Question

这个问题主要针对Zope和Plone管理员和开发人员。

我一直在尝试使用来自apache，Plone.org和Zope foundation的文档来使用Apache重写规则。我找到了一些小例子，但他们似乎没有足够的解释我可以用来应用我的情况。我为任何为这些组织创建文档的人道歉 - 文档非常出色。我只是没有成功解决这个问题。

概述：上下文是企业防火墙后面的Intranet门户样式设置。我使用Apache作为在zeo服务器（端口8080）上运行的plone实例（name = wiki）的代理。出于安全原因，我不希望任何人直接通过端口8080访问plone站点。我希望Apache在端口80上侦听以重定向/代理到plone站点。这也使我能够隐藏对用户来说过于复杂的URL部分。我有一个单独的DNS服务器指向Plone服务器（Plone hostname = wiki.domain.net），以便减少一些地址复杂性。用户可以输入“wiki”从我们的域内访问服务器。请记住，我的老板还要求将plone站点名称称为“wiki”。因此，目前用户可以使用以下约定访问plone：

http://wiki:8080/wiki http://wiki.domain.net:8080/wiki

Apache正在运行但无法通过端口80重定向 - 实际上有人可以直接在端口8080上访问zope / plone。我希望Apache获取流量并重定向到plone实例。

这是我的httpd.conf文件的虚拟主机部分：

    <VirtualHost *:80>
       ServerAdmin admin@wiki.domain.net
       ServerName wiki.domain.net
       ErrorLog logs/wiki.domain.net-error_log
       CustomLog logs/wiki.domain.net-access_log common
       RewriteEngine On
       RewriteRule ^/(.*) http://127.0.0.1:8080/VirtualHostBase/http/%{SERVER_NAME}:80/wiki/VirtualHostRoot/$1 [L,P]
    </VirtualHost>

从我的浏览器中我收到：

   `Bad Request

   Your browser sent a request that this server could not understand.
   Apache/2.2.15 (CentOS) Server at wiki Port 80`

Apache error_log：$ tail -20 error_log：

   [Fri Jan 13 09:20:37 2012] [notice] Digest: done
   [Fri Jan 13 09:20:37 2012] [warn] mod_wsgi: Compiled for Python/2.6.2.
   [Fri Jan 13 09:20:37 2012] [warn] mod_wsgi: Runtime using Python/2.6.5.
   [Fri Jan 13 09:20:37 2012] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.2 
   mod_ssl/2.2.15 OpenSSL/1.0.0-fips mod_wsgi/3.2 Python/2.6.5 mod_perl/2.0.4 Perl/v5.10.1 configured -- resuming normal operations
   [Fri Jan 13 09:30:49 2012] [error] Exception KeyError: KeyError(139958166271968,) in <module 'threading' from '/usr/lib64/python2.6/threading.pyc'> ignored
   [Fri Jan 13 09:30:49 2012] [error] Exception KeyError: KeyError(139958166271968,) in <module 'threading' from '/usr/lib64/python2.6/threading.pyc'> ignored
   [Fri Jan 13 09:30:49 2012] [error] Exception KeyError: KeyError(139958166271968,) in <module 'threading' from '/usr/lib64/python2.6/threading.pyc'> ignored
   [Fri Jan 13 09:30:49 2012] [error] Exception KeyError: KeyError(139958166271968,) in <module 'threading' from '/usr/lib64/python2.6/threading.pyc'> ignored
   [Fri Jan 13 09:30:49 2012] [error] Exception KeyError: KeyError(139958166271968,) in <module 'threading' from '/usr/lib64/python2.6/threading.pyc'> ignored
   [Fri Jan 13 09:30:49 2012] [error] Exception KeyError: KeyError(139958166271968,) in <module 'threading' from '/usr/lib64/python2.6/threading.pyc'> ignored
   [Fri Jan 13 09:30:49 2012] [error] Exception KeyError: KeyError(139958166271968,) in <module 'threading' from '/usr/lib64/python2.6/threading.pyc'> ignored
   [Fri Jan 13 09:30:49 2012] [error] Exception KeyError: KeyError(139958166271968,) in <module 'threading' from '/usr/lib64/python2.6/threading.pyc'> ignored
   [Fri Jan 13 09:30:50 2012] [notice] caught SIGTERM, shutting down
   [Fri Jan 13 09:30:51 2012] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
   [Fri Jan 13 09:30:51 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
   [Fri Jan 13 09:30:51 2012] [notice] Digest: generating secret for digest authentication ...
   [Fri Jan 13 09:30:51 2012] [notice] Digest: done
   [Fri Jan 13 09:30:51 2012] [warn] mod_wsgi: Compiled for Python/2.6.2.
   [Fri Jan 13 09:30:51 2012] [warn] mod_wsgi: Runtime using Python/2.6.5.
   [Fri Jan 13 09:30:51 2012] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.2 mod_ssl/2.2.15 
  OpenSSL/1.0.0-fips mod_wsgi/3.2 Python/2.6.5 mod_perl/2.0.4 Perl/v5.10.1 configured- 
  resuming normal operations

