[Zope] httpd.conf help

mindlace mindlace@imeme.net
Wed, 22 Mar 2000 20:36:55 +0000


Erick Mechler wrote:
>   - user starts at www.mydomain.edu (http)
>   - user goes to www.mydomain.edu/internal which is secure (https) and
>     requires a password for entry
>   - all pages under www.mydomain.edu/internal are secure (https)
> 
> I'm having trouble getting this to work with out Zope-ified site, however.
> What I would like is to have Apache handle all password authentication, and
> I would like it to happen over ssl.  Is this possible at all?
> 
> Any help would be appreciated.

Sure.  I'm using mod_ssl and apache 1.3.12:
My conf is like this:

<VirtualHost 216.17.170.666:80>
   ProxyPass / http://imeme.net:6666/
   ProxyPassReverse / http://imeme.net:6666/
</VirtualHost>
<VirtualHost 216.17.170.666:443>
   ProxyPass / http://imeme.net:6666/
   ProxyPassReverse / http://imeme.net:6666/
   ServerName imeme.net
   ServerAdmin mindlace@imeme.net
   ErrorLog /path/to/apache/logs/error_log
   TransferLog /path/to/apache/logs/access_log
   SSLEngine on
   SSLCertificateFile /path/to/apache/conf/ssl.crt/server.crt
   SSLCertificateKeyFile /path/to/apache/conf/ssl.key/server.key
</VirtualHost>

I have zope actually running standalone on port 6666.  Then I use
SiteAccess.
The access rule should look like this for you:

look for internal, then munge the result to be 0 if not found:
<dtml-if "1+(_.string.find(PATH_INFO, 'internal'))">
  <dtml-call "REQUEST.set('SiteRootBASE','https://www.mydomain.edu')">
<dtml-else>
  <dtml-call "REQUEST.set('SiteRootBASE','http://www.mydomain.edu')">
</dtml-if>

then you want to put a SiteRoot object in your root folder, leaving
everything as per default.

As long as your first links to /internal are written as https:// the
austhentification should be over ssl. The access rule makes sure any
dynamically generated URLs under /internal are written as https://

~ethan fremen
-- 
http://mindlace.net __________________ mindlace@imeme.net
I don't want The Truth but I wouldn't mind a Big Analogy.