[Zope] found and fixed ZMI SSL support bug

Thomas Anderson tn-anderson at comcast.net
Thu Feb 5 17:13:04 EST 2004 

More info. There's a bug with the management interface when using 
Pound 1.6. Use Pound-current instead. Everything is now working 
perfectly for me with no siteroot or VHM necessary. No ugly 
proxypass or rewrite statements to deal with using Pound either.

Is a beautiful thing to behold.

Tom

On Thu, 2004-02-05 at 12:53, Thomas Anderson wrote:
> Fixed it for both http and https to work correctly.
> 
> See patch attached.
> 
> Tom
> 
> On Thu, 2004-02-05 at 11:16, Thomas Anderson wrote:
> > I've recently installed Zope 2.6.3 with Pound 1.6 in front.
> > I tried the replacement z2.py that ships with Pound, with no luck.
> > All the docs I've read suggest that getting a SSL wrapper in front
> > of Zope is a solved problem, yet I keep running into problems like
> > the below in the html source generated by the default index_html:
> > 
> > img src="http://localhost:443/p_/ZopeButton" width="115"
> > 
> > This of course needs to be https://localhost:443/... for it to work.
> > 
> > There are 3 ways I can see to fix this.. For my purposes replacing
> > "http" with "https" for all self-referencing URLs generated by Zope
> > would be fine. This is to be a secure server so turning off http
> > completely is fine for me.
> > 
> > It would be better (and a much prettier hack) if I leveraged the
> > X-Forwarded-For header, that way http://zopehost:8080 would still 
> > work. If Zope could be set up to detect if X-Forwared-For was set 
> > to my Pound front-end's IP and generate all https:// URLs in the
> > replies..... that would be awesome. 
> > 
> > I wonder though if perhaps Zope should just be smarter about 
> > seeing a port number of 443 and automatically generate https URLs
> > in response. Would that break anything existing?
> > 
> > If anyone has already done work in this area, or has an idea
> > where in the Zope code would be a good place to start hacking,
> > please let me know! I'd like to make the smallest patch to
> > Zope possible so that it can be maintained easily in future
> > versions and possibly even merged into 2.6.x or 2.7.x.
> > 
> > Tom
> > 
> > 
> > _______________________________________________
> > Zope maillist  -  Zope at zope.org
> > http://mail.zope.org/mailman/listinfo/zope
> > **   No cross posts or HTML encoding!  **
> > (Related lists - 
> >  http://mail.zope.org/mailman/listinfo/zope-announce
> >  http://mail.zope.org/mailman/listinfo/zope-dev )
> 
> ______________________________________________________________________
> 
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )

More information about the Zope mailing list