[Zope] Using SSL with Zope/Apache with url rewriting.

[Jordi YC]

I finally got this working with fastcgi from the Zope howto Apache, Zope 
and FastCGI...

Be awaew of:
/var/www/htdocs/zope
127.0.0.1:8089
Zope.fcgi is an auto generated file.
My inexperience with Zope and Apache, but this works for me. Let me know 
if there is anything that makes no sense or how to get rid of the 
zope/Zope.fcgi from the URL.

And this is the script that starts Zope

#!/bin/sh
export INSTANCE_HOME=/home/zope
export PYTHONHOME=/usr/local/lib/zope
umask 077
exec /usr/local/bin/python2.1 -O $PYTHONHOME/z2.py -F 8089 -D "$@" -u 
www -p /home/zope/Zope.cgi

This is part of my httpd.conf


#Section 1
...
LoadModule proxy_module         /usr/lib/apache/modules/libproxy.so
LoadModule rewrite_module       /usr/lib/apache/modules/mod_rewrite.so
LoadModule fastcgi_module       /usr/lib/apache/modules/mod_fastcgi.so
...
AddModule mod_proxy.c
AddModule mod_alias.c
AddModule mod_rewrite.c
AddModule mod_access.c
AddModule mod_auth.c
AddModule mod_so.c
AddModule mod_setenvif.c
AddModule mod_ssl.c
AddModule mod_fastcgi.c

#Section 2

<IfModule mod_fastcgi.c>

FastCGIExternalServer /var/www/htdocs/zope/Zope.fcgi \
-host 127.0.0.1:8089 \
-pass-header Authorization

RewriteEngine on
ReWriteCond %{HTTP:Authorization} ^/(.*)
RewriteRule ^/(.*) /var/www/htdocs/zope/Zope.fcgi/$1 \
[e=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,L]

<Directory /var/www/htdocs/zope>
SetHandler fastcgi-script
AddHandler fastcgi-script .fcgi
AllowOverride none
Options ExecCGI
Order allow,deny
Allow from all
</Directory>

</IfModule>

<IfDefine SSL>
Listen 80
Listen 443
</IfDefine>

....
##
##  SSL Global Context
##
##  All SSL configuration in this context applies both to
##  the main server and all SSL-enabled virtual hosts.
##

#
#   Some MIME-types for downloading Certificates and CRLs
#
<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
</IfDefine>

<IfModule mod_ssl.c>

SSLPassPhraseDialog  builtin

SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  300

SSLMutex  file:logs/ssl_mutex

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLRandomSeed startup file:/dev/arandom  512
SSLLog      logs/ssl_engine_log
SSLLogLevel info

</IfModule>

<IfDefine SSL>

#
## SSL Virtual Host Context
##

<VirtualHost _default_:443>

#DocumentRoot /var/www/htdocs/manual
ServerName your.host.here
ServerAdmin you@here.com
ErrorLog logs/error_log
TransferLog logs/access_log

SSLEngine on
SSLCertificateFile    /etc/ssl/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key

CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>                                 

</IfDefine>

HTH

Alec Munro wrote:

>Chris Withers wrote:
>  
>
>>Alec Munro wrote:
>>    
>>
>>>virtual host monsters yet, I have almost no idea how to get SSL 
>>>working. I need a secure connection to Zope.
>>>      
>>>
>>Why? Surely that bit should be behind your firewall?
>>
>>cheers,
>>
>>Chris
>>    
>>
>
>I guess I misphrased it. I need a secure method of communication with
>Zope. I want to be able to log in to the ZMI, or other administration
>tools, from a remote location, without sending passwords flying across
>the internet in cleartext. The server is a dedicated box in San Antonio,
>and I'm in Halifax. I don't actually need the communication between
>Apache and Zope to be secure, at least as long as they are behind the
>same firewall.
>
>I think I've got it figured out anyway, but I would still appreciate
>suggestions.
>
>  
>