[Zope] Portal/Portlets Integration and SSL
John Wubbel
john.wubbel@pediatricnetwork.com
Sat, 5 Jul 2003 14:46:11 -0400
Thank you to all who replied. The information was very helpful.
I decided to take up Dylan's suggestion. To resolve the problem I configured
httpd.conf under <VirtualHost _default_:443> with the following:
ProxyPass /sdp/ http://localhost:8000/
ProxyPassReverse /sdp/ http://localhost:8000/
ProxyVia on
Our portal supports multiple client companies and their documentation is not
generic enough for use across all clients. Thus in our IFrame portlets we
have a piece of Java code that looks at who is logged on and gets the client
company id (i.e., sjgkc6qcu1_O). The initial URL is built for the page
contained within this portlets frame
https://www.mydomainname.net/sdp/sjgkc6qcu1_O/SD_Business_Contingency_and_Di
saster_Recovery_Plans/BC_DR_Plans
Since the ZServer sits behind Apache the https://www.mydomainname.net/sdp
resolves to
http://localhost:8000/sjgkc6qcu1_O/SD_Business_Contingency_and_Disaster_Reco
very_Plans/BC_DR
We have a folder for each client such as sjgkc6qcu1_O and the last problem
to overcome was the fact that content returned by Zope contained hyperlinks
to other Zope documents. If the link was clicked on, it would pass to Apache
the https://localhost:8000 etc. to the client and fail. We resolved this by
using the "siteroot" object in the client folder as discussed in
http://www.zope.org/Members/anser/apache_zserver. All this and we thus far
have not had the need to develop any RewriteRules. Consequently, if a
clients document is confidential its transport is safe and secure. The only
remaining problem that is not portal related, is if we use the Zope
Administration and navigate into a clients folder where we defined
"siteroot" the mini icons for the folders are missing. It seems like the
path for the icon is wrong:
<td bgcolor="#000000" rowspan="4"><img src="/sjgkc6qcu1_O/p_/sp"
width="2" height="1" alt="" /></td>
I am not sure yet where it is picking up the /sp. I tried to set a ProxyPass
/misc_ & ProxyPass /p_ but it still is not resolving the location of the
icon images. We will keep working on it. Thus far we are very satisfied.
Thanks again Dylan!
Best Regards,
John Wubbel
----- Original Message -----
From: "Dylan Reinhardt" <zope@dylanreinhardt.com>
To: <john@johnwubbel.com>
Cc: <zope@zope.org>
Sent: Tuesday, July 01, 2003 11:36 AM
Subject: Re: [Zope] Portal/Portlets Integration and SSL
> I'd suggest using Apache as a reverse proxy for Zope. No sense in
> setting up SSL for Zope if you've already got it set up for Apache.
>
> See:
>
>
http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/VirtualHosting.s
tx
>
> HTH,
>
> Dylan
>
>
> On Tue, 2003-07-01 at 05:58, John Wubbel wrote:
> > I have built a portal using Jetspeed. It is configured on a Linux
> > platform with Apache, Tomcat running behind the Apache and ZServer for
> > the Zope. The Apache has been configured to be secure, has its own CA
> > with the mod_jk connector between Apache and Tomcat. The portal of
> > course has portlets of various web services and applications. A few
> > portlets support the presentation of content coming from Zope. We do
> > this using an IFrame portlet with a short piece of Java code on the
> > server side to service the portlet. So, when the portlet comes up, it
> > might contain a couple of hyper-links for the user to click on that will
> > display a document within the portlet frame. Thus, the embedded links
> > for the portlet will have a http://www.xyz.net:8000/... pointing to the
> > location of the document. This all works fine, however now I have 1 or 2
> > documents that are confidential and must be handled via https://... for
> > a particular portlet.
> >
> > I have been experimenting without much success. The browser of course
> > will indicate that not all components on the page are secure because of
> > the fact that the embedded links in the page have http in them. As soon
> > as I make the change to the https protocol, the links will not resolve.
> > Do I have to somehow make the ZServer also SSL compliant in some manner
> > in order for it to figure out what https means. Any help or comments
> > would be very much appreciated. TIA.
> >
> > John Wubbel
> > John Wubbel Consultancy
> >
> >
> > _______________________________________________
> > Zope maillist - Zope@zope.org
> > http://mail.zope.org/mailman/listinfo/zope
> > ** No cross posts or HTML encoding! **
> > (Related lists -
> > http://mail.zope.org/mailman/listinfo/zope-announce
> > http://mail.zope.org/mailman/listinfo/zope-dev )
>
>
> _______________________________________________
> Zope maillist - Zope@zope.org
> http://mail.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope-dev )
>