[Zope] RE: installation

Nemeth Miklos nemeth@iqsoft.hu
Sat, 01 Jan 2000 13:20:03 +0100


This is a multi-part message in MIME format.
--------------91B6355DE254C8EAAF007E98
Content-Type: text/plain; charset=iso-8859-2
Content-Transfer-Encoding: 7bit

> I can't go to management screen with superuser passwd. I'm using
> correct
> name and passwd (as specified in access file), but Zope says
> "Unauthorized. You are not authorized to access this resource."
>
> I'm using apache. No useful info in Apache's log's, pcgi.log and
> zope.log. Zope.cgi has been copied to apache cgi-bin dir. Apache has
> correct rewrite rule configuration as per WEBSERVER.txt. This is
> Zope
> 2.0.1 rpm. I also tried Zope 2.1.1 sources with same result. Please
> help
> me...
>

You are not the first one having problems with Zope + Apache
installation.
PCGI uses Rewrite module, which is a complex Apache facility, and
otherwise, configuring Apache sometimes may be complicated.
The best thing you can do is to browse the zope@zope.org archive (1999
oct - dec) for Apache, PCGI, or read some invaluable HOW-TOS.
To whet your appetite here is my receipe (with some technical
background) how to install Zope with Apache on RH6.1.
If you manage (I am sure you will) to install Zope+PCGI+Apache, please
write us what was the cause of your problem.
It would be very nice to collect a list of troubles with Apache+Zope
installation.

NM



--------------91B6355DE254C8EAAF007E98
Content-Type: text/html; charset=iso-8859-2;
 name="learningzope-zopeandapacheonrh61.html"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="learningzope-zopeandapacheonrh61.html"

<html>
<head>
<title>Learning Zope - Zope and Apache on RedHat 6.1</title>
</head>
<body>
<h1>Learning Zope - Using Zope with Apache on RedHat 6.1</h1>

Author: Miklos Nemeth, nemeth@iqsoft.hu<br>
Last modified: 1999.12.29

<h2>Why use Zope with Apache?</h2>

Zope installation is extremelly simple if you use ZServer. But if you
want to use Zope with Apache, the installation procedure might be a
nightmare. I fight nearly a half day to install Zope with Apache. This
document describes the steps I used to install my Zope with my Apache.
<p>
Apache is mandatory if you want to build an SSL-secured
website. ZServer does not support SSL at the moment. Apache is the
number 1 webserver of the world and provides much more services than ZServer.

<h2>The configuration</h2>
I used RedHat 6.1, Apache 1.3.9 installed the standard RedHat way:
(1) httpd.conf in /etc/httpd/conf,
(2) document root directory: /home/httpd (owned by root)
(3) the user/grout to run httpd: nobody/nobody
(4) port: 80
(5) startup/shutdown script: /etc/rc.d/init.d/httpd

<h2>The first phase is to install Zope</h2>
<ol>
<li> Change (ie. su) to <em>root</em>, and cd to <em>/usr/local</em>.
<li> Extract the Zope distribution file: <samp>tar xfz
Zope-2.1.1-linux2-x86.tgz</samp>
<li> cd to Zope-2.1.1-linux2-x86

<li> run <samp>$ ./install -u nobody -g nobody</samp> If you do not
specify <em>"-u nobody and -g nobody"</em> install will not set
correctly the ownership of some files and directories.  nobody/nobody
will be set as the user for the files <em>Zope.cgi</em>,
<em>access</em>, <em>start</em>, <em>stop</em> and the var directory
and its contents.

<li> Try to remember (ie. jot down to a safe place) the password of the
user "superuser". The password is printed on the screen by install.

<li> Copy the <em>Zope.cgi</em> into the directory <em>/home/httpd/cgi-bin</em> with "cp
-p":<samp>cp -p Zope.cgi  /home/httpd/cgi-bin</samp>. The -p option of the cp command
is very important. The Zope.cgi should be owned by nobody even in the
/home/httpd/cgi-bin directory.

<li> Start <em>ZServer</em> as <em>nobody</em> (if you are logged in
as root): <samp>su nobody start</samp>. ZServer will use ports 8080,
8021, 8099. If these ports are in use on your system, you should
explicitly specify port numbers for the start script (see the z2.py
options -P, -w, -f, -m). It is crucial not to start ZServer as root,
otherwise it creates the <em>var/pcgi.soc</em> file as root, and
<em>pcgi-wrapper</em> (see later) will not have permission to open it
as it will be run as nobody by Apache.  You do not have to specify -p
for the start script: PCGI is enabled by default. If you want to have
some info about the available parameters for start, have a look at
z2.py (start invokes the z2.py module).  Later you may edit the start
script as suggested by the <em>"Gotchas for Zope Beginners"</em> HOWTO.  <li>
If you later wishes to stop ZServer, open a new terminal and invoke:
<samp>su nobody /usr/local/Zope-2.1.1-linux2-x86/stop</samp>.

</ol>

<h2>Editing /etc/httpd/conf/httpd.conf</h2>

The second phase is to edit <em>/etc/httpd/conf/httpd.conf</em> to force Apache
passing authentication data to Zope.cgi
<ol>

<li> As root edit <em>httpd.conf</em>, and add to the end the
following lines:

<pre>
RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^/Zope(.*) /home/httpd/cgi-bin/Zope.cgi$1
[e=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
</pre>

The RewriteRule directives must be placed on a single line. For more info see <em>"Gotchas
for Zope Beginners"</em>.

<li> Restart (as root) your Apache server by: <samp>/etc/rc.d/init.d/httpd
restart</samp>

<li> Start Netscape and type the URL:
<em>http://localhost/Zope</em>. You will see the <em>"Welcome to
Zope"</em> page. Click on the <em>"management screen"</em> link.

<li> You will be asked for a username and password. Type in "superuser"
and the password you have jot down during the Zope install. If the user
name and password are correct you will have the main Zope management
page.

<li> You may connect to the management page directly by using the URL:
<em>http://localhost/Zope/manage</em>.

<li> Notice that the <em>root folder</em> of your Zope site will be named Zope

<li> You may also connect to ZServer directly (avoiding PCGI):
<em>http://localhost:8080/manage</em>. In this case the root folder will be
unnamed.

</ol>

<h2>Why the user nobody?</h2>

When Apache (ie. httpd) is started as root it opens the privileged ports
(80, 443 (SSL)), opens the log files, and then stops acting as
the potentially dangerous root and become nobody (as specified in
httpd.conf). All CGI programs/scripts will be run as nobody. The
Zope.cgi (see below) is also run by nobody. The simplest configuration
is to run Zope as nobody, too. If you are an experienced UNIX
administrator, and you understand how Apache and PCGI works, you may
invent more complicated setups.

<h2>What is this Zope.cgi, and how does it work?</h2>

Zope.cgi is an executable file, but it is not a shell script to be
executed by sh. If you look at the first line you will understand the
trick:
<samp>#!/usr/local/Zope-2.1.1-linux2-x86/pcgi/pcgi-wrapper</samp> That
is, Zope.cgi will be run by pcgi-wrapper, when Apache starts Zope.cgi
(as nobody -- remember!), if an URL requests to do so. pcgi-wrapper
parses the content of Zope.cgi and tries to connect to a running
server. An important directive is PCGI_SOCKET_FILE which points to
<em>/usr/local/Zope-2.1.1-linux2-x86/var/pcgi.soc</em>. This file is
used as a communication medium between pcgi-wrapper (invoked by
Apache) and ZServer (started by the start script). Each time
pcgi-wrapper started (as a normal CGI program) it connects to ZServer
via the pcgi.soc socket file, transfers the HTTP request to ZServer,
waits for the respose and returns data back to the Apache server. Note
that ZServer is started once and runs forever, but PCGI is started
each time a Zope request is received by Apache.

<h2>Why to use PCGI?</h2>

ZServer does not support SSL, which may be an important requirement in
your case. Apache supports SSL (Apache+SSL or mod_ssl), and thus Zope
may be used in secured communication with the help of PCGI.

<h2>What are the shortcomings of PCGI?</h2>

<ul>

<li> PCGI is run as a normal CGI program. Every time a HTTP request is
sent to the Zope server a pcgi-wrapper process is spawned for running
Zope.cgi.

<li> The Zope server must be installed on the same host as the Apache
server, because currently PCGI does not support remote communication.

</ul>

<h2>Other invaluable documents</h2>

<ul>
<li>How-To: Gotchas for Zope Beginners (by jens)
<li>How-To: Zope/Apache Virtual Host HOWTO (by jec)
<li>How-To: Apache+zope+fastcgi (<a 
href="http://www.zope.org/Members/kedai/apache_zope_fcgi">www.zope.org/Members/kedai/apache_zope_fcgi</a>).


</ul>

<address>
<a href="mailto:nemeth@nemeth20.iqsoft.hu"></a>
</address>
</body>
</html>
--------------91B6355DE254C8EAAF007E98--