Zakir, The problem I had with proxying through Apache was that since Apache was accessing Zope via http://localhost:8080 (or http://myserver:8080), some URLs in Zenoss (namely some of the form actions on the login page and when scrolling through interfaces or routes on a device's OS tab) were generated using the address Apache had accessed them from, rather than how I was accessing them. That's what made it apparent to me that proxying and URL re-writing wouldn't work.... at least that's the behaviour 0.23 and 1.0.0 seemed to exhibit. I haven't tried 1.0.1 or 1.0.2 yet. Most other things worked though, I didn't have the problems you described.
Here are the part of my notes on installing m2crypto & ZServerSSL. Everything's working pertty well with that config. Bear in mind it's a work in progress and is mainly me pasting stuff that worked from my terminal to a text file. Later I'm going to clean it up, format it nicely in HTML, and post it somewhere. But for now, this is it :). Also, m2crypto seems to get kind of pissed off when Zope starts if your Swig libraries aren't new enough. Wes ============================================================== INSTALLING M2CRYPTO TO ENABLE ZSERVERSSL IN ZOPE - Install prerequisites - Get the m2crypto package - Compile it - Install into Zope ; The INSTALL file says it requires Python 2.3+, OpenSSL 0.9.7+, and SWIG 1.3.24+ [EMAIL PROTECTED] ~]$ rpm -q python openssl swig python-2.3.4-14.3 openssl-0.9.7a-43.14 swig-1.3.21-6 ; Fedora 4 has swig-1.3.24-2 [EMAIL PROTECTED] ~]$ wget ftp://rpmfind.net/linux/fedora/core/4/i386/os/Fedora/RPMS/swig-1.3.24-2.i386.rpm [EMAIL PROTECTED] ~]$ sudo rpm -Uvh swig-1.3.24-2.i386.rpm [EMAIL PROTECTED] ~]$ rpm -q swig swig-1.3.24-2 ; Get the software [EMAIL PROTECTED] ~]$ wget http://wiki.osafoundation.org/pub/Projects/MeTooCrypto/m2crypto-0.16.tar.gz [EMAIL PROTECTED] ~]$ tar zxvf m2crypto-0.16.tar.gz [EMAIL PROTECTED] ~]$ cd m2crypto-0.16 ; hmm... [EMAIL PROTECTED] m2crypto-0.16]$ python setup.py build /usr/lib/python2.3/distutils/extension.py:128: UserWarning: Unknown Extension options: 'swig_opts' warnings.warn(msg) ; commented out "swig_opts = [swig_opts_str]" line, it's a Python 2.4 only thing [EMAIL PROTECTED] m2crypto-0.16]$ vi setup.py [EMAIL PROTECTED] m2crypto-0.16]$ python setup.py clean [EMAIL PROTECTED] m2crypto-0.16]$ python setup.py build [EMAIL PROTECTED] m2crypto-0.16]$ sudo cp -R build/lib.linux-i686-2.3/M2Crypto/ $ZENHOME/lib/python/ [EMAIL PROTECTED] m2crypto-0.16]$ sudo chown -R zenoss:zenoss $ZENHOME/lib/python/M2Crypto/ [EMAIL PROTECTED] m2crypto-0.16]$ cd demo/Zope27/install_dir/lib/python/ZServer [EMAIL PROTECTED] ZServer]$ sudo cp HTTPS_Server.py $ZENHOME/lib/python/ZServer/ [EMAIL PROTECTED] ZServer]$ sudo cp medusa/https_server.py $ZENHOME/lib/python/ZServer/medusa/ [EMAIL PROTECTED] ZServer]$ sudo cp *patch $ZENHOME/lib/python/ZServer/ [EMAIL PROTECTED] ZServer]$ cd $ZENHOME/lib/python [EMAIL PROTECTED] ZServer]$ cd ../../../../instance_home/ssl/ [EMAIL PROTECTED] ssl]$ sudo mkdir $ZENHOME/ssl [EMAIL PROTECTED] ssl]$ sudo cp *pem $ZENHOME/ssl [EMAIL PROTECTED] ssl]$ cd ../etc [EMAIL PROTECTED] etc]$ sudo cp zope.conf.patch $ZENHOME/etc [EMAIL PROTECTED] instance_home]$ cd $ZENHOME [EMAIL PROTECTED] zenoss]$ sudo chown -R zenoss:zenoss lib etc ssl [EMAIL PROTECTED] zenoss]$ cd etc [EMAIL PROTECTED] etc]$ sudo cp zope.conf zope.conf.bak ; patch doesn't like zope.conf.patch so I'm going to add the <https-server> section manually ; added the following under </http-server>: <https-server> # valid keys are "address", "force-connection-close" address 8443 # force-connection-close on x509-remote-user off </https-server> [EMAIL PROTECTED] etc]$ cd ../lib/python/ZServer [EMAIL PROTECTED] etc]$ sudo cp component.xml component.xml.bak [EMAIL PROTECTED] etc]$ sudo cp datatypes.py datatypes.py.bak [EMAIL PROTECTED] etc]$ sudo cp __init__.py __init__.py.bak [EMAIL PROTECTED] ZServer]$ sudo patch component.xml component.xml.patch [EMAIL PROTECTED] ZServer]$ sudo patch datatypes.py datatypes.py.patch [EMAIL PROTECTED] ZServer]$ sudo patch __init__.py __init__.py.patch [EMAIL PROTECTED] ZServer]$ sudo chown zenoss:zenoss * [EMAIL PROTECTED] ZServer]$ sudo zopectl stop . daemon process stopped [EMAIL PROTECTED] ZServer]$ sudo zopectl start . daemon process started, pid=22351 ; I need *real* SSL certs, but oh well. ============================================================== CONFIGURE APACHE TO REDIRECT ALL URLS TO HTTPS ON 8443 - Bounce all traffic to https on 8443 (save for phpMyAdmin on 443) [EMAIL PROTECTED] ~]$ cd /etc/httpd/conf.d [EMAIL PROTECTED] conf.d]$ sudo vi https-all.conf [EMAIL PROTECTED] conf.d]$ more https-all.conf RewriteEngine on # Rewrite all URLs for HTTPS RewriteRule ^/(phpMyAdmin) https://%{SERVER_NAME}/phpMyAdmin [R] RewriteCond %{REQUEST_URI} !^/(phpMyAdmin) RewriteRule ^(.*) https://%{SERVER_NAME}:8443/$1 [EMAIL PROTECTED] conf.d]$ sudo vi ssl.conf [EMAIL PROTECTED] conf.d]$ tail -6 ssl.conf RewriteEngine on RewriteCond %{REQUEST_URI} !^/(phpMyAdmin) RewriteRule ^(.*) https://%{SERVER_NAME}:8443/$1 [R] </VirtualHost> [EMAIL PROTECTED] conf.d]$ sudo service httpd restart ; I still need *real* SSL certs, but oh well. ============================================================== Durumeric, Zakir B wrote:
Looking at the problem, I think that it may have to do with a Zenoss issue and not an apache configuration issue. Wes, it would be great if we could get your howto. Wowever, if possible we would like to do this without altering zope and just proxying through apache. Our apache works on everything except the content on the dashboard and login... When we proxy, we get the dashboard page, but none of the devices show up and 0000-00-00 00:00:00 show up as the last updated date/time. It appears that the dashboard doesn't load any content unless being access directly on port 8080. Do any of the developers have any ideas why this would be occuring? Thanks, Zakir
_______________________________________________ zenoss-users mailing list [email protected] http://lists.zenoss.org/mailman/listinfo/zenoss-users
