[Zope] Re: Forcing all Zope access to come through an Apache/SSL proxy

Josef Meile jmeile at hotmail.com
Thu Apr 28 05:15:56 EDT 2005


Hi,

I saw that others already answered to your question; however, they use
the proxy module and you are using rewrite, which is what I use:

<IfDefine SSL>
<VirtualHost YOUR_IP:443>
   ServerName your.domain.com
   ServerAlias your.domain.com *.your.domain.com
   SSLEngine on
   SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
   SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
   SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
   RewriteEngine On
   RewriteRule ^/(.*) 
http://localhost:8080/VirtualHostBase/https/your.domain.com:443/VirtualHostRoot/$1 
[P,L]
</VirtualHost>
</IfDefine>

Note: this module also depends on the proxy module, but the sintax
is diferent.

Regards,
Josef

Reuven M. Lerner wrote:
> I've written a Zope application that needs to be behind SSL.  I assumed 
> that the most straightforward way to do this would be to (1) set up Zope 
> on port 8080 and (2) use Apache to act as a proxy between the outside 
> world and Zope.  Unfortunately, while it was a piece of cake to set up a 
> proxy for non-SSL access to Zope, I'm rather stumped regarding SSL.  
> I've done non-SSL proxying for years with mod_rewrite, and it was really 
> a snap, so I'm surprised that this is so difficult.
> 
> Zope is working just fine when I access it directly (using HTTP) on port 
> 8080.  I have installed the (self-signed) SSL certificate into Apache 
> without any trouble, and am able to access individual documents on disk 
> via SSL, using Apache.  So if all I would want is to use Apache with 
> SSL, I would be done by now.
> Here is the relevant portion of the Apache configuration file (with 
> names and numbers changed somewhat):
> 
>    <VirtualHost 66.123.23.17:443>
>        ServerName myserver.com
>        ServerAdmin reuven at lerner.co.il
> 
>        SSLProxyEngine on
>        RewriteEngine On
> 
>        RewriteRule ^/(.*)
>    http://localhost:8080/VirtualHostBase/https/myserver.com:443/app/$1
>    [L,P]
> 
>    </VirtualHost>
> 
> The above should make it possible (I believe), an HTTPS connection 
> between my browser and my cup.  Apache should then take that incoming 
> SSL request and issue its own request to the Zope server.  Zope will 
> respond, sending it back to Apache, which (in turn) sends it back to me.
> 
> But of course, that doesn't happen.   Zope's provides indicates that 
> many of the requests begin with "\x80g\x01\x03".  My guess is that the 
> SSL request is being piped to Zope directly, but it's hard to know from 
> just a few characters.  Does this mean that I need to do some more 
> translating, from HTTP into HTTPS?  
> Not that it should make any difference, but I'm running Apache 2.0.52 on 
> Red Hat Enterprise 4.0, with Zope 2.7.5 and Python 2.3.4.
> 
> Thanks in advance for any advice you might have,
> 
> Reuven
> 
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope-dev )
> 




More information about the Zope mailing list