[Zope] Apache

ruger@comnett.net ruger@comnett.net
Tue, 16 Apr 2002 14:50:01 -0700


Ok folks. I finally figured it out. It's the way our network is set up. We 
have two internal networks. 192.168.107 and 192.168.40. Each of the servers 
have two network cards. One with a .107 address and the other with a .40 
address. The .40 network is between the firewall and all of the servers that 
are getting port forwarded to (mail, web, etc.) It was our way of keeping the 
internet traffic off of our private network (a DMZ if you will).

The IP address that I was using for the virtual host in Apache was the .107 
number. That's why it worked on the local net and not on the other side of 
the firewall. All of the internet requests were coming in on the .40 address. 
I simply set up a second <VirtualHost> section for the .40 number on the 
server and BOOM! .. end of problem. Now it works for people inside and 
outside the firewall. I can't believe I missed that.

Thanks for all your help.

Rick


On Tuesday 16 April 2002 12:05 pm, you wrote:
> We don't have any transparent proxying on this firewall. It's just an
> IPTABLES firewall using PREROUTING portforwarding:
>
> /sbin/iptables -A PREROUTING -t nat -p tcp -d PUBLIC_IP --dport 80 -j DNAT
> --to PRIVATE_IP:80
>
> It works wonderful with just Zserver and I have used it countless other
> places with standard Apache / PHP servers.
>
> I looked into Virtualhostmonster. Apparently you have to use that with
> Apache? It isn't something that you can just use with Zserver?
>
> Anywho. Anymore suggestions would be welcome. The end result is that I have
> to get this web server secured. Whether I use Apache on the front end, or
> somebody can tell me how to get M2Crypto to work on this linux box.
>
> Thanks for all your help.
>
> Rick
>
> On Tuesday 16 April 2002 12:00 pm, you wrote:
> > D.Rick Anderson wrote:
> > > Ok. I'm still having a horrible time getting Apache working in front of
> > > my Zope installation through the firewall. I have Zope running on port
> > > 8080 and Apache running on port 80. Here's my VirtualHost section:
> > >
> > > <VirtualHost 192.168.107.3>
> > > ServerName www.hostname.com
> > > ProxyPass / http://www.hostname.com:8080/domain_subdir/
> > > ProxyPassReverse / http://www.hostname.com:8080
> > > </VirtualHost>
> > >
> > > That's the only way I could get ProxyPass to work on the local network,
> > > and it works great, but only on the local network. If you try to hit it
> > > outside our firewall you simply get the Apache "test" page. I've also
> > > done:
> >
> > I'd guess that perhaps you have a transparent proxy on your firewall
> > which is not forwarding Host: headers.
> >
> > Sniff your traffic as it arrives at your server.  My favourite quick and
> > dirty way of doing this is to run netcat listening on port 80 like so:
> >
> > # nc -vv -l -p 80
> >
> > And then request a page from outside your firewall, and watch what gets
> > dumped to your terminal.  You could alternatively use shane's tcpwatch
> > (do a search for it) or tcpdump or something like that to watch the
> > whole server - client conversation.
> >
> >  > <VirtualHost 192.168.107.3>
> >  > ServerName www.hostname.com
> >  > RewriteEngine on
> >  > RewriteCond %{HTTP:Authorization} ^(.*)
> >  > RewriteRule ^(.*) /var/www/cgi-bin/Zope.cgi$1
> >  > [e=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
> >  > </VirtualHost>
> >
> > BTW, the 'recommended' way of doing the apache/virtualhost thing is to
> > use virtualhostmonsters:
> >
> >    http://www.zope.org/Members/mwr/VHosts_With_Zope_Default
> >
> > or you could do it all in zope using:
> >
> >    http://www.zope.org/Members/sfm/SiteAccessEnhanced
> >
> > seb
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > Zope maillist  -  Zope@zope.org
> > http://lists.zope.org/mailman/listinfo/zope
> > **   No cross posts or HTML encoding!  **
> > (Related lists -
> >  http://lists.zope.org/mailman/listinfo/zope-announce
> >  http://lists.zope.org/mailman/listinfo/zope-dev )
>
> -------------------------------------------------------
>
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )