Blog

Some noteable things:

• There is more than one login-form. In fact I counted at least six different login-forms. Ever heard of 'failsafe_login_form'? Searching for /login_form will not be enough.
• The page you get after logging out has it's own login-form. Since I use this page to switch back to http I chose to remove the form by customizing the template 'logged_out.pt'.
• Since I redirect to https when Plone' s Authentication-cookie '__ac' is present calling '/logged_out' while still logged-in would result in an infinite recursion. That's why I break before the rule is called when '__ac' is still set.
• Don't use the login-portlet since I don't see how it can be delivered via https if you want to deliver the site with normal http.
• Never ever expose your zope-root or login using the zope-admin-Account via http since the zope-admins password is only uuencoded in a cookie!

Here is my config:

upstream myzope {
 server localhost:8080;
}

ssl_certificate      /home/starzel/nginx/starzel.crt;
ssl_certificate_key  /home/starzel/nginx/starzel.key;

# http
server {
 listen myserver.com:80;
 server_name www.mysite.com;
 access_log /var/log/nginx/mysite.com_access.log;
 rewrite ^(.*)(/login_|/require_login|/failsafe_login_form)(.*) https://$server_name$1$2$3 redirect;
 if ($http_cookie ~* "__ac=([^;]+)(?:;|$)" ) {
     rewrite ^(.*) https://$host/$1 redirect;
 }

 location / {
     proxy_pass http://myzope/VirtualHostBase/http/www.mysite.com:80/Plone/VirtualHostRoot/;
 }
}

# https
server {
 listen myserver.com:443 default ssl;
 server_name www.mysite.com;
 access_log /var/log/nginx/mysite.com_access.log;
 if ($http_cookie ~* "__ac=([^;]+)(?:;|$)" ) {
     # prevent infinite recursions between http and https
     break; 
 }
 rewrite ^(.*)(/logged_out)(.*) http://$server_name$1$2$3 redirect;
 location / {
     proxy_pass http://myzope/VirtualHostBase/https/www.mysite.com:443/Plone/VirtualHostRoot/;
 }
}

# zmi 
server {
 listen myserver:443 ssl;
 server_name manage.mysite.com;
 access_log /var/log/nginx/heeschmusik_zmi.de_access.log;
 location / {
     proxy_pass http://myzope/VirtualHostBase/https/manage.myserver.com:443/VirtualHostRoot/;
 }
}

The cookie-regex explained (thanks to Hanno Schulz and Vlad Vorobiev for their wisdom): $http_cookie (which is a string) is searched for anything containing '__ac=' followed by 1 or more characters which is not ';' (which would mean the cookie has no value), followed by either an ';' (signaling the beginning of another cookie) or the end of the line. If you are as ignorant of regex as me you might consider keeping this regex-cheatsheet close.

By the way, this site neither uses nginx nor is it not secured. But this one is: www.heeschmusik.de. I plan to move most sites to nginx in the near future.

Feeback appreciated.

The good News:

Pydev is a great eclipse-Plugin for which I primarily use for Plone- and Zope-Development. Pydev 1.5 now includes the formerly closed-source Pydev Extensions. Check out it's amazing features.

Learn more about Plone-Development with Eclipse and Pydev at my talk at the dzug-conference in Munich next week.

The bad news:

It happend only two weeks after I renewed my License for Pydev-Extensions :-(

Ubuntu 9.04 "Jaunty Jackalope" removed python 2.4 libraries from the distribution, which are necessary to run Zope/Plone.

To work in a more defined environment, where other as the system libraries are installed for a specific python, people use virtualenv.

Install virtualenv, python-2.4 from the distribution repository.

Create a 

virtualenv -p python2.4 --no-site-packages myappdir

In myappdir,

source bin/active

sets some environment variables.

I use zsh with the "nounset"-Option, which the script doesn't work with, so I had to

unsetopt nounset

Install ipython or zc.buildout or other eggs you need

easy-install ipython

PIL aka python-imaging is not longer available in a a 2.4 version in Ubuntu 9.04, but contains a lot of binary code so I didn't want to build it myself.  3 options: Install an old python-imaging-2.4-package,

Install it by hand - easy_install --find-links http://download.zope.org/distribution PILwoTK or untar and python setup.py install and before that, you have to install some other image handling libs to get all the features as explained here  http://sam.stainsby.id.au/blog/?p=28

sudo apt-get install libjpeg-dev libfreetype6-dev (zlib?)

or. what I did, install the current package and link to it from the virtualenv.

In myappdir/lib/site-packages

ln -s /usr/lib/python2.5/site-packages/PIL PIL

Python complains about differing C API versions, but it seems to work.

This all looks less than perfect, esp. the PIL link hack.

Der World Plone Day ist eine weltweite Initiative der großartigen Community des Open Source Content-Management-Systems Plone.

Das ganztägige Programm des World Plone Day in München ist nun online und umfasst Kurzvorträge und Präsentationen zu den verschiedensten Themen: Von Einführungen zu Plone, Präsentationen von diversen Plone-Websites und Plone-Webapplications bis hin zu Informationen zu Design, Intranet, SEO, Hosting u.v.a. ist für jeden Interessentenkreis etwas geboten. Neben den Vorträgen gibt es ausreichend Gelegenheit für Diskussionen´und Gespräche.

Melden Sie sich unter http://www.worldploneday.de an und nutzen Sie die Gelegenheit, Plone kennen zu lernen!

Das Team der Internetagentur Starzel beteiligt sich als Mitglieder der Münchner Plone-Community an der Ausrichtung des Münchner World Plone Days mit mehreren Vorträgen und Präsentationen. Wir würden uns freuen, auch Sie dort begrüßen zu dürfen.

Am 7. Oktober von 9:30 bis 17 Uhr in der Seidlvilla.

Mehr Infos unter http://www.worldploneday.de