Thursday, April 28, 2005, 8:23:27 AM, Reuven M. Lerner wrote: > I've written a Zope application that needs to be behind SSL. I assumed > that the most straightforward way to do this would be to (1) set up Zope > on port 8080 and (2) use Apache to act as a proxy between the outside > world and Zope. Unfortunately, while it was a piece of cake to set up a > proxy for non-SSL access to Zope, I'm rather stumped regarding SSL. > I've done non-SSL proxying for years with mod_rewrite, and it was really > a snap, so I'm surprised that this is so difficult. [snip]
I copy-paste bellow something similar... It's a bit more what you wanted, as it let you access the t1.net with HTTP and HTTPS, and t2.net with HTTP only. 1. In Zope, I have made a VirtualHostMonster. I guess doesn't mater where I do it, but it happens to be in the root of the ZODB. 2. In the Apache2 httpd.conf (the /siteRoot_t1.net is a Plone object that corresponds to http://t1.net/, etc.): ... NameVirtualHost *:80 <VirtualHost *:80> ServerName t1.net ProxyPass / http://localhost:8080/VirtualHostBase/http/t1.net:80/siteRoot_t1.net/VirtualHostRoot/ ProxyPassReverse / http://localhost:8080/VirtualHostBase/http/t1.net:80/siteRoot_t1.net/VirtualHostRoot/ </VirtualHost> <VirtualHost *:80> ServerName t2.net ProxyPass / http://localhost:8080/VirtualHostBase/http/t2.net:80/siteRoot_t2.net/VirtualHostRoot/ ProxyPassReverse / http://localhost:8080/VirtualHostBase/http/t2.net:80/siteRoot_t2.net/VirtualHostRoot/ </VirtualHost> <VirtualHost _default_:443> ServerName t1.net SSLEngine On SSLCertificateFile conf/ssl/t1.cert SSLCertificateKeyFile conf/ssl/t1.key SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 #CustomLog logs/ssl_request_log \ # "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" ProxyPass / http://localhost:8080/VirtualHostBase/https/t1.net:443/siteRoot_t1.net/VirtualHostRoot/ ProxyPassReverse / http://localhost:8080/VirtualHostBase/https/t1.net:443/siteRoot_t1.net/VirtualHostRoot/ </VirtualHost> ... _______________________________________________ Zope maillist - [email protected] http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
