Re: [Zope-dev] Re: [Zope] PCGI?
of course, you should also close port 8080 (or whatever your zope server runs on) from any access from hosts other than 127.0.0.1 Actually, I think you can do this already by *binding* that port only on 127.0.0.1. I believe there's a host parameter that lets you specify the host to bind to. --Guido van Rossum (home page: http://www.python.org/~guido/) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: [Zope] PCGI?
here's an edited repost from an answer I got from this mailing list. it has helped me with zope+apache (+ ssl) and is a good start for the documentation upgrade, (although I personally use the apache proxypass directives) -- original help from Leonardo Rochael Almeida [EMAIL PROTECTED] -- Here is how you'd do it with VirtualHostMonster and apache: 1. add a single one virtual host monster to your Zope root. Give it any id you want. You can be creative, 'cause it won't matter :-) 2. In apache, change your configuration to read like below. To understand why the ProxyPass urls read like that, look at the VirtualHostMonster object or consult the SiteAccess2 documentation here: http://www.zope.org/Members/4am/SiteAccess2/info ### Apache ### # better to use the IP address instead of the name here, # to avoid dns lookups on apache initialization NameVirtualHost www.greatsite.com # better to use the IP address here too, for the same reason VirtualHost www.greatsite.com # here you put the server name instead of the address. # it won't result in a dns lookup. ServerName www.greatsite.com # secure /private RedirectMatch permanent ^/private https://www.greatsite.com/private$1 # the :80 below is NECESSARY. Don't ommit it ProxyPass / http://127.0.0.1:8080/VirtualHostBase/http/www.greatsite.com:80/greatsite/VirtualHostRoot/ /VirtualHost NameVirtualHost www.greatsite.com:443 VirtualHost www.greatsite.com:443 ServerName www.greatsite.com # note the protocol specification after VirtualHostBase. As above, # the port specification is not optional ProxyPass / http://127.0.0.1:8080/VirtuaHostBase/https/www.greatsite.com:443/greatsite/VirtualHostRoot/ SSLEngine on SSLCertificateFile /etc/httpd/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/ssl.key/server.key /VirtualHost EOF I haven't tested the configuration above. I'd use RewriteRules instead of RedirectMatch and ProxyPass, but just because that's what I'm used to doing. Notice that ProxyPassReverse directives aren't needed, because the VirtualHostMonster, when presented with the above URLs, effectively convinces Zope that it's running in the above mentioned ports and protocols. No SiteRoot objects are needed. --- end of original help --- have fun, Sloot. -- Science can amuse and fascinate us all, but it is engineering that changes the world. Isaac Asimov ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: [Zope] PCGI?
RewriteRules, and to a lesser extent, ProxyPass, has almost completely replaced any CGI method with Apache. However, I don't know the status with other servers, primarily IIS, so I think it shouldn't be dropped completely. Good point regarding IIS. I think its possible to make the ASP 404 script best practice with IIS now (thanks to Leonardo http://www.zope.org/Members/hiperlogica/ASP404). As long as we make PCGI available there should be no problem. -- Andy McKay ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] POSKeyErrors
We are running Zope 2.5.1 and ZEO 1. When someone does an Undo it doesn't seem to update all of the ZEO clients consistently. Some ZEO clients reflect the undo, others sometimes show an older version of the database and sometimes we get POSKeyErrors. Any idea what causes this? It's an old version of ZEO, is this a known bug? The traceback is below. Thanks, -Brian File /data/www/Zope.11b/src/Zope-2.5.1-src/lib/python/ZPublisher/Publish.py, line 150, in publish_module File /data/www/Zope.11b/src/Zope-2.5.1-src/lib/python/ZPublisher/Publish.py, line 114, in publish File /data/www/Zope.11b/src/Zope-2.5.1-src/lib/python/Zope/__init__.py, line 159, in zpublisher_exception_hook (Object: cristina.d.farmus.1) File /data/www/Zope.11b/src/Zope-2.5.1-src/lib/python/ZPublisher/Publish.py, line 98, in publish File /data/www/Zope.11b/src/Zope-2.5.1-src/lib/python/ZPublisher/mapply.py, line 88, in mapply (Object: manage_main) File /data/www/Zope.11b/src/Zope-2.5.1-src/lib/python/ZPublisher/Publish.py, line 39, in call_object (Object: manage_main) File /data/www/Zope.11b/src/Zope-2.5.1-src/lib/python/Shared/DC/Scripts/Bindings.py, line 252, in __call__ (Object: manage_main) File /data/www/Zope.11b/src/Zope-2.5.1-src/lib/python/Shared/DC/Scripts/Bindings.py, line 283, in _bindAndExec (Object: manage_main) File /data/www/Zope.11b/src/Zope-2.5.1-src/lib/python/App/special_dtml.py, line 172, in _exec (Object: manage_main) File /data/www/Zope.11b/src/Zope-2.5.1-src/lib/python/DocumentTemplate/DT_In.py, line 637, in renderwob (Object: objectItems) File /data/www/Zope.11b/src/Zope-2.5.1-src/lib/python/DocumentTemplate/DT_In.py, line 763, in sort_sequence (Object: objectItems) File /data/www/Zope.11b/src/Zope-2.5.1-src/lib/python/ZODB/Connection.py, line 447, in setstate File /data/www/Zope.11b/Zope/lib/python/ZEO/ClientStorage.py, line 294, in load (Object: ('192.168.1.52', 11900)) File /data/www/Zope.11b/Zope/lib/python/ZEO/zrpc.py, line 168, in __call__ POSKeyError: 001aeea2 ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] POSKeyErrors
Brian R Brinegar wrote: We are running Zope 2.5.1 and ZEO 1. When someone does an Undo it doesn't seem to update all of the ZEO clients consistently. Some ZEO clients reflect the undo, others sometimes show an older version of the database and sometimes we get POSKeyErrors. Any idea what causes this? It's an old version of ZEO, is this a known bug? The traceback is below. Yes, that's a known bug. Please try the version of ZEO that ships with ZODB3 3.1.1. http://www.zope.org/Products/ZODB3.1 Shane ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: [Zope] PCGI?
