Re: [Zope] Zope 2.9 and SSL
Ron Bickers wrote: Except that I don't have Apache installed anymore. :-) I know at one time it did not report Zope, but that may have been way back before I was using mod_proxy. I see that the ozzope.org Plone site reports Apache. So they must not be using mod_proxy, yes? Porbably both using (Fast/P)CGI... yurch! Chris -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope 2.9 and SSL
On 2/16/06, Ron Bickers [EMAIL PROTECTED] wrote: On Thu February 16 2006 03:31, you wrote: http://www.lighttpd.net/ How many millions of people use this a day? I have no idea. Far less than use Apache, of course, but the number appears to be growing steadily. The netcraft survey for February counted 21699 instances of lighttpd; Zope was counted 41656 times: http://survey.netcraft.com/Reports/200602/ The numbers are those seen by Netcraft during January. -- Martijn Pieters ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope 2.9 and SSL
On Fri February 17 2006 04:32, Martijn Pieters wrote: The netcraft survey for February counted 21699 instances of lighttpd; Zope was counted 41656 times: http://survey.netcraft.com/Reports/200602/ The numbers are those seen by Netcraft during January. Lighttpd is barely three years old. It'll be interesting to see where these numbers are in another year. I noticed that my lighttpd server that proxies to Zope responds as Zope/ZServer, not lighttpd. If I recall, Apache said Apache. There must be many more Zopes than netcraft shows, right? -- Ron ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope 2.9 and SSL
Ron Bickers wrote: Both lighty and Apache use OpenSSL. Good point ;-) I'm using it and haven't seen any battlefield casualties so far. ;-) Apache has its share of (even recent) security issues, including some related to mod_ssl. Honestly, I see that as a good thing! It's a bit like the old macs never get exploited argument, it's not because there aren't exploits there, it's because not enough people use them for someone to stumble across them ;-) Lighty seems to be fitting well for those that need a smaller, simpler server, which is why I mentioned it. I'll leave it as an exercise for the interested to determine if they want to use it. True, and simplicity does often make for more security and so, while I'd stick with Apache for the reasons already mentioned, I retract my comment about lighttpd... Chris -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope 2.9 and SSL
On 2/17/06, Ron Bickers [EMAIL PROTECTED] wrote: I noticed that my lighttpd server that proxies to Zope responds as Zope/ZServer, not lighttpd. If I recall, Apache said Apache. There must be many more Zopes than netcraft shows, right? No, Zope behind Apache with ProxyPass also reports as Zope: $ HEAD www.pareto.nl 200 OK [...] Server: Zope/(Zope 2.8.5-final, python 2.3.5, linux2) ZServer/1.1 Plone/Unknown [...] Still, there are many intranet Zope sites, and Zope sites set up behind Apache and other servers in other ways (FastCGI, or simply not at the root of a site URL) for Netcraft to not count them as Zope setups, true. For example, Boston.com bakes their Zope-managed content to the filesystem and has several tiers of Apache and Squid servers serving their content: $ HEAD www.boston.com 200 OK [...] Server: Apache/2.0.47 (Unix) [...] $HEAD cache.boston.com/bonzai-fba/Globe_Photo/2006/02/17/1140170041_8639-1.jpg 200 OK [...] Via: 1.1 arn.xpc-mii.net (MIIxpc/4.7 UNVERIFIED_CACHE_HIT Fri, 17 Feb 2006 10:16:21 GMT) Via: 1.1 ics_server.xpc-mii.net (ICS 2.2.64.208) [...] Server: Apache/1.3.14 (Unix) [...] -- Martijn Pieters ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope 2.9 and SSL
On Fri February 17 2006 05:19, Martijn Pieters wrote: On 2/17/06, Ron Bickers [EMAIL PROTECTED] wrote: I noticed that my lighttpd server that proxies to Zope responds as Zope/ZServer, not lighttpd. If I recall, Apache said Apache. There must be many more Zopes than netcraft shows, right? No, Zope behind Apache with ProxyPass also reports as Zope: Ok. I thought it was reporting Apache for me before, but I don't recall for sure. Does using mod_rewrite with [P] report the same? -- Ron ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope 2.9 and SSL
Ron Bickers schrieb: On Fri February 17 2006 05:19, Martijn Pieters wrote: ... Ok. I thought it was reporting Apache for me before, but I don't recall for sure. Does using mod_rewrite with [P] report the same? Yes, and its working internally identically :-) Apache as frontend proxy returning apache must be a common urban legend. This pops up from time to time albeit its so easy to check and make sure ;-) Regards Tino ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope 2.9 and SSL
On Fri February 17 2006 14:05, Tino Wildenhain wrote: Apache as frontend proxy returning apache must be a common urban legend. This pops up from time to time albeit its so easy to check and make sure ;-) Except that I don't have Apache installed anymore. :-) I know at one time it did not report Zope, but that may have been way back before I was using mod_proxy. I see that the ozzope.org Plone site reports Apache. So they must not be using mod_proxy, yes? -- Ron ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope 2.9 and SSL
Ron Bickers wrote: On Wed February 15 2006 02:42, Janusz Zamecki wrote: The easiest way is to use Apache, but I have reasons to not go that way. If you don't want big Apache, lighttpd is small and has made a good SSL front-end proxy to Zope for me. http://www.lighttpd.net/ How many millions of people use this a day? SSL is not something you want to use unless the server has been really well battle tested... Chris -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope 2.9 and SSL
zope napisa?(a): Hi, zhttps provides an HTTPS Zserver to Zope-2.9.0. This zope product uses M2Crypto. I think this may give you a hint towards SSL and Zope-2.9.0 http://www.zope.org/Members/lerouxa/zopehttps Try it first with test certificates provided with M2Crypto/demo/zope/{ca.pem,server.pem,dh1024.pem,randpool.dat} Best regards Al Hello, thank you. I've tried to install this software, but it doesn't work. First of all the downloaded package seems to be inclomplete. bunzip complains about garbage at the end of the file. Second, after copying files and patching __init__.py in the ZServer directory, zope doesn't start anymore. It complains about missing HTTPS_Server package. If I borrow this one from m2crypto 0.15, then it complains about missing asyncore, then missing FCNTL. I'm stuck. What else can I do? Best regards, Janusz signature.asc Description: OpenPGP digital signature ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope 2.9 and SSL
On Wed February 15 2006 02:42, Janusz Zamecki wrote: The easiest way is to use Apache, but I have reasons to not go that way. If you don't want big Apache, lighttpd is small and has made a good SSL front-end proxy to Zope for me. http://www.lighttpd.net/ -- Ron ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Zope 2.9 and SSL
Hello, Is anyone tried to access Zope 2.9 via SSL? I've tried m2crypto, but this doesn't work with the newest zope. And I've tried to use stunnel, but I'm stuck with some problems - I cannot find the way to force zope to use https://xxx urls with choosen stunnel port number. The easiest way is to use Apache, but I have reasons to not go that way. Any clues? Best regards, Janusz signature.asc Description: OpenPGP digital signature ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )