You are not logged in Log in Join
You are here: Home » Members » regebro » Zope and Apache
Log in
Name

Password

 
Link icon Forgot your password?
Print

Zope and Apache

Created by . Last modified on 2003/08/05.

Running Zope and Apache is not as complicated as you may think. However, it's made worse by all the outdated and incomplete How-To's that are availiable. This is not 100% complete, but close to 99%, and I'm going to keep it updated as well as I can.

Notes and disclaimers

  • This document is not valid if you are using EasyPublisher.
  • If you want instructions on how to install Zope and SSL you can find this here:
    • Zope and Apaches SSL: http://www.zope.org/Members/unfo/apache_zserver_ssl
    • Zope and SSL without apache: http://www.zope.org/Members/Ioan/ZopeSSL
  • I have tried almost everything in this document, but not quite. There may be errors and if you think I'm going to be responsible for anything you are wrong. I'm completely irresponsible. If you find errors or omissions, please tell me. I'll try to keep this updated.

This document is to long for me!

If you think you are smart and know you are lazy, you can just go the examples section, see if there is an example that matches you and copy it. You don't have to read the rest of the document unless you want to know what actually is going on.

When should I run Zope behind Apache?

  • You need both Zope based sites and non-Zope based sites.
  • You are a nervous dude that don't trust that Zopes Zserver can handle when people send you weird and invalid http requests in hacking and denial of service attacks (ZServer is pretty vulnerable to DOS attacks).
  • You want to use Apaches SSL. (There is also ZopeSSL, but Apaches SSL is well-tested and full featured).
  • You want to have a cache of the finished pages to speed up access.
  • Your boss/customer requires you to use Apache and you don't want to argue with him/her.

Please note that since Zope 2.4 you no longer need Apache to run virtual hosting. Instead the so called "Virtual Host Monster" now supports virtual hosting with Zope only. To do this, create a Virtual Host Monster and follow the instructions for defining hostname to folder mappings.

How should I select which way to go?

Apache is a very flexible beast, so it offers you several ways of running Zope behind it. There are basically three ways:

  • RewriteRules
  • ProxyPass
  • PCGI/FastCGI

CGI is a slow and crappy way of doing it, so I will not cover this in this document. If you are absolutely sure that you want to use this outdated, complicated and slow way, instructions for this are found at: http://zope1.devshed.com/zope.devshed.com/Server_Side/Zope/ZopeWithApache/page1.html

Do you need Virtual Host Monster?

You need a Virtual Host Monster if you are going to run several sites on the same Zope server, or if your site is located in a folder that you don't want to be visible in the URL. For example, you have created a CMF site that are accessible from http://localhost:8080/CMF/ and you want this to be accessible without having "CMF" in the URL. In that case the easiest way is to put a Virtual Host Monster in the root and use that to hide the CMF folder from the users.

If you only have one site in your Zope installation and this is located in the Zope root, you don't need a Virtual Host Monster.

Some deeper information on Virtual Host Monsters can be found at http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/VirtualHosting.stx

Please note that "SiteRoots", which also can be used to create virtual roots in Zope are deprecated. Don't use them unless you really know why you need them.

ProxyPass vs. RewriteRules

RewriteRules are more common than ProxyPass, because you can always use RewriteRules, while there are some cases ProxyPass will not work.

ProxyPass is used to configure Apache into a proxy server. The proxy works by translating the URL Apache receives into a different URL. Apache then connects to this URL (which can be both internal or external) gets the data and sends it back to the client. From the clients standpoint the request was handled in full by the Apache server, and the client is not aware that another server was involved.

ProxyPass can not only redirect requests, but it can also cache them. This can speed up the server if you have very process heavy Zope pages. However, it will also remove some of the dynamic properties of Zope, since most requests will not be answered by Zope, but by the Apache cache. It's useful for heavy sites with no personalization and low update rates. This document will not cover how to set up Apache as a caching proxy, instead refer to the Apache documentation for this on http://www.apache.org/

RewriteRules does more complicated translating of the URL's than ProxyPass does. It's therefore harder to set up and understand, but more flexible. RewriteRules can also be configured to use the proxying support of Apache (as is done with Zope) so it has all the features of ProxyPass.

