[Zope] Forcing all Zope access to come through an Apache/SSL proxy

Jürgen Herrmann Juergen.Herrmann at XLhost.de
Thu Apr 28 03:58:48 EDT 2005 

hi!

i use mod_proxy for this, here's the config snippet:

<virtualhost 1.2.3.4:443>
    ServerName foo.com
    ServerAdmin bar at foo.com
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/
    ProxyPass /misc_ http://localhost:8080/misc_
    ProxyPass /p_ http://localhost:8080/p_
    ProxyVia on
    SSLEngine on
    SSLCertificateFile /path/to/my/server.crt
    SSLCertificateKeyFile /path/to/my/server.key
</virtualhost>

i have to admit that i never tried mod_rewrite on this issue before,
so i can't tell you what's wrong with your config, i just can give you
an working solution :)

regards, juergen herrmann



[ Reuven M. Lerner wrote:]
> I've written a Zope application that needs to be behind SSL.  I assumed
> that the most straightforward way to do this would be to (1) set up Zope
> on port 8080 and (2) use Apache to act as a proxy between the outside
> world and Zope.  Unfortunately, while it was a piece of cake to set up a
> proxy for non-SSL access to Zope, I'm rather stumped regarding SSL.
> I've done non-SSL proxying for years with mod_rewrite, and it was really
> a snap, so I'm surprised that this is so difficult.
>
> Zope is working just fine when I access it directly (using HTTP) on port
> 8080.  I have installed the (self-signed) SSL certificate into Apache
> without any trouble, and am able to access individual documents on disk
> via SSL, using Apache.  So if all I would want is to use Apache with
> SSL, I would be done by now.
>
> Here is the relevant portion of the Apache configuration file (with
> names and numbers changed somewhat):
>
>     <VirtualHost 66.123.23.17:443>
>         ServerName myserver.com
>         ServerAdmin reuven at lerner.co.il
>
>         SSLProxyEngine on
>         RewriteEngine On
>
>         RewriteRule ^/(.*)
>     http://localhost:8080/VirtualHostBase/https/myserver.com:443/app/$1
>     [L,P]
>
>     </VirtualHost>
>
> The above should make it possible (I believe), an HTTPS connection
> between my browser and my cup.  Apache should then take that incoming
> SSL request and issue its own request to the Zope server.  Zope will
> respond, sending it back to Apache, which (in turn) sends it back to me.
>
> But of course, that doesn't happen.   Zope's provides indicates that
> many of the requests begin with "\x80g\x01\x03".  My guess is that the
> SSL request is being piped to Zope directly, but it's hard to know from
> just a few characters.  Does this mean that I need to do some more
> translating, from HTTP into HTTPS?
>
> Not that it should make any difference, but I'm running Apache 2.0.52 on
> Red Hat Enterprise 4.0, with Zope 2.7.5 and Python 2.3.4.
>
> Thanks in advance for any advice you might have,
>
> Reuven
>
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )
>


_______________________________________________________________________

>> XLhost.de - eXperts in Linux hosting <<

Juergen Herrmann
Weiherweg 10, 93051 Regensburg, Germany
Fon:  +49 (0)700 XLHOSTDE [0700 95467833]
Fax:  +49 (0)721 151 463027

ICQ:  27139974  -  IRC: #XLhost at quakenet
WEB:  http://www.XLhost.de

More information about the Zope mailing list