Warning

This document hasn't been checked for compatibility with current versions of Plone. Use at your own risk.

Integrating non-Plone content on IIS

by Robert Nagle last modified Dec 30, 2008 03:06 PM
Demonstration of how Enfold Proxy lets Microsoft system administrator integrate non-Plone content with Plone on IIS

In the previous section, we saw how the Microsoft system administrator can use the commercial product   Enfold Proxy (EP) to cache Plone content with Internet Information Services(IIS). This section shows how Enfold Proxy allows you  to integrate non-Plone content with Plone  on IIS. The process of proxying content,  implementing a caching mechanism and integrating applications is an inherently complex undertaking. Enfold Proxy tries to "simplify" this complexity by putting everything inside  a single GUI interface, providing simple instructions and lots of troubleshooting documentation.

Practically speaking, one common business need is to use IIS to host different web applications for one or more domains. Sure, rewrite rules in Apache let you do this, but that can get hairy if you are using too many. Actually it can get hairy in Enfold Proxy as well (let's be honest). But  certain aspects of the EP interface provide a more usable view. First,  Enfold Proxy uses "proxy definitions"   (discussed in a previous section) to keep  options for each Internet host in its own separate "compartment" but still easily accessible (on the left side of the panel). Second,  each proxy definition contains two tabs (labeled Includes and Excludes) with  options relevant to site integrators. Here is the Excludes screen for a proxy definition TextDef (without any values filled in).

enfold proxy excludes

 

Includes and Excludes

Includes and Excludes allows you to tailor which URLs are to be processed by Enfold Proxy (EP) and which are to be processed by Internet Information Services (IIS). Using Includes and Excludes lets you accomplish these things without causing URL conflicts. This is useful for several scenarios:

  • an application already existed in IIS before you installed Enfold Server or Plone.
  • you have directories of static content from previous websites which need to be included under the same domain.
  • you wish to install a separate non-Plone application and place it inside a directory inside the domain for your Plone application.
  • you wish to wrap a Plone site inside a nonPlone site
  • You need to keep existing nonPlone content at the root of your domain, but also let Plone/Enfold serve most of the content.

To add Excludes or Includes, open the EP configuration tool, choose your proxy definition and select the tab for Excludes or Includes .

You use Excludes when you want your Plone site to use ALL of the domain except the things you have explicitly excluded. You use Includes when you want your Plone site to use NONE of the domain except the files or directories you have explicitly included.

Important: Includes and Excludes should not be used as a way to prevent access to parts of sites. In fact, these options simply block people typing the www URL; they do not block access for those typing in a port and IP address. To harden your websites, it's more effective to set up security within the Plone application itself and/or to set up user authentication in Enfold Server using LDAP.

Integrating Non-Plone Content: Testing and Deployment

  1. Create a test IIS site with www.fakedomain.com (a site only for testing).
  2. Verify that you can access the server root of www.fakedomain.com (by setting DNS or editing your HOST file).
  3. Add the web application into this IIS site. Steps may vary depending on the application, but you basically need to add a directory (real or virtual) into IIS. This directory should correspond to the directory (i.e., URL path) you wish to use when you integrate it with your Plone site.
  4. Create proxy definition (s) to allow Plone to be served for the same web domain. In your Proxy Definition, select the IIS site for fakedomain (in the Site tab).
  5. Add excludes and includes to the appropriate Proxy Definition(s) as needed.
  6. After you have verified that everything works with the IIS site that serves www.fakedomain.com, you can go live simply by modifying your Proxy Definition(s) so that they stop using the IIS site for www.fakedomain.com and start using www.realdomain.com .

Using Excludes

Usually, Enfold Proxy handles all the traffic to a host or domain, but what if you wish to prevent Plone from handling a certain directory or set of files? The solution is to use Excludes.

The Exclude tab of your proxy definition lets you specify Exclude directories or specific files from being handled by Plone. Suppose you need to integrate a java application (let's call it "java application") into your Plone site. Your end goal is to have http://www.originalfunsite.com/java_application/ go to your Java application, while every other directory is handled by Plone/Enfold.

Any listed names in this section must match the initial path specification of the request exactly - case is sensitive and substrings are not matched.

Assumptions: you have a Plone site which is located at the root of http://www.originalfunsite.com . (See adding a proxy definition to learn how to do that).

  1. Open IIS and confirm that the IIS site has a directory (or virtual directory) for your non-Plone application. If you don't have an index.htm or index.html file, create one. (Right click the IIS site --> New --> Virtual Directory).

  2. Verify that this directory can be accessed when the proxy definition for the domain or host is inactive. (If you are dealing with a live site, you may need to use a fakedomain to test this (See the previous section).

  3. Edit the Exclude tab of your proxy definition. Add the directory java_application (without a slash at the end) to the field Local Excludes.

  4. After pressing save, type http://www.originalfunsite.com/java_application/ in your browser. You should see whatever is in the index.html file for your java_application directory.

