Re: [Zope] Zope 2.9 and SSL

2006-02-20 Thread Chris Withers

Ron Bickers wrote:
Except that I don't have Apache installed anymore. :-)  I know at one time it 
did not report Zope, but that may have been way back before I was using 
mod_proxy.


I see that the ozzope.org Plone site reports Apache.  So they must not be 
using mod_proxy, yes?


Porbably both using (Fast/P)CGI... yurch!

Chris

--
Simplistix - Content Management, Zope  Python Consulting
   - http://www.simplistix.co.uk

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] Zope 2.9 and SSL

2006-02-17 Thread Martijn Pieters
On 2/16/06, Ron Bickers [EMAIL PROTECTED] wrote:
 On Thu February 16 2006 03:31, you wrote:

   http://www.lighttpd.net/
 
  How many millions of people use this a day?

 I have no idea.  Far less than use Apache, of course, but the number appears
 to be growing steadily.

The netcraft survey for February counted 21699 instances of lighttpd;
Zope was counted 41656 times:

  http://survey.netcraft.com/Reports/200602/

The numbers are those seen by Netcraft during January.

--
Martijn Pieters
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] Zope 2.9 and SSL

2006-02-17 Thread Ron Bickers
On Fri February 17 2006 04:32, Martijn Pieters wrote:

 The netcraft survey for February counted 21699 instances of lighttpd;
 Zope was counted 41656 times:

   http://survey.netcraft.com/Reports/200602/

 The numbers are those seen by Netcraft during January.

Lighttpd is barely three years old.  It'll be interesting to see where these 
numbers are in another year.

I noticed that my lighttpd server that proxies to Zope responds as 
Zope/ZServer, not lighttpd.  If I recall, Apache said Apache.  There must be 
many more Zopes than netcraft shows, right?

-- 
Ron
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] Zope 2.9 and SSL

2006-02-17 Thread Chris Withers

Ron Bickers wrote:

Both lighty and Apache use OpenSSL.


Good point ;-)

I'm using it and haven't seen any 
battlefield casualties so far. ;-)  Apache has its share of (even recent) 
security issues, including some related to mod_ssl. 


Honestly, I see that as a good thing! It's a bit like the old macs 
never get exploited argument, it's not because there aren't exploits 
there, it's because not enough people use them for someone to stumble 
across them ;-)


Lighty seems to be 
fitting well for those that need a smaller, simpler server, which is why I 
mentioned it.  I'll leave it as an exercise for the interested to determine 
if they want to use it.


True, and simplicity does often make for more security and so, while I'd 
stick with Apache for the reasons already mentioned, I retract my 
comment about lighttpd...


Chris

--
Simplistix - Content Management, Zope  Python Consulting
   - http://www.simplistix.co.uk

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] Zope 2.9 and SSL

2006-02-17 Thread Martijn Pieters
On 2/17/06, Ron Bickers [EMAIL PROTECTED] wrote:
 I noticed that my lighttpd server that proxies to Zope responds as
 Zope/ZServer, not lighttpd.  If I recall, Apache said Apache.  There must be
 many more Zopes than netcraft shows, right?

No, Zope behind Apache with ProxyPass also reports as Zope:

  $ HEAD www.pareto.nl
  200 OK
  [...]
  Server: Zope/(Zope 2.8.5-final, python 2.3.5, linux2) ZServer/1.1
Plone/Unknown
  [...]

Still, there are many intranet Zope sites, and Zope sites set up
behind Apache and other servers in other ways (FastCGI, or simply not
at the root of a site URL) for Netcraft to not count them as Zope
setups, true.

For example, Boston.com bakes their Zope-managed content to the
filesystem and has several tiers of Apache and Squid servers serving
their content:

  $ HEAD www.boston.com
  200 OK
  [...]
  Server: Apache/2.0.47 (Unix)
  [...]

  $HEAD cache.boston.com/bonzai-fba/Globe_Photo/2006/02/17/1140170041_8639-1.jpg
  200 OK
  [...]
  Via: 1.1 arn.xpc-mii.net (MIIxpc/4.7 UNVERIFIED_CACHE_HIT Fri, 17
Feb 2006 10:16:21 GMT)
  Via: 1.1 ics_server.xpc-mii.net (ICS 2.2.64.208)
  [...]
  Server: Apache/1.3.14 (Unix)
  [...]

