Thanks for the quick response! My web2py installation resides at C: \aproj\web2py, therefore according to your examples and the Apache documentation on the DocumentRoot directive, I tried setting DocumentRoot to "C:/aproj/web2py/applications" for both the SSL & Non- SSL VirutalHosts. I made sure that all Apache directives were identical for both VirtualHosts other than enabling SSL for the 443 vhost and keeping different ServerNames. However, Web2py would still issue a ticket when switching between the vhosts (by changing only http to https when requesting any URL). I suspect whatever mod_wsgi and web2py do to communicate with one another must be setting something in the session related to either the protocol, port number or both. It's almost like web2py is not creating a new session when the protocol changes and just reusing the prior session. Perhaps that is intentional?
I'd like to understand more about it and possibly learn better deployment recipes for Windows, Intranet-based environments, however, I've already spent a few days trying to resolve this issue and due to the nature of the applications we'll be running under web2py (and since our installation is accessible only via our Intranet), I decided to just bypass the SSL requirement for the admin app per this post: http://groups.google.com/group/web2py/browse_thread/thread/3ff40cf65705940a?fwc=1 Thanks again for the input though! On Dec 2, 10:40 pm, mdipierro <mdipie...@cs.depaul.edu> wrote: > The problem seems to be in serializing the sessions and I suspect the > two virtual hosts confuse mod_wsgi about the web2py location. > Perhaps this is because they have different DocumentRoot and none of > them is what it should be. Try use the examples listed here: > > http://web2py.com/book/default/chapter/11#mod_wsgihttp://web2py.com/book/default/chapter/11#mod_wsgi-and-SSL > > On Dec 2, 4:38 pm, azarkowsky <azarkow...@gmail.com> wrote: > > > > > > > > > Hi, > > > I'm running Web2py version 1.89.1 and attempting to set up a > > production enviornment (Windows Server 2008) on our Intranet running > > behind Apache with mod_wsgi & mod_auth_sspi (for grabbing the current > > Windows username). Since this is an Intranet application only, I'd > > like to have access to both the admin site & my web2py application. > > > My goal is to be able to have 2 entry points: > > App 1) http://<server>/<appname> - For normal users to access the > > web2py app we built > > App 2) https://<server>/admin (SSL) - For developers to access the > > web2py admin interface at https://<server>/admin/default/site > > > With my current apache confirguation, when I first start apache I can > > access https://<server>/admin just fine, however if I then switch to > > http://<server>/<appname>, web2py issues the following ticket: > > > Traceback (most recent call last): > > File "C:\aproj\web2py\gluon\main.py", line 453, in wsgibase > > session._try_store_on_disk(request, response) > > File "C:\aproj\web2py\gluon\globals.py", line 382, in > > _try_store_on_disk > > cPickle.dump(dict(self), response.session_file) > > File "C:/python\lib\copy_reg.py", line 74, in _reduce_ex > > getstate = self.__getstate__ > > File "C:\aproj\web2py\gluon\sql.py", line 740, in __getattr__ > > return dict.__getitem__(self,key) > > KeyError: '__getstate__' > > > At this point I can revisit https://<server>/admin and it comes up > > fine just as it did before. If I restart Apache and revese the order > > (access non-SSL first), our custom app comes up just fine, but then > > the admin app will exhibit the same behavior and issue a ticket. > > Basically, once I start Apache I seem to have to stay on either SSL or > > Non-SSL, but can't switch between both -- the second app to be > > accessed with always issue a ticket. Is it possible to use Apache > > VirtualHosts to access both the admin site and non-admin site using > > mod_wsgi or would I also need something like mod_rewrite or to handle > > this via routes.py? I'd like to avoid installing Web2py as a Windows > > service just for the ability to access the admin site if possible. > > > Here are the relevant portions of my httpd.conf: > > WSGIPythonHome "C:/python" > > > NameVirtualHost *:80 > > <VirtualHost *:80> > > DocumentRoot "C:/aproj/web2py/applications" > > ServerName server1 > > > <Directory "C:/aproj/web2py"> > > Order allow,deny > > Deny from all > > </Directory> > > > <Location "/"> > > Order allow,deny > > Allow from all > > > AuthName "Stadion Lunch Application" > > AuthType SSPI > > SSPIAuth On > > SSPIAuthoritative On > > SSPIDomain hq.ft > > SSPIOmitDomain On > > SSPIOfferBasic Off > > SSPIBasicPreferred Off > > SSPIUsernameCase lower > > SSPIPerRequestAuth On > > > Require group "HQ\IT" > > #require valid-user > > > </Location> > > > <LocationMatch "^(/[\w_]*/static/.*)"> > > Order Allow,Deny > > Allow from all > > </LocationMatch> > > > WSGIScriptAlias / "C:/aproj/web2py/wsgihandler.py" > > </VirtualHost> > > > NameVirtualHost *:443 > > <VirtualHost *:443> > > DocumentRoot "C:/aproj/web2py/applications/admin" > > ServerName server1admin > > > <Directory "C:/aproj/web2py"> > > Order allow,deny > > Deny from all > > </Directory> > > > <Location "/"> > > Order allow,deny > > Allow from all > > > AuthName "Stadion Lunch Application" > > AuthType SSPI > > SSPIAuth On > > SSPIAuthoritative On > > SSPIDomain hq.ft > > SSPIOfferBasic Off > > SSPIOmitDomain On > > SSPIBasicPreferred Off > > SSPIUsernameCase lower > > SSPIPerRequestAuth On > > > Require group "HQ\IT" > > #require valid-user > > > </Location> > > > WSGIScriptAlias / "C:/aproj/web2py/wsgihandler.py" > > > SSLEngine On > > SSLCertificateFile conf/server.crt > > SSLCertificateKeyFile conf/server.key > > </VirtualHost> > > > Any help would greatly be appreciated! > > > Thanks, > > Adam