记录$ grep -i proxy的错误：

  ./domain.net-error_log:[Thu Jan 12 14:53:02 2012] [error] (13)Permission denied: proxy: HTTP: attempt to connect to 127.0.0.1:8080 (*) failed
  ./domain.net-error_log:[Thu Jan 12 14:57:44 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/wiki/VirtualHostRoot/
  ./domain.net-error_log:[Thu Jan 12 14:57:45 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/wiki/VirtualHostRoot/favicon.ico
  ./domain.net-error_log:[Thu Jan 12 14:57:45 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/wiki/VirtualHostRoot/favicon.ico
  ./domain.net-error_log:[Thu Jan 12 15:18:18 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/wiki/VirtualHostRoot/
 ./domain.net-error_log:[Thu Jan 12 15:18:21 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/wiki/VirtualHostRoot/
 ./domain.net-error_log:[Thu Jan 12 15:18:34 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/wiki/VirtualHostRoot/
 ./domain.net-error_log:[Thu Jan 12 15:21:49 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/VirtualHostRoot/
 ./domain.net-error_log:[Thu Jan 12 15:21:50 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/VirtualHostRoot/
 ./domain.net-error_log:[Thu Jan 12 15:21:53 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/VirtualHostRoot/
 ./domain.net-error_log:[Thu Jan 12 15:21:58 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/VirtualHostRoot/
 ./domain.net-error_log:[Thu Jan 12 15:22:34 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/VirtualHostRoot/
 ./domain.net-error_log:[Thu Jan 12 15:23:07 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/domain.net:80/VirtualHostRoot/
 ./domain.net-error_log:[Thu Jan 12 15:25:10 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/VirtualHostRoot//
 ./domain.net-error_log:[Thu Jan 12 15:25:10 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/VirtualHostRoot//favicon.ico
 ./domain.net-error_log:[Thu Jan 12 15:25:20 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/VirtualHostRoot//wiki
 ./domain.net-error_log:[Thu Jan 12 15:25:21 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/VirtualHostRoot//favicon.ico
 ./domain.net-error_log:[Thu Jan 12 15:25:29 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/VirtualHostRoot//
 ./domain.net-error_log:[Thu Jan 12 15:25:29 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/VirtualHostRoot//favicon.ico
 ./domain.net-error_log:[Thu Jan 12 15:26:40 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/wiki/VirtualHostRoot//
 ./domain.net-error_log:[Thu Jan 12 15:26:40 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/wiki/VirtualHostRoot//favicon.ico
 ./domain.net-error_log:[Thu Jan 12 15:26:41 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/wiki/VirtualHostRoot//
 ./domain.net-error_log:[Thu Jan 12 15:26:41 2012] [error] [client 172.18.136.33] client denied by server configuration: proxy:http://127.0.0.1:8080/VirtualHostBase/http/wiki:80/wiki/VirtualHostRoot//favicon.ico

所有这些都在CentOS 6.0 x64上运行，具有标准构建配置和6 GB内存。防火墙端口对8080,8081和80（以及其他）开放。感谢您的时间和专业知识。

Answer 1

您遇到的错误是由于Apache版本中的安全级别提高了> 2.2（您的版本为2.2.15）。解决方案是在你的vhost配置中添加它：

<IfModule mod_proxy.c>
  <Proxy proxy:http://127.0.0.1:8080/>
    Order deny,allow
    Allow from localhost
  </Proxy>
</IfModule>

更多信息：

http://noenieto.com/blog/plone-and-apache-2.2

Answer 2

我怀疑你可能错过了启用Apache的代理模块。请参阅本指南中的第二步：https://weblion.psu.edu/trac/weblion/wiki/ProxyApacheToZope

Answer 3

尝试：

<Proxy *>
    Allow from localhost
</Proxy>

在虚拟主机容器中。

Apache 2.2重写规则用于Plone和Zope用于Intranet门户

3 个答案: