[Zope] Forcing all Zope access to come through an Apache/SSL proxy

Daniel Dekany ddekany at freemail.hu
Thu Apr 28 04:11:24 EDT 2005 

Thursday, April 28, 2005, 8:23:27 AM, Reuven M. Lerner wrote:

> I've written a Zope application that needs to be behind SSL.  I assumed
> that the most straightforward way to do this would be to (1) set up Zope
> on port 8080 and (2) use Apache to act as a proxy between the outside 
> world and Zope.  Unfortunately, while it was a piece of cake to set up a
> proxy for non-SSL access to Zope, I'm rather stumped regarding SSL.  
> I've done non-SSL proxying for years with mod_rewrite, and it was really
> a snap, so I'm surprised that this is so difficult.
[snip]

I copy-paste bellow something similar... It's a bit more what you
wanted, as it let you access the t1.net with HTTP and HTTPS, and t2.net
with HTTP only.

1. In Zope, I have made a VirtualHostMonster. I guess doesn't mater where I
do it, but it happens to be in the root of the ZODB.

2. In the Apache2 httpd.conf (the /siteRoot_t1.net is a Plone object
that corresponds to http://t1.net/, etc.):

...

NameVirtualHost *:80

<VirtualHost *:80>
    ServerName t1.net
    ProxyPass / http://localhost:8080/VirtualHostBase/http/t1.net:80/siteRoot_t1.net/VirtualHostRoot/
    ProxyPassReverse / http://localhost:8080/VirtualHostBase/http/t1.net:80/siteRoot_t1.net/VirtualHostRoot/
</VirtualHost>

<VirtualHost *:80>
    ServerName t2.net
    ProxyPass / http://localhost:8080/VirtualHostBase/http/t2.net:80/siteRoot_t2.net/VirtualHostRoot/
    ProxyPassReverse / http://localhost:8080/VirtualHostBase/http/t2.net:80/siteRoot_t2.net/VirtualHostRoot/
</VirtualHost>

<VirtualHost _default_:443>
    ServerName t1.net
    
    SSLEngine On
    SSLCertificateFile conf/ssl/t1.cert
    SSLCertificateKeyFile conf/ssl/t1.key
    SetEnvIf User-Agent ".*MSIE.*" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0
    #CustomLog logs/ssl_request_log \
    #          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    
    ProxyPass / http://localhost:8080/VirtualHostBase/https/t1.net:443/siteRoot_t1.net/VirtualHostRoot/
    ProxyPassReverse / http://localhost:8080/VirtualHostBase/https/t1.net:443/siteRoot_t1.net/VirtualHostRoot/
</VirtualHost>

...

More information about the Zope mailing list