httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Faheem Mitha <fah...@email.unc.edu>
Subject [users@httpd] problem using Apache with Zope
Date Sat, 12 Nov 2005 06:18:37 GMT

Dear People,

I'm having some problems with using Apache as a proxy with Zope/Plone.

I'm trying to get urls of the form

http://machine_name/test_plone

and

https://machine_name/test_plone

to redirect to my test Plone site at

machine_name:9673/test_plone

via SSL.

However, I have not been successful.

I suspect this is an Apache misconfiguration, which is puzzling, since I 
have acess to a machine doing very similar things, also running Debian 
sarge, which is working.

I'll list misc. bits of info below, in the hope that this will help to 
narrow the problem. I'll also list the ssl config portion of my apache 
file at the bottom of this message for good measure.

This uses this thing called the Virtual Host Monster in Zope/Plone, which 
does some stuff enabling Virtual Hosts.

The core of the matter is the RewriteRule as follows.

RewriteRule ^/test_plone(.*) \
http://127.0.0.1:9673/VirtualHostBase/https/%{HTTP_HOST}:443/test_plone/VirtualHostRoot/_vh_test_\plone$1

1) Firstly, SSL is working, certificates are offered and accepted, yada 
yada.

2) I can acess the page at

http://127.0.0.1:9673/VirtualHostBase/https/%{HTTP_HOST}:443/test_plone/VirtualHostRoot/_vh_test_\plone$1

[L,P]

fine, where I have to replace 127.0.0.1 with the IP address of the machine in 
question. This means the Virtual Host Monster is working correctly, I 
presume.

3) The rewriting is actually happening, because the rewriting log shows

**********************************************************************
client_ip_address - - [11/Nov/2005:18:51:56 --0500] 
[server_ip_address/sid#81565f0][rid#81ce540/initial] (2) init rewrite engine 
with requested uri /test_plone/colophon_xhtml.png
client_ip_address - - [11/Nov/2005:18:51:56 --0500] 
[server_ip_address/sid#81565f0][rid#81ce540/initial] (3) applying pattern 
'^/test_plone(.*)' to uri '/test_plone/colophon_xhtml.png'
client_ip_address - - [11/Nov/2005:18:51:56 --0500] 
[server_ip_address/sid#81565f0][rid#81ce540/initial] (2) rewrite 
/test_plone/colophon_xhtml.png -> 
http://127.0.0.1:9673/VirtualHostBase/https/server_ip_address:443/test_plone/VirtualHostRoot/_vh_test_plone/colophon_xhtml.png
client_ip_address - - [11/Nov/2005:18:51:56 --0500] 
[server_ip_address/sid#81565f0][rid#81ce540/initial] (2) forcing 
proxy-throughput with 
http://127.0.0.1:9673/VirtualHostBase/https/server_ip_address:443/test_plone/VirtualHostRoot/_vh_test_plone/colophon_xhtml.png
client_ip_address - - [11/Nov/2005:18:51:56 --0500] 
[server_ip_address/sid#81565f0][rid#81ce540/initial] (1) go-ahead with proxy 
request 
proxy:http://127.0.0.1:9673/VirtualHostBase/https/server_ip_address:443/test_plone/VirtualHostRoot/_vh_test_plone/colophon_xhtml.png

[OK]
***********************************************************************

This all looks pretty normal.

4) The error log is cryptic. Setting LogLevel to debug does not seem to 
give any more usable information.

The main error is

[Fri Nov 11 18:51:56 2005] [error] [client client_ip_address] client denied by 
server configuration:
proxy:http://127.0.0.1:9673/VirtualHostBase/https/server_ip_address:443/test_plone/VirtualHostRoot/_vh_test_plone/colophon_anybrowser.png,
referer: 
http://server_ip_address:9673/VirtualHostBase/https/server_ip_address:443/test_plone/VirtualHostRoot/_vh_test_plone

5) Here are the mods I have enabled.

