[Zope] Forcing all Zope access to come through an Apache/SSL proxy

Reuven M. Lerner reuven at lerner.co.il
Thu Apr 28 02:23:27 EDT 2005 

I've written a Zope application that needs to be behind SSL.  I assumed 
that the most straightforward way to do this would be to (1) set up Zope 
on port 8080 and (2) use Apache to act as a proxy between the outside 
world and Zope.  Unfortunately, while it was a piece of cake to set up a 
proxy for non-SSL access to Zope, I'm rather stumped regarding SSL.  
I've done non-SSL proxying for years with mod_rewrite, and it was really 
a snap, so I'm surprised that this is so difficult.

Zope is working just fine when I access it directly (using HTTP) on port 
8080.  I have installed the (self-signed) SSL certificate into Apache 
without any trouble, and am able to access individual documents on disk 
via SSL, using Apache.  So if all I would want is to use Apache with 
SSL, I would be done by now. 

Here is the relevant portion of the Apache configuration file (with 
names and numbers changed somewhat):

    <VirtualHost 66.123.23.17:443>
        ServerName myserver.com
        ServerAdmin reuven at lerner.co.il

        SSLProxyEngine on
        RewriteEngine On

        RewriteRule ^/(.*)
    http://localhost:8080/VirtualHostBase/https/myserver.com:443/app/$1
    [L,P]

    </VirtualHost>

The above should make it possible (I believe), an HTTPS connection 
between my browser and my cup.  Apache should then take that incoming 
SSL request and issue its own request to the Zope server.  Zope will 
respond, sending it back to Apache, which (in turn) sends it back to me.

But of course, that doesn't happen.   Zope's provides indicates that 
many of the requests begin with "\x80g\x01\x03".  My guess is that the 
SSL request is being piped to Zope directly, but it's hard to know from 
just a few characters.  Does this mean that I need to do some more 
translating, from HTTP into HTTPS?   

Not that it should make any difference, but I'm running Apache 2.0.52 on 
Red Hat Enterprise 4.0, with Zope 2.7.5 and Python 2.3.4.

Thanks in advance for any advice you might have,

Reuven

More information about the Zope mailing list