[Zope] Apache

ruger@comnett.net ruger@comnett.net
Tue, 16 Apr 2002 12:05:48 -0700 

We don't have any transparent proxying on this firewall. It's just an
IPTABLES firewall using PREROUTING portforwarding:

/sbin/iptables -A PREROUTING -t nat -p tcp -d PUBLIC_IP --dport 80 -j DNAT
--to PRIVATE_IP:80

It works wonderful with just Zserver and I have used it countless other
places with standard Apache / PHP servers.

I looked into Virtualhostmonster. Apparently you have to use that with
Apache? It isn't something that you can just use with Zserver?

Anywho. Anymore suggestions would be welcome. The end result is that I have
to get this web server secured. Whether I use Apache on the front end, or
somebody can tell me how to get M2Crypto to work on this linux box.

Thanks for all your help.

Rick

On Tuesday 16 April 2002 12:00 pm, you wrote:
> D.Rick Anderson wrote:
> > Ok. I'm still having a horrible time getting Apache working in front of
> > my Zope installation through the firewall. I have Zope running on port
> > 8080 and Apache running on port 80. Here's my VirtualHost section:
> >
> > <VirtualHost 192.168.107.3>
> > ServerName www.hostname.com
> > ProxyPass / http://www.hostname.com:8080/domain_subdir/
> > ProxyPassReverse / http://www.hostname.com:8080
> > </VirtualHost>
> >
> > That's the only way I could get ProxyPass to work on the local network,
> > and it works great, but only on the local network. If you try to hit it
> > outside our firewall you simply get the Apache "test" page. I've also
> > done:
>
> I'd guess that perhaps you have a transparent proxy on your firewall
> which is not forwarding Host: headers.
>
> Sniff your traffic as it arrives at your server.  My favourite quick and
> dirty way of doing this is to run netcat listening on port 80 like so:
>
> # nc -vv -l -p 80
>
> And then request a page from outside your firewall, and watch what gets
> dumped to your terminal.  You could alternatively use shane's tcpwatch
> (do a search for it) or tcpdump or something like that to watch the
> whole server - client conversation.
>
>  > <VirtualHost 192.168.107.3>
>  > ServerName www.hostname.com
>  > RewriteEngine on
>  > RewriteCond %{HTTP:Authorization} ^(.*)
>  > RewriteRule ^(.*) /var/www/cgi-bin/Zope.cgi$1
>  > [e=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
>  > </VirtualHost>
>
> BTW, the 'recommended' way of doing the apache/virtualhost thing is to
> use virtualhostmonsters:
>
>    http://www.zope.org/Members/mwr/VHosts_With_Zope_Default
>
> or you could do it all in zope using:
>
>    http://www.zope.org/Members/sfm/SiteAccessEnhanced
>
> seb
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )

-------------------------------------------------------