Topic: Customizing httpd.conf with rewrite rules

[ddougan]

I recently realized that I have an error in  my httpd.conf file - I'd added a template fragment in the VirtualHosts custom directory (35Rewrite). However, it's in the wrong place, as it's affecting all my virtual domains, rather than the main domain as I want. However, I can't work out where to place it in the template hierarchy such that the Rewrite rules affect only one domain instead of the three domains I have on my server. The rule is for my Plone site (RewriteRule ^/(.*) http://localhost:9080/VirtualHostBase/http/www.DouganConsulting.com:80/Plone/VirtualHostRoot/$1 [L,P])

Can anyone point me in the right direction?

Thanks,

[CharlieBrady]

I recently realized that I have an error in  my httpd.conf file - I'd added a template fragment in the VirtualHosts custom directory (35Rewrite). However, it's in the wrong place, as it's affecting all my virtual domains, rather than the main domain as I want. However, I can't work out where to place it in the template hierarchy such that the Rewrite rules affect only one domain instead of the three domains I have on my server. The rule is for my Plone site (RewriteRule ^/(.*) http://localhost:9080/VirtualHostBase/http/www.DouganConsulting.com:80/Plone/VirtualHostRoot/$1 [L,P])

Can anyone point me in the right direction?

Thanks,

Put some code in the template to make the output conditional. Something like:

{
  return "" unless $virtualHost eq "one.that.i.want";
  "RewriteRule ^/(.*) ...";
}

[ddougan]

Many thanks, Charlie. I'll give that a try.

Des

[ddougan]

Charlie,

I've been testing your suggestion (with quotes around the entire rule, followed by the semi-colon, per your example). When I expanded the template, I get a warning like this:

WARNING in /etc/e-smith/templates-custom//etc/httpd/conf/httpd.conf/VirtualHosts/35Rewrite: Use of uninitialized value in concatenation (.) or string at /etc/e-smith/templates-custom//etc/httpd/conf/httpd.conf/VirtualHosts/35Rewrite line 6.

The template expands, but when restart httpd and I display the site, I'm missing the formatting and icons, as if there is a permissions error (but it doesn't show in the logs). If I go back to the rule without the conditional logic, I see the home page as expected.

Do I need to escape the rule parameters?

Thanks,

Des

[ddougan]

Charlie,

I've resolved the problem I reported last night - I changed from a Rewrite rule to ProxyPass and ProxyPassReverse directives, and when I put your code fragment around each directive, the template-expand worked fine, and my other domains now no longer display the primary domain content.

Very many thanks for your help.


Des

[wjhobbs]

Des,

I used your rpms to install Plone. It worked really well. But I can't get at Plone itself.

I believe I need to put a ProxyPass and ProxyPassReverse directive into hhtpd.conf but I don't know enough about how the SME templates work to know what to do.

As I understand it, I need to create a config file fragment in Templates-Custom. But I need guidance with respect to (a) what name to use for the fragment and (b) what specifically goes in the file.

In my current case, I have a fresh install on a test machine and I am just trying to test against a local i-bay. However, in future I will want to do it on a production machine with the i-bay set to be a virtual host.

I'm something of a novice (just bought "Learning Perl") and not a programmer or Linux bright light. I would appreciate any direction you can give, the more specific the better. I'll learn.

Thanks for your help.

John

[ddougan]

John,

This is what works for me. Create the file 35Rewrite and paste the contents into it. The ProxyPass and ProxyPassReverse stuff should each be on one line, in case it doesn't display cleanly here.

Des

[root@jeeves root]# more /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts/35Rewrite
#
# ProxyPass directive for Zope/Plone Virtual Host Monster
#
ProxyPass / http://localhost:9080/VirtualHostBase/http/domainname.com:80/Plone/VirtualHostRoot/

ProxyPassReverse / http://localhost:9080/VirtualHostBase/http/domainname.com:80/Plone/VirtualHostRoot/

[ddougan]

And, in case it's not clear, replace "domainname" with your own.

Des

[wjhobbs]

Hi Des,

Thanks. I did that and still have a problem.

I have set up a virtual domain ('imsig.ca') against an i-bay ('imsig') which was the domain I specified in the ProxyPass directives. When I use a browser on another machine to access that i-bay (e.g., 192.168.1.253/imsig), I get the standard "This information bay has not yet been customized" message.

When I attempt to go directly at Plone by specifying the port number (e.g., 192.168.1.253:9080/Plone) I get 'connection refused'. I think this is because of the security you set up in the install so Zope/Plone accepts connections only from the local machine.

Without a browser on the SME machine, I don't know how to set up the Virtual Host Monster in Zope because of the 'connection refused' problem.

Any suggestions for what to try?

Thanks for your help.

John

[ddougan]

To access the ZMI, you need to set up an ssh tunnel to your server from your desktop (PuTTY is a good client on a Windows box) on port 9080, then connect to http://localhost:9080/manage to get to the ZMI, where you login with the plone IFD and password you set up when you installed Plone. You can then set up the VHM.


Des

[wjhobbs]

Des,

A PuTTY connection just gives me CLI access. I can use Lynx; but the ZMI seems to need a frame-capable browser.

I have been unsuccessful getting a VPN tunnel connection established; but if I can, I suspect it will allow the browser access I need to get VHM set up.

Is there something I'm missing with PuTTY?

Am I on the right track?

Thanks for all the hand-holding.

John

[ddougan]

In PuTTY, you need to set up a tunnel. I'm running Linux on my desktop, so can't check, but from memory, near the bottom of the setup options, there is one for tunnels. Add 9080 and localhost:9080 in the dialog. This, when run, will allow you to access the ZMI via the browser. I think the help on the PuTTY download site discusses the options for tunnelling.

Des

[wjhobbs]

Des,

Thanks for all your help.

I was not able to get the ssh tunnel working, either through PuTTY or ssh on a Linux desktop. The CLI worked but the tunnel didn't. I'll track that problem down another day.

Rather than spend the weekend tearing out what little hair I have left, I found a way around the problem. I adjusted zope.conf temporarily to allow remote connections. Then set up the Virtual Host Monster and reset the security on zope.conf.

Then applied your ProxyPass rules -- and everything worked just fine!

Thanks.

John

[ddougan]

Great! I'm glad you got it resolved.

For reference, from a Linux CLI, try:

ssh -L 9080:localhost:9080 -C 192.168.0.1 -f sleep 100000

where the IP address is that of the server's local internal interface.

Des

[wjhobbs]

Des,

Thanks. Don't know where my mind was. I had localhost and local interface confused.

You may want to consider using the RewriteRule instead of ProxyPass. If you use Charlie's ... return nullstring unless ... construct and enclose the RewriteRule directive in single quotes, the expand-template function will not try to resolve the $1 variable in the directive.

John

[ddougan]

I thought I'd tried the RewriteRule, but couldn't get the expand template process to work correctly - although I can't recall if I tried single quotes.

Is there an advantage to using it instead of ProxyPass? None of the reading I've done really clarifies that.

Regards,

Des

[wjhobbs]

Des,

With 'ProxyPass / http://localhost... etc' the url 'www.douganconsulting.com' and 'www.douganconsulting.com/directory/subdirectory/' get interpreted the same way (the /directory/subdirectory/ portion is ignored). This is not the case with 'RewriteRule ^/(.*)http.../$1' The $1 variable causes the subdirectory portions to be appended to the url that gets sent to Plone.

For simple Plone usage the difference is irrelevant. However, you may get to a situation that needs it. With ProxyPass you will be stuck.

John

[ddougan]

John,

Thanks! I'll take a look at it and test it on my test system.

Regards,

Des

[chris burnat]

Hello,
Sorry to barge in.  I have to install plone2 and zope for a site at the uni on Sydney, trying to find a howto, no luck so far - Des post on the forum dated 26 May get a "not found" return.  I have found Des rpms (2004/6/2), are they still valid for 6.1?  Can you assist and point me in the right direction?
Many thanks regards chris

[chris burnat]

Hello,
Sorry to barge in.  I have to install plone2 and zope for a site at the uni, trying to find a howto, no luck so far - Des post on the forum dated 26 May get a "not found" return.  I have found Des rpms (2004/6/2), are they still valid for 6.1?  Can you assist and point me in the right direction?
Many thanks regards chris

[ddougan]

As far as I know, they will work for 6.x - there's been little change since 6.0.

Des

[chris burnat]

Thanks for this, any Howto around that you know about?

[wjhobbs]

The following is what I used and it seemed to work. It presumes that you are going to have two Plone sites - one public facing and an intranet site for local staff. If you are not going to have the intranet site, forget about the extra i-bay and don't bother creating the second Plone Site instance.

Also, I found that if I set up Plone against my Primary i-bay, I couldn't get at my server-manager panel. So I have an i-bay called 'main' and set up a domain (e.g., 'mydomain.ca') for that (the SME server's domain I call 'primary.mydomain.ca' to avoid confusion).

Here's my How-To

Install Plone
Before you start, ensure that none of the domains to be served by Plone are the Primary. Set up an I-bay for the main web site and one for the intranet site; and set up virtual domains for each.

Download Des Dougan’s rpms
login as root

Create a directory for the downloads

Code: [Select]

# mkdir –p /root/downloads/smeplone
# cd /root/downloads/smeplone

Download the files

Code: [Select]

# wget –nc http://mirror.contribs.org/smeserver/contribs/ddougan/Plone/Plone2-2.0.2-sme.04.i386.rpm
# wget –nc http://mirror.contribs.org/smeserver/contribs/ddougan/Plone/Plone2-2.0.2-sme.04.src.rpm
# wget –nc http://mirror.contribs.org/smeserver/contribs/ddougan/Plone/db4-4.1.25-0.rh73.3.1.i386.rpm
# wget –nc http://mirror.contribs.org/smeserver/contribs/ddougan/Plone/db4-devel-4.1.25-0.rh73.3.1.i386.rpm
# wget –nc http://mirror.contribs.org/smeserver/contribs/ddougan/Plone/expat-1.95.5-2.i386.rpm
# wget –nc http://mirror.contribs.org/smeserver/contribs/ddougan/Plone/python2.3-2.3.3-2pydotorg.i386.rpm
# wget –nc http://mirror.contribs.org/smeserver/contribs/ddougan/Plone/python2.3-2.3.3-2pydotorg.src.rpm
# wget –nc http://mirror.contribs.org/smeserver/contribs/ddougan/Plone/python2.3-devel-2.3.3-2pydotorg.i386.rpm
# wget –nc http://mirror.contribs.org/smeserver/contribs/ddougan/Plone/python2.3-docs-2.3.3-2pydotorg.i386.rpm
# wget –nc http://mirror.contribs.org/smeserver/contribs/ddougan/Plone/python2.3-tools-2.3.3-2pydotorg.i386.rpm

Install Plone

Code: [Select]

# rpm –Uvh db4*
# rpm –Uvh python*
# rpm –Uvh expat*
# rpm –Uvh Plone*

Start Plone

Code: [Select]

# /etc/rc.d/init.d/plone2 start

Test Plone

Code: [Select]

# lynx “http://localhost:9080/Plone”
You should see the Plone main page in text browser mode.

Setup ‘Virtual Host Monster’
The Des Dougan rpms seem to set the initial administrative Plone/Zope userid to 'plone' with a password of 'plone'.

From a network attached Windows computer, open a ssh tunnel with the target server
using PuTTY:

On the ‘Session’ pane, enter the ip address of the server and on the SSH>Tunnels pane, enter ‘9080’ as the Source Port and ‘127.0.0.1:9080’ as the Destination, the push the ‘Add’ button. This information should then appear in the Forwarded Ports box. Click the Open button at the bottom to open a session on the server.

Login as ‘root’ with the root password

OR

From a Linux workstation, open a ssh tunnel using the ssh command
in a terminal window enter

ssh -L 9080:localhost:9080 -C 192.168.0.1 -f sleep 100000

Be sure to replace the ‘192.168.0.1’ with the ip address of the server.

Then:

Open a web browser with the address ‘127.0.0.1:9080/manage’

The Zope main page should display. On the upper right of the screen, select “Virtual Host Monster” from the Add pull-down list, and push the Add button. In the form that opens, enter an id (use ‘vhm’).

Then, setup a second Plone instance for the intranet site.

On the upper right of the Zope main page, select “Plone Site” from the Add pull-down list and push the Add button. In the form that opens, enter an id (use ‘Intranet’); add a Title (e.g., ‘Company Intranet Site’); keep the default Membership source and provide a Description (e.g., ‘The Company intranet site.’) Then click Add Plone Site and wait for the site to be created.

Close the browser and the ssh tunnel.

Setup Apache virtual host routing to the VHM
Ensure that this directory path exists

/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts

and if not, create it.

Code: [Select]

# mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts

Change to that directory.

Code: [Select]

# cd /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts

create an empty file

Code: [Select]

# pico

add the following lines to the file:

Code: [Select]

#
# RewriteRule directives for Zope/Plone Virtual Host Monster
#
RewriteEngine on
{
return “” unless $virtualHost eq “mainhost.ca”;
‘RewriteRule ^/(.*) http://localhost:9080/VirtualHostBase/http/[ip]:80/Plone/VirtualHostRoot/$1 [L.P]’;
}
{
return “” unless $virtualHost eq “intranet.mainhost.ca”;
‘RewriteRule ^/(.*) http://localhost:9080/VirtualHostBase/http/[ip]:80/Intranet/VirtualHostRoot/$1 [L.P]’;
}


Replace the ‘[ip]’ portion with the relevant domain name (e.g., www.mainhost.ca) and save with the file name ‘35Rewrite’

N.B. ensure that each RewriteRule directive is only on one line before saving and enclosed in single quotes.

then regenerate the Apache configuration file

Code: [Select]

# /sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf

then restart Apache to have the new configuration take effect

Code: [Select]

# service httpd restart

Get Plone to start automatically on boot.

Code: [Select]

# cd /etc/rc.d
# pico rc.local

add to the bottom of the file

Code: [Select]

# start Plone2
/etc/rc.d/init.d/plone2 start
save and exit

And that's it. Using a browser go to your Plone domain and try it.

Best of luck.

John

[CharlieBrady]

With 'ProxyPass / http://localhost... etc' the url 'www.douganconsulting.com' and 'www.douganconsulting.com/directory/subdirectory/' get interpreted the same way (the /directory/subdirectory/ portion is ignored).

No, that's not true. The server-manager wouldn't work, if that were the case, and neither would my friend's website, which is proxypassed through my server to his.

I have a custom template .../httpd.conf/ProxyPassVirtualHosts/template-begin containing:

    ServerName www.{$virtualHost}
    ServerAlias { "$virtualHost  $SystemName.$virtualHost" }
{
    use esmith::DomainsDB;
    my $db = esmith::DomainsDB->open_ro;
    my $d = $db->get($virtualHost);
    my $t = $d->prop('ProxyPassTarget');

    $OUT = "    ProxyPass / $t";
}

<VirtualHost {$ipAddress}:{$port}>
</VirtualHost>

and his domain database entry is:

host.domain=domain
    Content=Primary
    Description=xxxxxx
    ProxyPassTarget=http://a.b.c.d/
    TemplatePath=ProxyPassVirtualHosts

His domain gets way more traffic than any of mine, and has always worked perfectly.

[wjhobbs]

Charlie,

Sorry if I was not clear. What I was referring to was the way in which Des had his ProxyPass directive defined. In that one, there was no variable substitution and therefore there appeared to be no way to allow for the subdirectories to be appended to the specified url. Everything got passed to his plone site root regardless.

John

[CharlieBrady]

Sorry if I was not clear. What I was referring to was the way in which Des had his ProxyPass directive defined. In that one, there was no variable substitution and therefore there appeared to be no way to allow for the subdirectories to be appended to the specified url.

There is no variable substitution in a ProxyPass  directive. ProxyPass only translates URL prefixes. Anything in the URL after the translated prefix is included in the proxied request. See:

http://www.linuxfocus.org/English/March2000/article147.html
http://httpd.apache.org/docs-2.0/mod/mod_proxy.html

Everything got passed to his plone site root regardless.

Perhaps there some issue specific to plone. I'm sure the full URL is passed on.

[ddougan]

You basically install the RPMs and use the information that the installation provides (e.g. port number 9080). If you plan to make the installation available to the outside world, you'll need an Apache ProxyPass or Rewrite rule - search here for both, There's a good bit of information on them.

Des

[chris burnat]

Many thanks John. I have so far managed to install, and from a windows box establish an ssh tunel and accessed the zope page.  Now I am stuck...May I ask a couple of questions:

1) Total ignorance of my part, how do you type the character  “”  in the 35Rewrite file??

2) Is my syntax correct, All I will use if the WAN side, no intranet.  The domain is strumpf.com with an IP 203.47.55.211.
Is this correct:

#
# RewriteRule directives for Zope/Plone Virtual Host Monster
#
RewriteEngine on
{
return “” unless $virtualHost eq “stumpf.com”;
‘RewriteRule ^/(.*) http://localhost:9080/VirtualHostBase/http/203.47.55.211:80/Plone/VirtualHostRoot/$1 [L.P]’;
}

Many thanks, chris.

[wjhobbs]

Chris,

The "" is in fact a double-quote immediately followed by a double-quote.

Your RewriteRule looks OK to me except that I put the domain name instead of the ip address (i.e., replace the 203.47.55.211:80 with stumpf.com:80)

John