[Setup] plone with apache 1.3.34

Ben shadroth at gmail.com
Fri Nov 24 00:43:47 UTC 2006 

On 11/24/06, otrcomm <otrcomm at isp-systems.net> wrote:
> i found a tutorial about setting up plone/zope to run under apache 2, http://plone.org/documentation/tutorial/plone-apache, but i do
> not know enough about apache 2 to translate the instructions to apache 1.3.34.
>
> could someone point me to a tutorial for apache 1.3.34, or help me with the setup?

They're very similar. Here's my install notes (nb. these are slightly
out of date, so an upgrade is required. This install has since been
updated to Python 2.4.4, (PIL rebuilt), Zope 2.9.5, Plone 2.5.1 Those
notes are in my server diary which I won't be releasing, but you can
probably use the newer versions straight up.

Make sure you set the server name in httpd.conf and ssl.conf,
otherwise it should be all as is written here. These haven't been
approved as secure yet, but this will get you to a working
installation.

Cheers,

Ben
---


Minimum CentOS 3 text install, all defaults, except remove any optional packages
Plone 2.5
Zope 2.9.3

--------------------
 1. Install GPG key
--------------------
# rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-3
you're meant to do it off the CD-ROM, but at least this will work if
you don't have it.

-------------
 2. Firewall
-------------
 * Open ports for: SSH (probably safer on a non-standard port - fix
this later), FTP, SMTP (may not be needed), WEB - may need adjusting
for testing, Zope Web server (8080 - may need adjusting)

# yum install vim-enhanced

 * Edit /etc/sysconfig/iptables and add the following lines just
before the first line with REJECT on it:
-A RH-Firewall-1-INPUT state --state NEW -m tcp -p tcp --dport 21 -h ACCEPT
-A RH-Firewall-1-INPUT state --state NEW -m tcp -p tcp --dport 22 -h ACCEPT
-A RH-Firewall-1-INPUT state --state NEW -m tcp -p tcp --dport 25 -h ACCEPT
-A RH-Firewall-1-INPUT state --state NEW -m tcp -p tcp --dport 80 -h ACCEPT
-A RH-Firewall-1-INPUT state --state NEW -m tcp -p tcp --dport 8080 -h ACCEPT

 * Also need port 9080 open for second ZEO client's webserver.

-----------
 3. Update
-----------
# yum update

-------------------
 4. Extra Packages
-------------------
Needed before setting up the latest Python and PIL.
# yum install gcc gcc-c++ zlib-devel libjeg-devel freetype-devel
tcl-devel tk-devel

-----------
 5. Python
-----------
 * wget the latest Python (2.4.3 at time of writing) and install with defaults:
./configure --prefix=/opt/python
make
make install

--------
 6. PIL
--------
 * wget and install the latest PIL (1.1.5 at the time of writing)
/opt/python/bin/python setup.py build_ext -i
/opt/python/bin/python selftest.py
/opt/python/bin/python setup.py install

---------
 7. Zope
---------
v 2.9.4 at the time of writing

Install Zope with ZEO, as per
http://plone.org/documentation/tutorial/robust-installation - as
detailed below:

1.
# adduser zope
# mkdir /opt/zope
# cd /opt/zope
# mkdir pub0 sec0 products zeo

2.
$ ./configure --prefix=/opt/zope/z2.9.4-p2.4.3
--with-python=/opt/python/bin/python
$ make
# make install

3.
# cd /opt/zope
# ln -s z2.9.4-p2.4.3 zope
# /opt/python/bin/python zope/bin/mkzeoinstance.py zeo 8100

4.
# vim zeo/etc/zeo.conf
 * change the socket directory from etc to var:
  replace:
    socket-name $INSTANCE/etc/zeo.zdsock
  with:
    socket-name $INSTANCE/var/zeo.zdsock
 (otherwise you won't be able to start zeo using zeoctl)
 * uncomment 'user zope'

5.
# /opt/python/bin/python zope/bin/mkzopeinstance.py --dir=pub0
# /opt/python/bin/python zope/bin/mkzopeinstance.py --dir=sec0
With the sites as:
pub0 #this will be used for the public site, possibly with a secure
login to a members area
mem0 #optional - with a secure login for the members,
sec0 #this will be used as a totally secure site for the administration


# chown -R dogsbody:dogsbody /opt/zope

6.
make changes to zope.conf for each instance, as per tutorial.
when changing the zope.conf for the second site, uncomment portbase,
instead of changing the ports. (UNTESTED: If using more than two
clients, increase portbase by 1000 for each additional client)

each successive Zope instance will overwrite the primary ZMI user and
password data.

The exact configuration w.r.t. number of instances will depend on how
RAM usage can best be reduced.

7.
chgrp zope zeo/var zeo/log pub0/var pub0/log sec0/var sec0/log

chmod g+w zeo/var zeo/log pub0/var pub0/log sec0/var sec0/log

----------
 8. Plone
----------
As per http://plone.org/documentation/tutorial/robust-installation:

    cd /tmp
    tar zxf Plone-x.y.z.tar.gz
    cd $BASE
    mkdir products
    mv /tmp/Plone-x.y.z/* products
    rm -r /tmp/Plone-x.y.z*
    cd client0
    rm -r Products
    ln -s ../products Products
    # repeat the last three steps for all Zeo clients/Zope instances

!!NB!! Delete the 'Five' folder from the products directory.


------------------
 9. Plone Options
------------------

 * Close site to new signups
http://plone.org/documentation/how-to/closing-site
NB. This blocks all sites in the ZODB, possibly better to implement on
a per-site basis.

 * Site Setup > Portal Settings:
Set 'Allow Anonymous Users To View About Information' to 'No'

 * Stop anonymous users from viewing content in the visible (public
draft) state. Make the same changes to restrictions for the 'Access
contents information' permission and the make both changes to the
'Pending' state as well, see:
http://plone.org/documentation/how-to/displaying-only-201cpublished201d-items-in-folder-listings-to-anonymous-users

------------
 10. Apache
------------
#yum install httpd mod_ssl
Setup a Virtalhost (!!!NB: This needs to be checked to ensure it isn't
an open proxy)
Use the RewriteRule structure specified here:
http://plone.org/documentation/tutorial/plone-apache/virtualhost

In particular:
* Enable virtual hosting:
NameVirtualHost *:80

* Configure the VirtualHost,
* NB: replace 'plone-site-folder' wit whatever your plone site is called.
* NB. Change the rewrite log level or comment it out when it's working.
<VirtualHost *:80>
    RewriteEngine On
    RewriteLog "/var/log/httpd/rewrite_log"
    RewriteLogLevel 1
    RewriteRule ^/(.*) \
      http://localhost:8080/VirtualHostBase/http/%{SERVER_NAME}:80/plone-site-folder/VirtualHostRoot/$1
[P]
#    CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>



---------
 11. SSL
---------

In /etc/httpd/conf.d/ssl.conf make sure the Virtual host is setup with
Rewrite rules:

RewriteEngine On
RewriteRule ^/(.*)
http://localhost:9080/VirtualHostBase/https/%{SERVER_NAME}:443/plone-site-folder/$1
[P]

NB: set 'plone-site-folder' to whatever your plone site folder name
is, or omit it entirely if you want to give access to the whole ZMI.

You will also need to configure the Servername variable. eg.
Severname: domainname.tld:443


http://plone.org/documentation/how-to/apache-ssl
http://plone.org/documentation/tutorial/plone-apache/virtualhost
http://plone.org/documentation/how-to/secure-login-without-plain-text-passwords

More information about the Setup mailing list