[Zope-dev] Virtual Hosting in 2.2 - a Bestiary of Buglets

Itamar Shtull-Trauring itamar@maxnm.com
Tue, 05 Sep 2000 11:38:38 +0200 

I setup virtual hosting on Zope 2.2.1 with SiteAccess 2.  I used Apache with
ProxyPass (Apache acting as a reverse HTTP proxy in front of ZServer)
instead of FastCGI, since this is much faster (with caching headers apache
is about 10 times as fast as ZServer).

The setup is as follow - each site has a folder in /websites, so
www.example.com is mapped to /websites/example in Zope.  In
/websites/example I have an Access Rule that tells Zope that the base url is
http://www.example.com.


 Problem 1: HTTP and HTTPS (more of a proxypass issue)
=======================================================
I want to be able to serve both http and https versions of a site from
Apache.  Problem is, because of the way proxying works, there is no way for
Zope to know if it is origially being accessed via http or https.  My
solution? Add a folder in top level of Zope called "ssl".  If we see our
path as proxied by Apache is /ssl/websites/example, we know we are being
accessed via SSL.  Because of the magic of acquisition, this works, but it's
still an ugly hack, and slows things down.  Here's the SiteAccess rule I
used:

if REQUEST['PATH_INFO'][:5] == '/ssl/':
    REQUEST.setVirtualRoot('/')
    REQUEST.setServerURL(protocol='https', hostname='www.example.com',
port='443')
else:
    REQUEST.setVirtualRoot('/')
    REQUEST.setServerURL(hostname='www.example.com', port='80')


 Problem 2: ZCatalog
=====================
All the objects in /websites/example are being catalogged with paths such as
/websites/example/folder/myObject.  However, when I gets the objects path
using getpath(), it's not adjusted based on the virtual hosting settings -
it's still /websites/example/folder/myObject, not /folder/myObject as it
should be.


 Problem 3: Management interface
=================================
The breadcrumbs in the folder management screen (e.g. "/ folder1 /
folder2"), still show the "/ websites / example", with links, when using the
virtual hosting.  That is, the managemnt interface shows folders that we are
not supposed to be able to access when we are using virtual hosting.


 Problem 4: Access to other virtual hosts (security issue?)
============================================================
When using virtual hosting, it is still possible to access the /websites
folder for example, using acquistion.  So I can view the contents of one
website from the other: www.example.com/websites/example2, and
www.example2.com/websites/example.


-- 
Itamar S.T.  itamar@maxnm.com
Fingerprint = D365 7BE8 B81E 2B18 6534  025E D0E7 92DB E441 411C