/Z2.pid > /var/run/zope.pid
                touch /var/run/zope
                echo "zope (pid `head -1 /var/run/zope.pid`) is
running..."
        else
                echo "zope not running."
        fi
        ;;
  *)
        echo "Usage: /etc/rc.d/init.d/zope
{start|stop|restart|reload|status}"
        exit 1
esac