[ZWeb] Re: SSL ideas
andrew at zope.com
Thu Jul 8 10:41:26 EDT 2004
Chris Withers wrote:
> Andrew Sawyers wrote:
>> Chris Withers wrote:
>>> Hi Brian.
>>> My ideas are fairly simple:
>>> Wherever you're doing your rewriting, setup a domain:
>>> ...that point to the root of Zope.org's ZODB, and is over SSL.
>>> Then instruct manager to always use that.
>>> Should be simple enough, right?
>> I recommend the use of ssh tunnels from the cache server with a port
>> forward to get into the root of the zope instance for management
> Well, if it works, just tell me what I need to do!
From my FreeBSD server:
ssh -g -L12081:10.0.24.20:8080 andrew at cache1.zope.org
-g says it will forward for other machines, not just localhost (this way
I can use my laptop)
-L says, which port on the machine you're sshing from to redirect to the
machine and port following it -- in this case, my FreeBSD server listens
on port 12081, and forwards that to the server 10.0.24.20 port 8080
Then follows the machine you'll connect to.
Then, to manage zope, just go to http://your.forwarding.machine:12081/manage
>> We currently do not run apache out front of Zope; the rewriting is
>> happening in squid cache peer/redirectors.
> I thought redirectors were easy to bash to make this kind of thing work?
It might be, but why add unnecessary complextiy, management, to
something that works as it's intended and there's just as viable way to
access the ZMI for TTW management of zope.org?
More information about the Zope-web