An important difference between ProxyPass and RewriteRules is how Zope gets to know which hostname to use. With ProxyPass the hostname to use is received from the http Host header. With RewriteRules, the hostname is written into the URL. This is important, because in some cases you can't use the virtual hostname in the ProxyPass statement, and then you will have to use RewriteRules.

With Virtual Host Monster: Use RewriteRules

  1. First of all, if you are using a Virtual Host Monster, you will have to configure the virtual hosting both in the virtual host monster and in Apache if you are using ProxyPass. So with virtual host monsters you most likely want to use RewriteRules.
  2. If you are using Virtual Host Monster and your Zope server is running on a port that isn't accessible from the outside, you must use RewriteRules. Using ProxyPass and Virtual Host Monster only works if the Zope server is directly accessible under the correct host name, since the hostname in this case is passed via the http-header. With RewriteRules it is passed in the URL, and the site can therefore be accessed under any host name. It may be possible to use ProxyPass together with the Apache "Header" statement like this:

    Header set Host www.virtualhost.com

    However I haven't tested this, and RewriteRules work just as well, although they look complicated.

Without Virtual Host Monster: Use ProxyPass

In all other cases except the above you can use either RewriteRules or ProxyPass, and you will probably like to use the much simpler ProxyPass settings.

Using ProxyPass To use ProxyPass you need to configure Apache so that mod_proxy is installed. This is can be done by compiling it in statically. You can see what static modules there are by running "httpd -l".

You can also compile the mod_proxy module to a dynamic library and load it with the following httpd.conf commands: 

    AddModule mod_proxy.c  
    LoadModule proxy_module libexec/apache/libproxy.so'

With ProxyPass you tell Apache to translate a path, and then satisfy this translated request as a proxy. A typical statement could be like this: 

    ProxyPass /Products http://remote.hostname.com:8080/dbs/products
    ProxyPassReverse /Products http://remote.hostname.com:8080/dbs/products'

This will mean that when Apache gets the request http://www.hostname.com/Products/Clavia/NM.html it will go to http://remote.hostname.com:8080/dbs/products/Clavia/NM.html and fetch that page content and give this to your browser.

In some cases you need a ProxyPassReverse statement. The syntax is exactly the same, but it watches the returned header, and translates everything backwards, i.e. from http://www.hostname.com/Products to /Products. This is mostly only a problem with redirects, and even then most redirects will probably use the correct URL. Therefore you will only rarely get into any problems without the ProxyPassReverse statement. However, ProxyPassReverse doesn�t break anything, so throw it in just to be safe.

Using RewriteRules

RewriteRules make similar translations as ProxyPass, but is much more flexible. First of all you have pattern matching rules instead of straight replacements as ProxyPass, and you also can opt not to use the proxy functionality (we will though).

To use RewriteRules you need to configure Apache so that both mod_rewrite and mod_proxy is installed. This can be done by compiling them in statically. You can see what static modules there are by running "httpd -l".

You can also compile the mod_proxy and mod_rewrite modules to dynamic libraries and load them with the following httpd.conf commands: 

    AddModule mod_rewrite.c
    AddModule mod_proxy.c
    LoadModule rewrite_module /usr/lib/apache/1.3/mod_rewrite.so
    LoadModule proxy_module /usr/lib/apache/1.3/libproxy.so

You also need a "RewriteEngine on" statement in the configuration file.

The complete reference to using RewriteRules are available from http://httpd.apache.org/docs/mod/mod_rewrite.html . Thankfully you don't have to understand the complete syntax, because with Zope the rules usually conform the same syntax: 

    RewriteRule ^/(.*) http://localhost:8080/VirtualHostBase/http/
      www.virtualdomain.com:80/www_virtualdomain_com/VirtualHostRoot/$1 [L,P]

(Of course this should really all be on one long line, but then it doesn't fit on this page)

As you see the things you need to replace for your instance is the www.virtualdomain.com part, which of course should contain the name of your virtual host, and the www_virtualdomain_com part, which should contain the location of the site on the Zope server. This part will be "hidden" from the user, so that the Zope object called /www_virtualdomain_com/Products/index_html will be accessed by /Products/index_html.

