<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7651.59">
<TITLE>Re: [Seaside] Seaside 2.8 and Apache2</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=2>Seaside needs to know that its hosted behind ssl, did you set the #serverProtocol to be #https?<BR>
<BR>
Cheers!<BR>
<BR>
-Boris<BR>
(Sent from a BlackBerry)<BR>
<BR>
----- Original Message -----<BR>
From: seaside-bounces@lists.squeakfoundation.org <seaside-bounces@lists.squeakfoundation.org><BR>
To: seaside@lists.squeakfoundation.org <seaside@lists.squeakfoundation.org><BR>
Sent: Tue Nov 13 21:02:19 2007<BR>
Subject: [Seaside] Seaside 2.8 and Apache2<BR>
<BR>
I've found a peculiar problem in running<BR>
Seaside 2.8 with Apache2...<BR>
<BR>
It seems to be related to SSL. The symptom is: when I click on the submit button, I get a Security Warning from the Firefox browser (I've tried both Firefox and Opera) saying "Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party". Then when I click on "continue", the session seems to be expired which then throws me back to my home page.<BR>
<BR>
I've simplified the problem by creating a very simple app called Fred. Here's the fileout:<BR>
<BR>
WAComponent subclass: #Flintstone<BR>
instanceVariableNames: ''<BR>
classVariableNames: ''<BR>
poolDictionaries: ''<BR>
category: 'RKE-test'!<BR>
!Flintstone methodsFor: 'as yet unclassified' stamp: 'RKE 11/13/2007 22:43'!<BR>
renderContentOn: html<BR>
html heading level: 2; with: 'A Form'.<BR>
html form:<BR>
[html text: 'your name'.<BR>
html textInput.<BR>
html break.<BR>
html submitButton on: #save of: self]! !<BR>
!Flintstone methodsFor: 'as yet unclassified' stamp: 'RKE 11/13/2007 22:31'!<BR>
save<BR>
Transcript cr; show: 'saving...'! !<BR>
<BR>
WAComponent subclass: #Fred<BR>
instanceVariableNames: ''<BR>
classVariableNames: ''<BR>
poolDictionaries: ''<BR>
category: 'RKE-test'!<BR>
!Fred methodsFor: 'as yet unclassified' stamp: 'RKE 11/13/2007 22:40'!<BR>
renderContentOn: html<BR>
html heading level: 1; with: 'Testing'.<BR>
html anchor callback: [self call: Flintstone new]; with: 'Bedrock'! !<BR>
"-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- "!<BR>
Fred class<BR>
instanceVariableNames: ''!<BR>
!Fred class methodsFor: 'as yet unclassified' stamp: 'RKE 11/13/2007 20:30'!<BR>
canBeRoot<BR>
^true! !<BR>
<BR>
Here's the modified httpd.conf file to run Fred:<BR>
<BR>
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so<BR>
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so<BR>
LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so<BR>
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so<BR>
<BR>
ServerName www.goodsexnetwork.com<BR>
NameVirtualHost 192.168.1.101:80<BR>
<virtualhost 192.168.1.101:80><BR>
ServerName www.goodsexnetwork.com<BR>
RewriteEngine on<BR>
ProxyRequests off<BR>
DocumentRoot /var/www<BR>
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f<BR>
RewriteRule ^/(.*)$ <A HREF="https://%">https://%</A>{SERVER_NAME}/$1 [L,R]<BR>
</virtualhost><BR>
<BR>
NameVirtualHost 192.168.1.101:443<BR>
<virtualhost 192.168.1.101:443><BR>
ServerName www.goodsexnetwork.com<BR>
RewriteEngine on<BR>
ProxyRequests off<BR>
ProxyPreserveHost on<BR>
SSLEngine on<BR>
SSLCertificateFile /etc/apache2/ssl/apache.pem<BR>
DocumentRoot /var/www/ssl<BR>
ProxyPass /seaside/fred <A HREF="http://localhost:9090/seaside/fred">http://localhost:9090/seaside/fred</A><BR>
ProxyPassReverse /seaside/fred <A HREF="http://localhost:9090/seaside/fred">http://localhost:9090/seaside/fred</A><BR>
RewriteRule ^/$ <A HREF="http://localhost:9090/seaside/fred/$1">http://localhost:9090/seaside/fred/$1</A> [P,L]<BR>
</virtualhost><BR>
<BR>
<BR>
I tested Fred on both Seaside 2.7 and 2.8. In Seaside 2.7, I don't get the Security Warning and the app works perfectly. In Seaside 2.8, I get the Security Warning and the app expires the session on "submit".<BR>
<BR>
In Seaside 2.7, the #save method writes to the Transcript. In Seaside 2.8, it doesn't, thereby proving that #save doesn't even get executed.<BR>
<BR>
Like I said, very peculiar. I just don't understand what's going on and I'm afraid I may have to fall back to Seaside 2.7.<BR>
<BR>
<BR>
More info: with Seaside 2.8, if I move<BR>
<BR>
DocumentRoot /var/www/ssl<BR>
<BR>
ProxyPass /seaside/fred <A HREF="http://localhost:9090/seaside/fred">http://localhost:9090/seaside/fred</A><BR>
<BR>
ProxyPassReverse /seaside/fred <A HREF="http://localhost:9090/seaside/fred">http://localhost:9090/seaside/fred</A><BR>
<BR>
RewriteRule ^/$ <A HREF="http://localhost:9090/seaside/fred/$1">http://localhost:9090/seaside/fred/$1</A> [P,L]<BR>
<BR>
into the 192.168.1.101:80 Virtual Host, thereby circumventing SSL, there is no problem. So this is absolutely related to SSL.<BR>
<BR>
Regards,<BR>
Richard<BR>
<BR>
<BR>
_______________________________________________<BR>
seaside mailing list<BR>
seaside@lists.squeakfoundation.org<BR>
<A HREF="http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside">http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside</A><BR>
</FONT>
</P>
</BODY>
</HTML>