You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@lenya.apache.org by Andreas Hartmann <an...@apache.org> on 2007/05/07 15:12:57 UTC

Re: [FREEZE-ANNOUNCEMENT] 1.4 Release Candidate 1, Attempt 2

Andreas Hartmann schrieb:
> Hi Lenya devs,
> 
> apart from Joern, nobody commented on my request
> to cancel the freeze. Joern suggested to start again
> early this week.
> 
> So I'm announcing the second code freeze for 1.4 RC 1.
> 
> It will start in 7 days:
> 
>   Mon, May 7, 02:00 PM CEST

I suggest that we postpone the freeze until the SSL issues
are resolved.

Any objections?

-- Andreas


-- 
Andreas Hartmann, CTO
BeCompany GmbH
http://www.becompany.ch


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org

Re: SSL and proxy [WAS: Re: [FREEZE-ANNOUNCEMENT] 1.4 Release Candidate 1, Attempt 2]

Posted by Joern Nettingsmeier <ne...@folkwang-hochschule.de>.

Michael Wechner wrote:
> Joern Nettingsmeier wrote:
> 
>> Richard Frovarp wrote:
>>
>>> Andreas Hartmann wrote:
>>>
>>>> Joern Nettingsmeier schrieb:
>>>>
>>>> [...]
>>>>
>>>>  
>>>>
>>>>> i think this is a really fundamental issue with lenya, and fixing it
>>>>> requires very intrusive changes (see my other post)... the way i 
>>>>> see it,
>>>>> we should do something half-assed and non-intrusive for the RC and aim
>>>>> for a clean solution by the time of the hackathon.
>>>>>     
>>>>
>>>>
>>>> OK, that sounds reasonable. What changes are necessary to make it
>>>> (kind-of) work for the moment? Do you have the time to take care
>>>> of it? I don't have a proxied setup running ATM.
>>>>
>>>> -- Andreas
>>>>
>>>>
>>>>   
>>>
>>> It does kind of work at the moment. The only caveat is if you have 
>>> the editing under SSL you have to base it at the root level
>>>
>>> https://example.com/default/authoring
>>
>>
>> which is a bummer, because, as remarked in another thread, you cannot 
>> use name-based virtual hosting together with ssl.
> 
> I am not sure I understand correctly what you mean.
> 
> I think one can setup a name based vhost for 80 and another name based 
> vhost for 443 (with the same name but different port) and then point 
> from these two vhosts to the same Tomcat either pointing
> 
> 80 -> 8080 and 443 -> 8080
> 
> or
> 
> 80 -> 8080 and 443 ->8443
> 
> for instance. Or do I misunderstand something?

consider a web server with multiple name-based virtual webservers.
a few are using lenya. to clean up the urls, an apache proxy is used and 
lenya is configured accordingly. so localhost:8888/client-site1/live 
will become www.foo.com, and localhost:8888/client-site2/live will be 
www.bar.com.

for security reasons, i want authoring to be ssl-protected.
it is not possible to use name-based virtual hosting with ssl. so i can 
only have one ssl vhost, https://www.baz.com.
since it's just authoring, weird urls are not a problem, so the obvious 
approach is to map localhost:8888/client-site1/authoring to 
https://www.baz.com/lenya/client-site1/authoring and so on.

unfortunately, this does not work. proxy support is broken. the 
workaround is to put it into the root context, 
https://www.baz.com/client-site1/authoring, which works because most 
links are absolute but omit the protocol and host.

problem is that this interferes with the ssl root namespace - people may 
be doing a lot of other stuff on their ssl host, and hogging the root 
may not be an option...

-- 
jörn nettingsmeier

home://germany/45128 essen/lortzingstr. 11/
http://spunk.dnsalias.org
phone://+49/201/491621

Kurt is up in Heaven now.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org

SSL and proxy [WAS: Re: [FREEZE-ANNOUNCEMENT] 1.4 Release Candidate 1, Attempt 2]

Posted by Michael Wechner <mi...@wyona.com>.

Joern Nettingsmeier wrote:

> Richard Frovarp wrote:
>
>> Andreas Hartmann wrote:
>>
>>> Joern Nettingsmeier schrieb:
>>>
>>> [...]
>>>
>>>  
>>>
>>>> i think this is a really fundamental issue with lenya, and fixing it
>>>> requires very intrusive changes (see my other post)... the way i 
>>>> see it,
>>>> we should do something half-assed and non-intrusive for the RC and aim
>>>> for a clean solution by the time of the hackathon.
>>>>     
>>>
>>>
>>> OK, that sounds reasonable. What changes are necessary to make it
>>> (kind-of) work for the moment? Do you have the time to take care
>>> of it? I don't have a proxied setup running ATM.
>>>
>>> -- Andreas
>>>
>>>
>>>   
>>
>> It does kind of work at the moment. The only caveat is if you have 
>> the editing under SSL you have to base it at the root level
>>
>> https://example.com/default/authoring
>
>
> which is a bummer, because, as remarked in another thread, you cannot 
> use name-based virtual hosting together with ssl.


I am not sure I understand correctly what you mean.

I think one can setup a name based vhost for 80 and another name based 
vhost for 443 (with the same name but different port) and then point 
from these two vhosts to the same Tomcat either pointing

80 -> 8080 and 443 -> 8080

or

80 -> 8080 and 443 ->8443

for instance. Or do I misunderstand something?

Cheers

Michael

> which means the lenya deployment will interfere with existing stuff....
>


-- 
Michael Wechner
Wyona      -   Open Source Content Management   -    Apache Lenya
http://www.wyona.com                      http://lenya.apache.org
michael.wechner@wyona.com                        michi@apache.org
+41 44 272 91 61


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org

Re: [FREEZE-ANNOUNCEMENT] 1.4 Release Candidate 1, Attempt 2

Posted by Joern Nettingsmeier <ne...@folkwang-hochschule.de>.

Richard Frovarp wrote:
> Andreas Hartmann wrote:
>> Joern Nettingsmeier schrieb:
>>
>> [...]
>>
>>  
>>> i think this is a really fundamental issue with lenya, and fixing it
>>> requires very intrusive changes (see my other post)... the way i see it,
>>> we should do something half-assed and non-intrusive for the RC and aim
>>> for a clean solution by the time of the hackathon.
>>>     
>>
>> OK, that sounds reasonable. What changes are necessary to make it
>> (kind-of) work for the moment? Do you have the time to take care
>> of it? I don't have a proxied setup running ATM.
>>
>> -- Andreas
>>
>>
>>   
> It does kind of work at the moment. The only caveat is if you have the 
> editing under SSL you have to base it at the root level
> 
> https://example.com/default/authoring

which is a bummer, because, as remarked in another thread, you cannot 
use name-based virtual hosting together with ssl. which means the lenya 
deployment will interfere with existing stuff....

-- 
jörn nettingsmeier

home://germany/45128 essen/lortzingstr. 11/
http://spunk.dnsalias.org
phone://+49/201/491621

Kurt is up in Heaven now.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org

Re: [FREEZE-ANNOUNCEMENT] 1.4 Release Candidate 1, Attempt 2

Posted by Richard Frovarp <Ri...@sendit.nodak.edu>.

Andreas Hartmann wrote:
> Joern Nettingsmeier schrieb:
>
> [...]
>
>   
>> i think this is a really fundamental issue with lenya, and fixing it
>> requires very intrusive changes (see my other post)... the way i see it,
>> we should do something half-assed and non-intrusive for the RC and aim
>> for a clean solution by the time of the hackathon.
>>     
>
> OK, that sounds reasonable. What changes are necessary to make it
> (kind-of) work for the moment? Do you have the time to take care
> of it? I don't have a proxied setup running ATM.
>
> -- Andreas
>
>
>   
It does kind of work at the moment. The only caveat is if you have the 
editing under SSL you have to base it at the root level

https://example.com/default/authoring

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org

Re: [FREEZE-ANNOUNCEMENT] 1.4 Release Candidate 1, Attempt 2

Posted by Jörn Nettingsmeier <ne...@apache.org>.

Andreas Hartmann wrote:
> Joern Nettingsmeier schrieb:
> 
> [...]
> 
>> i think this is a really fundamental issue with lenya, and fixing it
>> requires very intrusive changes (see my other post)... the way i see it,
>> we should do something half-assed and non-intrusive for the RC and aim
>> for a clean solution by the time of the hackathon.
> 
> OK, that sounds reasonable. What changes are necessary to make it
> (kind-of) work for the moment? Do you have the time to take care
> of it? I don't have a proxied setup running ATM.

i have a stylesheet here that will munge src and href attributes. but in 
order to make it work for css as well, it will have to be included all 
over the place. not nice.
i'm currently looking into a fix for the existing solution...


