[Zope] zope fastcgi connection

Jamie Heilman jamie at audible.transient.net
Sun May 16 21:00:27 EDT 2004


stay on the list

Maric MICHAUD wrote:
> With zope 2.6... Oh ! So I think both WEBSERVER.txt and README.debian 
> need a little update... they describe PCGI, FastCGI but no mod_proxy... 
> (I used FastCGI cause it is told faster than PGCI and it's packaged for 
> debian).

Debian needs a lot more than a little update, like a boot to the
happysack, but thats neither here nor there.  I would strongly advise
against using the Debian package for Zope.

> Is the mod_proxy use described in zope 2.7's WEBSERVER.txt ?

No, WEBSERVER.txt is just misleading documentation that ships with
Zope for no good reason.  Despite that FastCGI *can* be used, as
you've found out, it doesn't really work all that well.  The
mod_rewrite technique isn't documented in that file, but it is
documented in the Zope Book online, which you should read, its full of
good information.

The thing you need to understand when it comes to setting up Zope, is
that there is really only 1 good way to do it, and a lot of somewhat
crappy ways to do it, which people tend to continue to offer as viable
alterntatives, even though they aren't.  The 1 good way, is to put an
HTTP gateway server in front of Zope's ZServer, and tell the gateway
to sanitize and rewrite requests before handing them to ZServer.  

Generally this means you bind ZServer to the loopback interface of
your host on an unpriviliged port (it defaults to 8080, but thats a
stupid default as 8080 is already commonly used by proxy servers;
thats one thing Debian did well, was default to a more reasonable port),
then forward requests from your gateway server (usually listenting on
port 80 and/or 443) to the loopback interface where ZServer is
listening.

When using apache as your gateway server, the best technique is to use
mod_rewrite w/mod_proxy loaded for the [P] option, as documented in
the Zope Book.  There is another technique which uses mod_proxy's
ProxyPass directives, but that technique isn't as flexible and is more
prone to painful misconfigurations that lead to security holes.  I
really wish people would stop recommending the latter technique or
even documenting how it works, but unfortunately, it too is mentioned
in the Zope Book.

-- 
Jamie Heilman                     http://audible.transient.net/~jamie/
"Paranoia is a disease unto itself, and may I add, the person standing
 next to you may not be who they appear to be, so take precaution."
						-Sathington Willoughby



More information about the Zope mailing list