mod_proxy vs. mod_ssl vars

mod_proxy vs. mod_ssl vars

You can't access the special environment vars added by mod_ssl (SSLOptions +StdEnvVars) inside of Zope if you are using mod_proxy to access Zope. This is due the way how proxying works internally. Every transparent proxy access to Zope is a new request and has no SSL context. In order to see the special environment vars you have to setup a CGI access to Zope. The best and fasted method is FastCGI http://www.fastcgi.com.

To do this, first you have to install FastCGI for Apache 2, as explained in the previous part. After mod_fastcgi is compiled, installed and loaded you have to reconfigure both Zope and Apache2.

Next you must enable the fast-cgi server of Zope. You can choose between socket and tcp (host:port) where socket is a little bit faster but Apache2 must have read access to the directory where the socket lifes. In this example INSTANCE_HOME is /var/lib/zope/example and the fastcgi address is $INSTANCE/var/zope.soc.

Final step is to reconfigure Apache2. The following example conf has only the necessary parts for fastcgi. Note that the DocumentRoot must exists and must be accessible by Apache2 but the zope.fcgi file must not exist. Also you should remove all proxy RewriteRules.

Apache2 config:

<IfModule mod_fastcgi.c>
 FastCGIExternalServer /var/www/secure.example.org-ssl/zope.fcgi \
    -socket /var/lib/zope/example/var/zope.soc \
    -pass-header Authorization \
    -pass-header Cookie \
    -idle-timeout 60 \
    -appConnTimeout 0
</IfModule>

<VirtualHost ...>

 ...

 DocumentRoot  /var/www/secure.example.org-ssl

 ...

 <IfModule mod_fastcgi.c>
   <Directory /var/www/secure.example.org-ssl>
     AddHandler fastcgi-script .fcgi
   </Directory>
 </IfModule>

 ...

 <IfModule mod_rewrite.c>
   RewriteEngine On
   RewriteRule ^/(.*) \
       /zope.fcgi/VirtualHostBase/https/secure.example.org:443/VirtualHostRoot/_vh_zope/_vh_example_instance/$1 [L]
 </IfModule>

 ...

</VirtualHost>