[Zope-CMF] Running Zope behind Squid on the same host

J C Lawrence claw@kanga.nu
Wed, 29 Jan 2003 12:50:09 -0800 

The typical advice is to run Zope behind Apache.  For various reasons,
among which are that I found Squid faster, I don't want to do that.  I
went thru the HOWTOs on zope.org and found them ineffective.  In
particular Marc Bowery's HOWTO at:

  http://www.zope.org/Members/bowerymarc/squid-zserver-virtual

cost me two days before I abandoned it as a dead end and not quite what
I needed.  The below approach required little more than 45 minutes to
discover, research, and implement.

  Note: I've not (yet) paid mind to implementing proper Squid cache
  security so as to not be operating an open cache for others to abuse.
  As such I won't be addressing those concerns.  However, they are not
  difficult problems and there are thorough and articulate discussions
  of the area for Squid as a general product, outside of any Zope
  specifics.  As such, I'll leave those discussions there.

  You don't want to be running an open cache any more than you want to
  be running an open mail relay.  Pay attention.  You have been warned.

Here's how I got it working.

  Notes:

    - Nothing here is CMF specific.  However, I'm not on the base Zope
    list and I am on this list.  Please feel free to crosspost this to
    the base Zope lists as you see fit.

    - Some details are mildly Linux/Debian specific, butt they should be
    obvious and easy to translate for other Linux distributions or other
    Unixes.

    - Please forward corrections, suggestions, or updates to me at the
    above address and I'll look to incorporating them into this doc.

Tools needed:

  - Zope               -- http://www.zope.org

  - Squid              -- http://www.squid-cache.org/

  - SquidGuard         -- http://www.squidguard.org/

  - SiteAccessEnhanced -- http://www.zope.org/Members/sfm/SiteAccessEnhanced

  *Note: I initially tried to use Jesred but was unable to get it to
  process http POSTs correctly and reliably.  While it is simpler and
  smaller than SquidGuard, it also appears to be slower.*

Installation:

  Install all the above in the normal way.  For Linux/Debian Zope,
  Squid, and SquidGuard and be retrieved and installed via `apt-get`.
  You'll need to install SiteAccessEnhanced in the normal Zope way by
  unpacking it in your Zope products directory and restarting Zope.

Configuration:

  If you have any questions on the below, please consult the relevant
  documentation, help files, web sites, and sources before asking me.

  - Zope:

    Using the ZMI create a VirtualHostMonster (the name of the product
    that SiteAccessEnhanced installs) in the root of your Zope system.
    Call it anything you want.

  - Squid:

    Use the following configuration options over and above the Debian
    defaults:

      http_port 80
      redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
      httpd_accel_host virtual
      httpd_accel_port 0

    Other changes may be necessary if you are not using Linux/Debian or
    have a different initial default squid.conf.

  - SquidGuard:

    Use the following SquidGuard configuration file::

       dbhome /var/lib/squidguard/db
       logdir /var/log/squid
       acl {
           default {
               redirect http://localhost:9673/VirtualHostBase/http/your.host.dom:80/root_folder/VirtualHostRoot/%p
            }
       }

    Where:

      your.host.dom -- is the FQDN of the host in question.

      root_folder -- is the Zope folder that you want to be the root
      folder of your site.

      9673 -- Is the default port that Linux/Debian runs Zope on.
      Change to suit your installation.

    You could also use rewrite rules under SquidGuard instead of the
    redirect used above, but they are more expensive.

  - SiteAccessEnhanced

    Using the ZMI install a VirtualHostMonster object in the root folder
    of your Zope installatiom.  You will not need to configure it for
    this simple HOWTO.

Voila!  Restart Zope and Squid for the changes to take effect and
everything should be happily working on port 80.  

Note that you'll need to do something more complex and interesting for
proper virtual host support.  As this is a simple get-you-started HOWTO
I've not covered that.

I've also posted this HOWTO to Zope.org at:

  http://www.zope.org/Members/JCLawrence/LocalhostSquidHOWTO/index_html

and will be the current version at any time.

Enjoy.

--
J C Lawrence
---------(*)                Satan, oscillate my metallic sonatas.
claw@kanga.nu               He lived as a devil, eh?
http://www.kanga.nu/~claw/  Evil is a name of a foeman, as I live.