[Zope] Using SSL with Zope/Apache with url rewriting.
Ricardo Anguiano
anguiano@codesourcery.com
31 Jul 2002 07:56:57 -0700
"Alec Munro" <alec.munro@eoascientific.com> writes:
> I guess I misphrased it. I need a secure method of communication
> with Zope. I want to be able to log in to the ZMI, or other
> administration tools, from a remote location, without sending
> passwords flying across the internet in cleartext. The server is a
> dedicated box in San Antonio, and I'm in Halifax. I don't actually
> need the communication between Apache and Zope to be secure, at
> least as long as they are behind the same firewall.
>
> I think I've got it figured out anyway, but I would still appreciate
> suggestions.
>
> Thanks,
>
> Alec
This is what we did for apache + zope. There may be better ways. Make
sure you have mod_ssl installed. Add this section for your
<host.domain.com> and <ip-address> in httpd.conf and restart apache.
I tested it by watching tcpdump -x | hex2ascii. There were no
cleartext passwords and the content was also protected.
<VirtualHost ip-address:443>
ServerName host.domain.com
DocumentRoot /var/inet/html
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
RewriteEngine on
# Do not allow use of the Zope management interfaces.
RewriteCond %{REQUEST_URI} manage
RewriteRule manage - [F]
RewriteRule ^/(.*) http://localhost:8080/VirtualHostBase/https/host.domain.com:443/intranet/VirtualHostRoot/$1 [P,L]
</VirtualHost>
Ricardo Anguiano anguiano@codesourcery.com
CodeSourcery, LLC http://www.codesourcery.com