Beware, random notes below On Fri, 2003-02-14 at 11:24, Romain Slootmaekers wrote: here's an edited repost from an answer I got from this mailing list. it has helped me with zope+apache (+ ssl) and is a good start for the documentation upgrade, (although I personally use the apache proxypass directives) -- original help from Leonardo Rochael Almeida [EMAIL PROTECTED] -- [...] Wow, I'd forgoten about that one :-) Anyway, nowadays I use RewriteRules with [P] exclusively because they let me do something ProxyPass doesn't: RewriteRule ^(.*)$ http://127.0.0.1:8080/VirtualHostBase/http/%{HTTP_HOST}:%{SERVER_PORT}/some/folder/VirtualHostRoot$1 [P,L] This way you don't have to worry about what hostname the user uses to access their site. You can get cookie problems and multiple logon problems if Zope's idea of the hostname is different from the browser's. In any case, I believe we should still have a proper persistent protocol to connect a frontend webserver to Zope. The current http proxying method, which is used by most everyone now, is fast enough for the majority of uses, but it still incurs in a tcp tearup+teardown for every hit. I believe we should have a proper persitent protocol, either PGCI or FastCGI (but probably not both, to avoid confusion), to connect Zope and front-end webservers and we should also make an effort to keep the connectors from major HTTP servers to those protocols in good shape. Apache+FastCGI+Zope work really nice (sans RESPONSE.write() streamming pages), but I couldn't get IIS+FastCGI to work no matter what I tried (IIS insists in associating the fastcgi connector with an extension, no matter what you do. Yes, you can associate it with all extensions. No, it doesn't work). I have some ideas about how to make a good IIS connector (definition of good: fast, with pretty URLs). It could be developed first with WinHTTP to take advantage of the current design of ASP404, but it would be faster if it didn't have to make and break a connection for every request. I haven't started on it yet because my expertise lies in 'nix development, so I'd prefer if someone with better Win32 devel skills took the job. If anyone is interested, drop me a line. Also, I'm holding on to the next ASP404 release because I need to give it better error handling and logging. All hits thru ASP404 look to IIS like, you guessed it, 404 errors instead of hits, so when you hide Zope behind IIS there's no single reliable access log you can use. If anyone can give me hints on these topics, please drop me a line too. Cheers, Leo -- Ideas don't stay in some minds very long because they don't like solitary confinement. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: [Zope] PCGI?
Leonardo Rochael Almeida wrote: I believe we should have a proper persitent protocol, either PGCI or FastCGI (but probably not both, to avoid confusion), to connect Zope and front-end webservers and we should also make an effort to keep the connectors from major HTTP servers to those protocols in good shape. Apache+FastCGI+Zope work really nice (sans RESPONSE.write() streamming pages), but I couldn't get IIS+FastCGI to work no matter what I tried (IIS insists in associating the fastcgi connector with an extension, no matter what you do. Yes, you can associate it with all extensions. No, it doesn't work). FYI, SCGI is a new(ish) contender. It looks nice and simple, and it's designed for Python. http://www.mems-exchange.org/software/scgi/ Shane ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: [Zope] PCGI?
Leonardo Rochael Almeida wrote: RewriteRule ^(.*)$ http://127.0.0.1:8080/VirtualHostBase/http/%{HTTP_HOST}:%{SERVER_PORT}/some/folder/VirtualHostRoot$1 [P,L] This way you don't have to worry about what hostname the user uses to access their site. Ugh. The host header should be considered tainted data, and you just slapped it into a proxy request blindly. This probably isn't a good idea. Apache is only going to hold your hand so much here when it comes to protecting against various attempts at coercion. Go read src/main/http_vhost.c from the apache 1.3 source, jump down to around line 690. Apache's sanity checking is done in the context of the filesystem, not Zope URI space. There are things its going to let through which could lead to undesired behavior--underscores, question marks--use your imagination. (btw, your pattern is goofy, you don't need the ^ or $, (.*) is greedy enough by itself) -- Jamie Heilman http://audible.transient.net/~jamie/ I was in love once -- a Sinclair ZX-81. People said, No, Holly, she's not for you. She was cheap, she was stupid and she wouldn't load -- well, not for me, anyway. -Holly ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )