[ZWeb] Re: SSL ideas

Andrew Sawyers andrew at zope.com
Thu Jul 8 10:41:26 EDT 2004

Chris Withers wrote:

> Andrew Sawyers wrote:
>> Chris Withers wrote:
>>> Hi Brian.
>>> My ideas are fairly simple:
>>> Wherever you're doing your rewriting, setup a domain:
>>> https://secure.zope.org/
>>> ...that point to the root of Zope.org's ZODB, and is over SSL.
>>> Then instruct manager to always use that.
>>> Should be simple enough, right?
>>> Chris
>> I recommend the use of ssh tunnels from the cache server with a port 
>> forward to get into the root of the zope instance for management 
>> tasks......
> Well, if it works, just tell me what I need to do!

 From my FreeBSD server:
ssh -g -L12081: andrew at cache1.zope.org

-g says it will forward for other machines, not just localhost (this way 
I can use my laptop)
-L says, which port on the machine you're sshing from to redirect to the 
machine and port following it -- in this case, my FreeBSD server listens 
on port 12081, and forwards that to the server port 8080
Then follows the machine you'll connect to.

Then, to manage zope, just go to http://your.forwarding.machine:12081/manage

Works perfectly.

>> We currently do not run apache out front of Zope; the rewriting is 
>> happening in squid cache peer/redirectors.
>> Andrew
> I thought redirectors were easy to bash to make this kind of thing work?

It might be, but why add unnecessary complextiy, management, to 
something that works as it's intended and there's just as viable way to 
access the ZMI for TTW management of zope.org?

> Chris

Zope Corporation
Software Engineer
(540) 361-1700

More information about the Zope-web mailing list