--
Martijn Pieters
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] Zope 2.9 and SSL

2006-02-17 Thread Ron Bickers
On Fri February 17 2006 05:19, Martijn Pieters wrote:

 On 2/17/06, Ron Bickers [EMAIL PROTECTED] wrote:
  I noticed that my lighttpd server that proxies to Zope responds as
  Zope/ZServer, not lighttpd.  If I recall, Apache said Apache.  There
  must be many more Zopes than netcraft shows, right?

 No, Zope behind Apache with ProxyPass also reports as Zope:

Ok.  I thought it was reporting Apache for me before, but I don't recall for 
sure.  Does using mod_rewrite with [P] report the same?

-- 
Ron
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] Zope 2.9 and SSL

2006-02-17 Thread Tino Wildenhain
Ron Bickers schrieb:
 On Fri February 17 2006 05:19, Martijn Pieters wrote:
...
 Ok.  I thought it was reporting Apache for me before, but I don't recall for 
 sure.  Does using mod_rewrite with [P] report the same?
 
Yes, and its working internally identically :-)

Apache as frontend proxy returning apache must be a common
urban legend. This pops up from time to time albeit
its so easy to check and make sure ;-)

Regards
Tino
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] Zope 2.9 and SSL

2006-02-17 Thread Ron Bickers
On Fri February 17 2006 14:05, Tino Wildenhain wrote:

 Apache as frontend proxy returning apache must be a common
 urban legend. This pops up from time to time albeit
 its so easy to check and make sure ;-)

Except that I don't have Apache installed anymore. :-)  I know at one time it 
did not report Zope, but that may have been way back before I was using 
mod_proxy.

I see that the ozzope.org Plone site reports Apache.  So they must not be 
using mod_proxy, yes?

-- 
Ron
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] Zope 2.9 and SSL

2006-02-16 Thread Chris Withers

Ron Bickers wrote:

On Wed February 15 2006 02:42, Janusz Zamecki wrote:


The easiest way is to use Apache, but I have reasons to not go that way.


If you don't want big Apache, lighttpd is small and has made a good SSL 
front-end proxy to Zope for me.


http://www.lighttpd.net/


How many millions of people use this a day?

SSL is not something you want to use unless the server has been really 
well battle tested...


Chris

--
Simplistix - Content Management, Zope  Python Consulting
   - http://www.simplistix.co.uk

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] Zope 2.9 and SSL

2006-02-16 Thread Janusz Zamecki
zope napisa?(a):
 Hi,
 
 zhttps provides an HTTPS Zserver to Zope-2.9.0. This zope product uses
 M2Crypto. I think this may give you a hint towards SSL and Zope-2.9.0
 
 http://www.zope.org/Members/lerouxa/zopehttps
 
 Try it first with test certificates provided with
 M2Crypto/demo/zope/{ca.pem,server.pem,dh1024.pem,randpool.dat}
 
 
 Best regards
 
 Al
 

Hello, thank you. I've tried to install this software, but it doesn't
work. First of all the downloaded package seems to be inclomplete.
bunzip complains about garbage at the end of the file. Second, after
copying files and patching __init__.py in the ZServer directory, zope
doesn't start anymore. It complains about missing HTTPS_Server package.
If I borrow this one from m2crypto 0.15, then it complains about missing
asyncore, then missing FCNTL. I'm stuck. What else can I do?

Best regards, Janusz



signature.asc
Description: OpenPGP digital signature
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] Zope 2.9 and SSL

2006-02-15 Thread Ron Bickers
On Wed February 15 2006 02:42, Janusz Zamecki wrote:

 The easiest way is to use Apache, but I have reasons to not go that way.

If you don't want big Apache, lighttpd is small and has made a good SSL 
front-end proxy to Zope for me.

http://www.lighttpd.net/

-- 
Ron
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


[Zope] Zope 2.9 and SSL

2006-02-14 Thread Janusz Zamecki
Hello,

Is anyone tried to access Zope 2.9 via SSL? I've tried m2crypto, but
this doesn't work with the newest zope. And I've tried to use stunnel,
but I'm stuck with some problems - I cannot find the way to force zope
to use https://xxx urls with choosen stunnel port number.

The easiest way is to use Apache, but I have reasons to not go that way.

Any clues?

Best regards,
Janusz



signature.asc
Description: OpenPGP digital signature
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )