There are a lot of benefit of using apache http server as a front end of an application server. One of the reason is security. Linux doesn't allow you open port under 1024 for a non root user.
And in some cases it is a good idea to use apache as your front end anyway (e.g. you want to use apahce for load balancing or as a proxy server, or take advantage of a very stable http server)
I personally use apache as a front end for plone+zope and tomcat. Here is a brief description on how to run apache in front of a zope+plone setup
When you have your zope+plone setup, you will access the plone instance like this
http://myhost:8000/Plone
or in general
http://[host]:[port]/[name_of_plone_instance]
and ZMI should be running here:
http://myhost:8000/manage
In order to hide plone+zope behind apache, you will have to add this into your apache config file
where %{HTTP_HOST} is a apache variable which will be automatically filled in.
The first part of the rewrite rule
What it does is to tell apache to route all the port 80 request to localhost port 8000 which zope is running.
The second part of the rewrite rule
is to tell the VirtualHostMonster in zope to map all the url in the page to port 80 even it is on port 8000
So now when we hit the url http://myhost/ it direct all the traffic to the underlying plone instance at port 8080.
At this point, everything should work nicely. But what if we want to go to access port 8080 for the ZMI. If you have port 8080 open, you should be able to just hit it on your favorite browser. What if we do not want to poke a hole on the firewall. What you can do is to do a port forwarding over ssh.
What it does is open a secure tunnel and forward all the traffic from the remote host to your local box.
In general, you will do
ssh -L [local_port]:localhost:[remote_port] [remote_host]
So when you hit the URL, http://localhost:9999/manage you should be able to see the ZMI in the remote host.
And in some cases it is a good idea to use apache as your front end anyway (e.g. you want to use apahce for load balancing or as a proxy server, or take advantage of a very stable http server)
I personally use apache as a front end for plone+zope and tomcat. Here is a brief description on how to run apache in front of a zope+plone setup
When you have your zope+plone setup, you will access the plone instance like this
http://myhost:8000/Plone
or in general
http://[host]:[port]/[name_of_plone_instance]
and ZMI should be running here:
http://myhost:8000/manage
In order to hide plone+zope behind apache, you will have to add this into your apache config file
RewriteRule ^/(.*) http://127.0.0.1:8000/VirtualHostBase/http/%{HTTP_HOST}:80/Plone/VirtualHostRoot/$1 [L,P]
where %{HTTP_HOST} is a apache variable which will be automatically filled in.
The first part of the rewrite rule
RewriteRule ^/(.*) http://127.0.0.1:8000/
What it does is to tell apache to route all the port 80 request to localhost port 8000 which zope is running.
The second part of the rewrite rule
VirtualHostBase/http/%{HTTP_HOST}:80/Plone/VirtualHostRoot/$1 [L,P]is to tell the VirtualHostMonster in zope to map all the url in the page to port 80 even it is on port 8000
So now when we hit the url http://myhost/ it direct all the traffic to the underlying plone instance at port 8080.
At this point, everything should work nicely. But what if we want to go to access port 8080 for the ZMI. If you have port 8080 open, you should be able to just hit it on your favorite browser. What if we do not want to poke a hole on the firewall. What you can do is to do a port forwarding over ssh.
ssh -L 9999:localhost:8080 myhost
What it does is open a secure tunnel and forward all the traffic from the remote host to your local box.
In general, you will do
ssh -L [local_port]:localhost:[remote_port] [remote_host]
So when you hit the URL, http://localhost:9999/manage you should be able to see the ZMI in the remote host.
Comments (0)
Post a Comment