[Seaside] Seaside 2.8 and Apache2
Boris Popov
boris at deepcovelabs.com
Wed Nov 14 07:01:57 UTC 2007
Seaside needs to know that its hosted behind ssl, did you set the #serverProtocol to be #https?
Cheers!
-Boris
(Sent from a BlackBerry)
----- Original Message -----
From: seaside-bounces at lists.squeakfoundation.org <seaside-bounces at lists.squeakfoundation.org>
To: seaside at lists.squeakfoundation.org <seaside at lists.squeakfoundation.org>
Sent: Tue Nov 13 21:02:19 2007
Subject: [Seaside] Seaside 2.8 and Apache2
I've found a peculiar problem in running
Seaside 2.8 with Apache2...
It seems to be related to SSL. The symptom is: when I click on the submit button, I get a Security Warning from the Firefox browser (I've tried both Firefox and Opera) saying "Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party". Then when I click on "continue", the session seems to be expired which then throws me back to my home page.
I've simplified the problem by creating a very simple app called Fred. Here's the fileout:
WAComponent subclass: #Flintstone
instanceVariableNames: ''
classVariableNames: ''
poolDictionaries: ''
category: 'RKE-test'!
!Flintstone methodsFor: 'as yet unclassified' stamp: 'RKE 11/13/2007 22:43'!
renderContentOn: html
html heading level: 2; with: 'A Form'.
html form:
[html text: 'your name'.
html textInput.
html break.
html submitButton on: #save of: self]! !
!Flintstone methodsFor: 'as yet unclassified' stamp: 'RKE 11/13/2007 22:31'!
save
Transcript cr; show: 'saving...'! !
WAComponent subclass: #Fred
instanceVariableNames: ''
classVariableNames: ''
poolDictionaries: ''
category: 'RKE-test'!
!Fred methodsFor: 'as yet unclassified' stamp: 'RKE 11/13/2007 22:40'!
renderContentOn: html
html heading level: 1; with: 'Testing'.
html anchor callback: [self call: Flintstone new]; with: 'Bedrock'! !
"-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- "!
Fred class
instanceVariableNames: ''!
!Fred class methodsFor: 'as yet unclassified' stamp: 'RKE 11/13/2007 20:30'!
canBeRoot
^true! !
Here's the modified httpd.conf file to run Fred:
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
ServerName www.goodsexnetwork.com
NameVirtualHost 192.168.1.101:80
<virtualhost 192.168.1.101:80>
ServerName www.goodsexnetwork.com
RewriteEngine on
ProxyRequests off
DocumentRoot /var/www
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ https://%{SERVER_NAME}/$1 [L,R]
</virtualhost>
NameVirtualHost 192.168.1.101:443
<virtualhost 192.168.1.101:443>
ServerName www.goodsexnetwork.com
RewriteEngine on
ProxyRequests off
ProxyPreserveHost on
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
DocumentRoot /var/www/ssl
ProxyPass /seaside/fred http://localhost:9090/seaside/fred
ProxyPassReverse /seaside/fred http://localhost:9090/seaside/fred
RewriteRule ^/$ http://localhost:9090/seaside/fred/$1 [P,L]
</virtualhost>
I tested Fred on both Seaside 2.7 and 2.8. In Seaside 2.7, I don't get the Security Warning and the app works perfectly. In Seaside 2.8, I get the Security Warning and the app expires the session on "submit".
In Seaside 2.7, the #save method writes to the Transcript. In Seaside 2.8, it doesn't, thereby proving that #save doesn't even get executed.
Like I said, very peculiar. I just don't understand what's going on and I'm afraid I may have to fall back to Seaside 2.7.
More info: with Seaside 2.8, if I move
DocumentRoot /var/www/ssl
ProxyPass /seaside/fred http://localhost:9090/seaside/fred
ProxyPassReverse /seaside/fred http://localhost:9090/seaside/fred
RewriteRule ^/$ http://localhost:9090/seaside/fred/$1 [P,L]
into the 192.168.1.101:80 Virtual Host, thereby circumventing SSL, there is no problem. So this is absolutely related to SSL.
Regards,
Richard
_______________________________________________
seaside mailing list
seaside at lists.squeakfoundation.org
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/seaside/attachments/20071113/482e8f45/attachment.htm
More information about the seaside
mailing list