Testing and Troubleshooting: You can run a command line utility eep_check utility with a --show-excludes argument to print a list of all items found by this auto-exclude processing.  See also the troubleshooting checklist.

Note: When you list something in the Exclude field, you cannot use a slash (/). For that reason, you are not able to exclude deep folders (i.e., paths with more than one level: /java_application/small_applet/ ).

Using Auto-Excludes to Maintaining Existing URLs

The main function of auto-excludes is to maintain existing URLs from IIS after you add a Plone site. Suppose you want Plone to handle most of a domain, but you have legacy content still at the root that need to work. Auto-excludes lets EP check first if IIS content already exists for that URL; if it does, IIS will serve it; otherwise, Plone/Enfold will handle it.

Note: Be careful that existing/legacy IIS content is not preventing people from accessing important parts of the Plone site.

To set up an Auto-Exclude, select your proxy definition and choose the Excludes tab.  If you use Auto-Excludes, you have to choose what kinds of web content will cause IIS to ignore Plone. (If you want an Auto-Exclude, more than likely you will want to choose All).  The dropdown box for Auto-exclude shows  these options:

  • Choosing (All) will check to see if there are any virtual directories, file system directories or files for a URL under the IIS site. If yes, then the IIS site will handle it. If no, then Enfold/Plone will handle it. This is probably the most common choice if you plan to set up auto-excludes.
  • Choosing (webdirs) will only exclude virtual directories specified within the IIS site. A virtual directory does not physically exist in the file system underneath the IIS root. Instead it may refer to an application or a directory in another location (analogous to a Windows short cut).
  • Choosing (fsdir) will only exclude file directories on the file system existing underneath the root for the IIS site. These directories actually appear in Windows Explorer (and not merely IIS).
  • Choosing (files)will tell IIS to serve files inside IIS document root instead of Plone whenever such a file or files exist. 
  • Choosing (None) will deactivate all auto-excludes and just cause Enfold Proxy to assume that all HTTP requests should be handled by Plone.

Other Features: Includes, Regular Expressions, Etc

The Enfold website contains more detail about other  advanced features for  Plone integration tasks for IIS

Here are some other  advanced features of Enfold Proxy:

  • Includes.  The main rationale for using Includes is to hide most of a Plone site except for one or more selected directories or one or more URLs. This can be useful if a certain directory is a domain is using a Plone application for a site which is otherwise almost  completely non-Plone.   Configuring includes can be tricky because once you make one setting, Enfold Proxy presumes that all Plone content will be excluded except pages  you explicitly include.  You may be able  to do this more simply by modifying the Virtual host root and Local host root in your proxy definition. For example, suppose you have an IIS site and you have a directory in Plone (http://192.168.1.150:8080/Plone/salesdirectory/) which you wish to be called up whenever someone types www.originalfunsite.com/salesdirectory/ . Rather than putting 'salesdirectory' in EP's include field for your proxy definition, it's more direct to try this instead:

    • Local Host Root: /salesdirectory
    • Virtual Host Root: /Plone/salesdirectory
    • Virtual Hosts: 192.168.1.150:8080
  • excludes_regex. This lets you use regular expressions for excludes. For example, if you wished to exclude all .jpg files from the plone site (thereby causing all requests for such images to be handled by IIS itself), you could specify .*\.jpg (which will match any URL ending in .jpg).
  • includes_regex. Basically this lets you use regular expressions for includes.  See the help on the Enfold website for more detailed instructions.
  • simple rewrite_mode.  Instead of Virtual Host Monster, Enfold  Proxy can change to a more generic rewriting mode which works with other applications besides Plone. (Read more).
  • caching XSL.   It's possible to cache XSL and XML docs using in-memory cache. This kind of caching works differently from most Plone caching. (Read more).
  • syntax checking tool.  Clicking check will analyze your current proxy definitions for configuration problems. (Read more). 

Troubleshooting

Because proxying and caching can be a complicated subject, the Enfold site has an extensive troubleshooting checklist and FAQ page.

Conclusion

 In this tutorial, we have looked at the commercial product Enfold Proxy and showed how it performs many of the complex system administration tasks which are required to run Plone.  We have shown how it functions with IIS.  This is not an open-source solution, and it is not free. But it has been commercially available for several years and fairly easy to learn how to use ..and  well-tested and documented.  Even though it's a Windows-only solution, Enfold Proxy can be used to proxy/cache Zope clients running on Linux boxes or Windows (as long as they connect to the same ZEO Server). While the Linux/Apache/Varnish toolchain might have flexibility and control for a qualified UNIX administrator,  Enfold Proxy offers comparable flexibility and control (with a Plone-specific interface).  

 

Contribute

Something wrong or out of date? Anybody can edit or create a new article in the knowledge base. Simply create an account on this site, log in, and click the Edit button to contribute.