/etc/apache2/mods-enabled# ls -la

drwxr-xr-x   3 root root 4096 2005-11-11 17:21 .
drwxr-xr-x  10 root root 4096 2005-11-11 15:45 ..
lrwxrwxrwx   1 root root   37 2005-11-10 16:52 cgid.conf -> 
/etc/apache2/mods-available/cgid.conf
lrwxrwxrwx   1 root root   37 2005-11-10 16:52 cgid.load -> 
/etc/apache2/mods-available/cgid.load
lrwxrwxrwx   1 root root   28 2005-11-11 17:21 proxy.conf -> 
../mods-available/proxy.conf
lrwxrwxrwx   1 root root   28 2005-11-11 17:21 proxy.load -> 
../mods-available/proxy.load
lrwxrwxrwx   1 root root   30 2005-11-11 17:19 rewrite.load -> 
../mods-available/rewrite.load
lrwxrwxrwx   1 root root   26 2005-11-10 21:21 ssl.conf -> 
../mods-available/ssl.conf
lrwxrwxrwx   1 root root   26 2005-11-10 21:21 ssl.load -> 
../mods-available/ssl.load
lrwxrwxrwx   1 root root   40 2005-11-10 16:52 userdir.conf -> 
/etc/apache2/mods-available/userdir.conf
lrwxrwxrwx   1 root root   40 2005-11-10 16:52 userdir.load -> 
/etc/apache2/mods-available/userdir.load

These are included via the main config file.

6) I was wondering if there might be something wrong with the Proxy thing. I've 
kept proxy.conf at the Debian defaults. Included below.

In particular ProxyRequest are off, but another Debian machine I have access to 
works fine with that setting.

Thanks in advance for your help.

                                                                Faheem.
**********************************************************************
ssl.conf
**********************************************************************
NameVirtualHost *:443
<VirtualHost *:443>
         ServerAdmin [...]

         DocumentRoot /var/www/html-ssl
 	<Directory />
                 Options FollowSymLinks
                 AllowOverride None
         </Directory>
         <Directory /var/www/html-ssl>
                 Options Indexes FollowSymLinks MultiViews
 		AllowOverride None
                 Order allow,deny
 		allow from all
 		# This directive allows us to have apache2's default start page
 		# in /apache2-default/, but still have / go to the right place
#               RedirectMatch ^/$ /apache2-default/
 	</Directory>

 	ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
 	<Directory "/usr/lib/cgi-bin">
 		AllowOverride None
 		Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
 		Order allow,deny
 		Allow from all
 	</Directory>

 	ErrorLog /var/log/apache2/error.log

 	# Possible values include: debug, info, notice, warn, error, crit,
 	# alert, emerg.
 	LogLevel debug

 	SSLEngine On
 	SSLCertificateFile /etc/apache2/ssl/ssl.crt
 	SSLCertificateKeyFile /etc/apache2/ssl/ssl.key

 	CustomLog /var/log/apache2/access.log combined
 	ServerSignature On

 	Alias /doc/ "/usr/share/doc/"
     <Directory "/usr/share/doc/">
 	Options Indexes MultiViews FollowSymLinks
 	AllowOverride None
 	Order deny,allow
 	Deny from all
 	Allow from 127.0.0.0/255.0.0.0 ::1/128
 	</Directory>

     RewriteEngine On
 	RewriteLog /var/log/apache2/rewrite.log
     RewriteLogLevel 3
 	RewriteRule ^/test_plone(.*) \
http://127.0.0.1:9673/VirtualHostBase/https/%{HTTP_HOST}:443/test_plone/VirtualHostRoot/_vh_test_\plone$1

[L,P]

</VirtualHost>
**********************************************************************

***********************************************************************
proxy.conf
***********************************************************************


<IfModule mod_proxy.c>

         #turning ProxyRequests on and allowing proxying from all may allow
         #spammers to use your proxy to send email.

         ProxyRequests Off

         <Proxy *>
                 Order deny,allow
                 Deny from all
                 #Allow from .your_domain.com
         </Proxy>

         # Enable/disable the handling of HTTP/1.1 "Via:" headers.
         # ("Full" adds the server version; "Block" removes all outgoing Via: 
headers)
         # Set to one of: Off | On | Full | Block

         ProxyVia On

         # To enable the cache as well, edit and uncomment the following lines:
         # (no cacheing without CacheRoot)

         CacheRoot "/var/cache/apache2/proxy"
         CacheSize 5
         CacheGcInterval 4
         CacheMaxExpire 24
         CacheLastModifiedFactor 0.1
         CacheDefaultExpire 1
         # Again, you probably should change this.
         #NoCache a_domain.com another_domain.edu joes.garage_sale.com

</IfModule>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message