-- 
Jörn Nettingsmeier

Kurt is up in heaven now.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org

Re: [FREEZE-ANNOUNCEMENT] 1.4 Release Candidate 1, Attempt 2

Posted by Andreas Hartmann <an...@apache.org>.

Joern Nettingsmeier schrieb:

[...]

> i think this is a really fundamental issue with lenya, and fixing it
> requires very intrusive changes (see my other post)... the way i see it,
> we should do something half-assed and non-intrusive for the RC and aim
> for a clean solution by the time of the hackathon.

OK, that sounds reasonable. What changes are necessary to make it
(kind-of) work for the moment? Do you have the time to take care
of it? I don't have a proxied setup running ATM.

-- Andreas


-- 
Andreas Hartmann, CTO
BeCompany GmbH
http://www.becompany.ch


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org

Re: [FREEZE-ANNOUNCEMENT] 1.4 Release Candidate 1, Attempt 2

Posted by Joern Nettingsmeier <ne...@folkwang-hochschule.de>.

Jörn Nettingsmeier wrote:
> my feelings about that are mixed. on the one hand i'm pretty frustrated 
> that it does not work as is, otoh a clean solution looks like a major 
> rewrite, and i'd hate to see the RC delayed again...
> 
> i wonder: should we declare that feature as broken, remove the ssl 
> checkboxes for now, ignore the proxy settings and provide documentation 
> on how to hack in a global link rewriter xslt for people who need 
> proxying now?
> i'm working on such a beast atm, and while it cannot offer granular ssl 
> like the checkboxes would, it will hopefully work and be self-contained 
> so that it can easily be thrown away when we have a better solution.

the basic functionality is there. all you need to do is add

<map:transform src="fallback://lenya/xslt/util/proxy-hack.xsl">
   <map:parameter name="proxy" value="https://stackingdwarves.net/cms/"/>
</map:transform>

to your publication's sitemap.xmap.

but there is a showstopper: css links need to be rewritten as well. 
which means that this stupid hack gets spread all over the place. bad.

if ssl proxying is just needed for authoring, it's not too bad. i'd 
rather we live with ugly-looking menus than muck up our code in several 
places.

i think this is a really fundamental issue with lenya, and fixing it 
requires very intrusive changes (see my other post)... the way i see it, 
we should do something half-assed and non-intrusive for the RC and aim 
for a clean solution by the time of the hackathon.

wdyt?

-- 
jörn nettingsmeier

home://germany/45128 essen/lortzingstr. 11/
http://spunk.dnsalias.org
phone://+49/201/491621

Kurt is up in Heaven now.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org

Re: [FREEZE-ANNOUNCEMENT] 1.4 Release Candidate 1, Attempt 2

Posted by Jörn Nettingsmeier <ne...@apache.org>.

Andreas Hartmann wrote:
> Andreas Hartmann schrieb:
>> Hi Lenya devs,
>>
>> apart from Joern, nobody commented on my request
>> to cancel the freeze. Joern suggested to start again
>> early this week.
>>
>> So I'm announcing the second code freeze for 1.4 RC 1.
>>
>> It will start in 7 days:
>>
>>   Mon, May 7, 02:00 PM CEST
> 
> I suggest that we postpone the freeze until the SSL issues
> are resolved.
> 
> Any objections?

my feelings about that are mixed. on the one hand i'm pretty frustrated 
that it does not work as is, otoh a clean solution looks like a major 
rewrite, and i'd hate to see the RC delayed again...

i wonder: should we declare that feature as broken, remove the ssl 
checkboxes for now, ignore the proxy settings and provide documentation 
on how to hack in a global link rewriter xslt for people who need 
proxying now?
i'm working on such a beast atm, and while it cannot offer granular ssl 
like the checkboxes would, it will hopefully work and be self-contained 
so that it can easily be thrown away when we have a better solution.

as it is now, i think we should roll a 1.4-dot-zero worthy of the name 
real soon now  :) when it's out the door, we can tackle the growing list 
of 1.4.1 issues.

-- 
Jörn Nettingsmeier

Kurt is up in heaven now.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org