Dear People, I'm having some problems with using Apache as a proxy with Zope/Plone. I'm trying to get urls of the form http://machine_name/test_plone and https://machine_name/test_plone to redirect to my test Plone site at machine_name:9673/test_plone via SSL. However, I have not been successful.I suspect this is an Apache misconfiguration, which is puzzling, since I have acess to a machine doing very similar things, also running Debian sarge, which is working.
I'll list misc. bits of info below, in the hope that this will help to narrow the problem. I'll also list the ssl config portion of my apache file at the bottom of this message for good measure.
This uses this thing called the Virtual Host Monster in Zope/Plone, which does some stuff enabling Virtual Hosts.
The core of the matter is the RewriteRule as follows.
RewriteRule ^/test_plone(.*) \
http://127.0.0.1:9673/VirtualHostBase/https/%{HTTP_HOST}:443/test_plone/VirtualHostRoot/_vh_test_\plone$1
1) Firstly, SSL is working, certificates are offered and accepted, yada
yada.
2) I can acess the page athttp://127.0.0.1:9673/VirtualHostBase/https/%{HTTP_HOST}:443/test_plone/VirtualHostRoot/_vh_test_\plone$1 [L,P]
fine, where I have to replace 127.0.0.1 with the IP address of the machine in question. This means the Virtual Host Monster is working correctly, I presume.
3) The rewriting is actually happening, because the rewriting log shows **********************************************************************client_ip_address - - [11/Nov/2005:18:51:56 --0500] [server_ip_address/sid#81565f0][rid#81ce540/initial] (2) init rewrite engine with requested uri /test_plone/colophon_xhtml.png client_ip_address - - [11/Nov/2005:18:51:56 --0500] [server_ip_address/sid#81565f0][rid#81ce540/initial] (3) applying pattern '^/test_plone(.*)' to uri '/test_plone/colophon_xhtml.png' client_ip_address - - [11/Nov/2005:18:51:56 --0500] [server_ip_address/sid#81565f0][rid#81ce540/initial] (2) rewrite /test_plone/colophon_xhtml.png -> http://127.0.0.1:9673/VirtualHostBase/https/server_ip_address:443/test_plone/VirtualHostRoot/_vh_test_plone/colophon_xhtml.png client_ip_address - - [11/Nov/2005:18:51:56 --0500] [server_ip_address/sid#81565f0][rid#81ce540/initial] (2) forcing proxy-throughput with http://127.0.0.1:9673/VirtualHostBase/https/server_ip_address:443/test_plone/VirtualHostRoot/_vh_test_plone/colophon_xhtml.png client_ip_address - - [11/Nov/2005:18:51:56 --0500] [server_ip_address/sid#81565f0][rid#81ce540/initial] (1) go-ahead with proxy request proxy:http://127.0.0.1:9673/VirtualHostBase/https/server_ip_address:443/test_plone/VirtualHostRoot/_vh_test_plone/colophon_xhtml.png [OK]
*********************************************************************** This all looks pretty normal.4) The error log is cryptic. Setting LogLevel to debug does not seem to give any more usable information.
The main error is[Fri Nov 11 18:51:56 2005] [error] [client client_ip_address] client denied by server configuration:
proxy:http://127.0.0.1:9673/VirtualHostBase/https/server_ip_address:443/test_plone/VirtualHostRoot/_vh_test_plone/colophon_anybrowser.png,referer: http://server_ip_address:9673/VirtualHostBase/https/server_ip_address:443/test_plone/VirtualHostRoot/_vh_test_plone
5) Here are the mods I have enabled. /etc/apache2/mods-enabled# ls -la drwxr-xr-x 3 root root 4096 2005-11-11 17:21 . drwxr-xr-x 10 root root 4096 2005-11-11 15:45 ..lrwxrwxrwx 1 root root 37 2005-11-10 16:52 cgid.conf -> /etc/apache2/mods-available/cgid.conf lrwxrwxrwx 1 root root 37 2005-11-10 16:52 cgid.load -> /etc/apache2/mods-available/cgid.load lrwxrwxrwx 1 root root 28 2005-11-11 17:21 proxy.conf -> ../mods-available/proxy.conf lrwxrwxrwx 1 root root 28 2005-11-11 17:21 proxy.load -> ../mods-available/proxy.load lrwxrwxrwx 1 root root 30 2005-11-11 17:19 rewrite.load -> ../mods-available/rewrite.load lrwxrwxrwx 1 root root 26 2005-11-10 21:21 ssl.conf -> ../mods-available/ssl.conf lrwxrwxrwx 1 root root 26 2005-11-10 21:21 ssl.load -> ../mods-available/ssl.load lrwxrwxrwx 1 root root 40 2005-11-10 16:52 userdir.conf -> /etc/apache2/mods-available/userdir.conf lrwxrwxrwx 1 root root 40 2005-11-10 16:52 userdir.load -> /etc/apache2/mods-available/userdir.load
These are included via the main config file.6) I was wondering if there might be something wrong with the Proxy thing. I've kept proxy.conf at the Debian defaults. Included below.
In particular ProxyRequest are off, but another Debian machine I have access to works fine with that setting.
Thanks in advance for your help.
Faheem.
**********************************************************************
ssl.conf
**********************************************************************
NameVirtualHost *:443
<VirtualHost *:443>
ServerAdmin [...]
DocumentRoot /var/www/html-ssl
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/html-ssl>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
# RedirectMatch ^/$ /apache2-default/
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel debug
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/ssl.crt
SSLCertificateKeyFile /etc/apache2/ssl/ssl.key
CustomLog /var/log/apache2/access.log combined
ServerSignature On
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
RewriteEngine On
RewriteLog /var/log/apache2/rewrite.log
RewriteLogLevel 3
RewriteRule ^/test_plone(.*) \
http://127.0.0.1:9673/VirtualHostBase/https/%{HTTP_HOST}:443/test_plone/VirtualHostRoot/_vh_test_\plone$1
[L,P]
</VirtualHost>
**********************************************************************
***********************************************************************
proxy.conf
***********************************************************************
<IfModule mod_proxy.c>
#turning ProxyRequests on and allowing proxying from all may allow
#spammers to use your proxy to send email.
ProxyRequests Off
<Proxy *>
Order deny,allow
Deny from all
#Allow from .your_domain.com
</Proxy>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via:
headers)
# Set to one of: Off | On | Full | Block
ProxyVia On
# To enable the cache as well, edit and uncomment the following lines:
# (no cacheing without CacheRoot)
CacheRoot "/var/cache/apache2/proxy"
CacheSize 5
CacheGcInterval 4
CacheMaxExpire 24
CacheLastModifiedFactor 0.1
CacheDefaultExpire 1
# Again, you probably should change this.
#NoCache a_domain.com another_domain.edu joes.garage_sale.com
</IfModule>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|