If you think that RewriteRule looks complicated, then you are completely correct. The syntax for all this is rather convoluted. If you want to learn the RewriteRule syntax, then go to http://httpd.apache.org/docs/mod/mod_rewrite.html .

If you want to know more about what the VirtualHostBase and VirtualHostRoot parts do, then read the explanation available in the Virtual Host Monster object.

Apache configuration extras

None of this actually has much to do with Zope, but with general Apache virtual hosting , but I'll take it up here anyway, since it may be of interest to you.

Separate Logs for each virtual host

Zopes will log everything in the same log, regardless of what virtual host was accessed. If you want separate logs for each virtual host you can let Apache create them instead. Add commands like this in each VirtualHost block: 

     ErrorLog /where/you/store/your/weblogs/www.domain.com-error_log
     TransferLog /where/you/store/your/weblogs/www.domain.com-access_log

 Setting REMOTE_ADDR to the client IP

   When using Apache as a proxy in front of Zope the REMOTE_ADDR in Zope is the 
   IP address of the Apache server. This IP-address is also the one stored in 
   the Zope access logs. If you need the real IP address instead, you can use 
   the ProxyVia directive:

   ProxyVia on

   This only works in Apache 1.3.2 and later. For Earlier Apache versions there
   is a patch available from http://www.zope.org/Members/unfo/apache_zserver_ssl

   In most cases you have absolutely no need for this. If you want access logs
   with the correct IP you can instead use Apaches logs (see above).

Examples

Virtual hosting with several sites per Zope server

This is the most common setup. You run Apache and Zope on the same server. Apache on port 80 and Zope on port 8080. The folder http://localhost:8080/www_virtualdomain_com/ should be accessible as http://www.virtualdomain.com/.

  1. Create a Virtual Host Monster in the root folder of Zope (you don't need to configure it).
  2. Set up the VirtualHost block in the Apache httpd.conf on www.virtualdomain.com like this (the line with the RewriteRule and the following line is really one long line): 
           <VirtualHost *>
       ServerName www.virtualdomain.com
       RewriteEngine On
       RewriteRule ^/(.*) http://localhost:8080/VirtualHostBase/http/www.
         virtualdomain.com:80/www_virtualdomain_com/VirtualHostRoot/$1 [L,P] 
       ErrorLog /where/you/store/your/weblogs/www.domain.com-error_log
       TransferLog /where/you/store/your/weblogs/www.domain.com-access_log
       ProxyVia on
       </VirtualHost>

Virtual hosting with one site per Zope server

You are running several virtual hosts in your Apache, and you want one of these to be the Zope server on port 8080. This Zope server only serves one site: 

     <VirtualHost *>
     ServerName www.virtualdomain.com
     ProxyPass / http://localhost:8080/
     ProxyPassReverse / http://localhost:8080/
     ErrorLog /where/you/store/your/weblogs/www.domain.com-error_log
     TransferLog /where/you/store/your/weblogs/www.domain.com-access_log
     ProxyVia on
     </VirtualHost>

Apache as a protective proxy

You are using Apache only to protect your Zope in some way. You are not using Apache to host anything. Both Zope and Apache is installed on the same server. Apache on port 80, Zope on port 8080: 

     ProxyPass / http://localhost:8080/
     ProxyPassReverse / http://localhost:8080/

Using Zope for part of a non-Zope web

You want everything under /Zope on your site to be handled by a Zope-server on port 8080: 

     ProxyPass /Zope http://localhost:8080/
     ProxyPassReverse /Zope http://localhost:8080/

Copyright (c) 2011 Zope Foundation. All rights reserved. Legal | Contact
If you can read this text, it means you are not experiencing the Plone design at its best. Plone makes heavy use of CSS, which means it is accessible to any internet browser, but the design needs a standards-compliant browser to look like we intended it. Just so you know ;)