You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lenya.apache.org by Andreas Hartmann <an...@apache.org> on 2007/05/07 15:12:57 UTC
Re: [FREEZE-ANNOUNCEMENT] 1.4 Release Candidate 1, Attempt 2
Andreas Hartmann schrieb:
> Hi Lenya devs,
>
> apart from Joern, nobody commented on my request
> to cancel the freeze. Joern suggested to start again
> early this week.
>
> So I'm announcing the second code freeze for 1.4 RC 1.
>
> It will start in 7 days:
>
> Mon, May 7, 02:00 PM CEST
I suggest that we postpone the freeze until the SSL issues
are resolved.
Any objections?
-- Andreas
--
Andreas Hartmann, CTO
BeCompany GmbH
http://www.becompany.ch
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org
Re: SSL and proxy [WAS: Re: [FREEZE-ANNOUNCEMENT] 1.4 Release Candidate
1, Attempt 2]
Posted by Joern Nettingsmeier <ne...@folkwang-hochschule.de>.
Michael Wechner wrote:
> Joern Nettingsmeier wrote:
>
>> Richard Frovarp wrote:
>>
>>> Andreas Hartmann wrote:
>>>
>>>> Joern Nettingsmeier schrieb:
>>>>
>>>> [...]
>>>>
>>>>
>>>>
>>>>> i think this is a really fundamental issue with lenya, and fixing it
>>>>> requires very intrusive changes (see my other post)... the way i
>>>>> see it,
>>>>> we should do something half-assed and non-intrusive for the RC and aim
>>>>> for a clean solution by the time of the hackathon.
>>>>>
>>>>
>>>>
>>>> OK, that sounds reasonable. What changes are necessary to make it
>>>> (kind-of) work for the moment? Do you have the time to take care
>>>> of it? I don't have a proxied setup running ATM.
>>>>
>>>> -- Andreas
>>>>
>>>>
>>>>
>>>
>>> It does kind of work at the moment. The only caveat is if you have
>>> the editing under SSL you have to base it at the root level
>>>
>>> https://example.com/default/authoring
>>
>>
>> which is a bummer, because, as remarked in another thread, you cannot
>> use name-based virtual hosting together with ssl.
>
> I am not sure I understand correctly what you mean.
>
> I think one can setup a name based vhost for 80 and another name based
> vhost for 443 (with the same name but different port) and then point
> from these two vhosts to the same Tomcat either pointing
>
> 80 -> 8080 and 443 -> 8080
>
> or
>
> 80 -> 8080 and 443 ->8443
>
> for instance. Or do I misunderstand something?
consider a web server with multiple name-based virtual webservers.
a few are using lenya. to clean up the urls, an apache proxy is used and
lenya is configured accordingly. so localhost:8888/client-site1/live
will become www.foo.com, and localhost:8888/client-site2/live will be
www.bar.com.
for security reasons, i want authoring to be ssl-protected.
it is not possible to use name-based virtual hosting with ssl. so i can
only have one ssl vhost, https://www.baz.com.
since it's just authoring, weird urls are not a problem, so the obvious
approach is to map localhost:8888/client-site1/authoring to
https://www.baz.com/lenya/client-site1/authoring and so on.
unfortunately, this does not work. proxy support is broken. the
workaround is to put it into the root context,
https://www.baz.com/client-site1/authoring, which works because most
links are absolute but omit the protocol and host.
problem is that this interferes with the ssl root namespace - people may
be doing a lot of other stuff on their ssl host, and hogging the root
may not be an option...
--
jörn nettingsmeier
home://germany/45128 essen/lortzingstr. 11/
http://spunk.dnsalias.org
phone://+49/201/491621
Kurt is up in Heaven now.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org
SSL and proxy [WAS: Re: [FREEZE-ANNOUNCEMENT] 1.4 Release Candidate
1, Attempt 2]
Posted by Michael Wechner <mi...@wyona.com>.
Joern Nettingsmeier wrote:
> Richard Frovarp wrote:
>
>> Andreas Hartmann wrote:
>>
>>> Joern Nettingsmeier schrieb:
>>>
>>> [...]
>>>
>>>
>>>
>>>> i think this is a really fundamental issue with lenya, and fixing it
>>>> requires very intrusive changes (see my other post)... the way i
>>>> see it,
>>>> we should do something half-assed and non-intrusive for the RC and aim
>>>> for a clean solution by the time of the hackathon.
>>>>
>>>
>>>
>>> OK, that sounds reasonable. What changes are necessary to make it
>>> (kind-of) work for the moment? Do you have the time to take care
>>> of it? I don't have a proxied setup running ATM.
>>>
>>> -- Andreas
>>>
>>>
>>>
>>
>> It does kind of work at the moment. The only caveat is if you have
>> the editing under SSL you have to base it at the root level
>>
>> https://example.com/default/authoring
>
>
> which is a bummer, because, as remarked in another thread, you cannot
> use name-based virtual hosting together with ssl.
I am not sure I understand correctly what you mean.
I think one can setup a name based vhost for 80 and another name based
vhost for 443 (with the same name but different port) and then point
from these two vhosts to the same Tomcat either pointing
80 -> 8080 and 443 -> 8080
or
80 -> 8080 and 443 ->8443
for instance. Or do I misunderstand something?
Cheers
Michael
> which means the lenya deployment will interfere with existing stuff....
>
--
Michael Wechner
Wyona - Open Source Content Management - Apache Lenya
http://www.wyona.com http://lenya.apache.org
michael.wechner@wyona.com michi@apache.org
+41 44 272 91 61
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org
Re: [FREEZE-ANNOUNCEMENT] 1.4 Release Candidate 1, Attempt 2
Posted by Joern Nettingsmeier <ne...@folkwang-hochschule.de>.
Richard Frovarp wrote:
> Andreas Hartmann wrote:
>> Joern Nettingsmeier schrieb:
>>
>> [...]
>>
>>
>>> i think this is a really fundamental issue with lenya, and fixing it
>>> requires very intrusive changes (see my other post)... the way i see it,
>>> we should do something half-assed and non-intrusive for the RC and aim
>>> for a clean solution by the time of the hackathon.
>>>
>>
>> OK, that sounds reasonable. What changes are necessary to make it
>> (kind-of) work for the moment? Do you have the time to take care
>> of it? I don't have a proxied setup running ATM.
>>
>> -- Andreas
>>
>>
>>
> It does kind of work at the moment. The only caveat is if you have the
> editing under SSL you have to base it at the root level
>
> https://example.com/default/authoring
which is a bummer, because, as remarked in another thread, you cannot
use name-based virtual hosting together with ssl. which means the lenya
deployment will interfere with existing stuff....
--
jörn nettingsmeier
home://germany/45128 essen/lortzingstr. 11/
http://spunk.dnsalias.org
phone://+49/201/491621
Kurt is up in Heaven now.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org
Re: [FREEZE-ANNOUNCEMENT] 1.4 Release Candidate 1, Attempt 2
Posted by Richard Frovarp <Ri...@sendit.nodak.edu>.
Andreas Hartmann wrote:
> Joern Nettingsmeier schrieb:
>
> [...]
>
>
>> i think this is a really fundamental issue with lenya, and fixing it
>> requires very intrusive changes (see my other post)... the way i see it,
>> we should do something half-assed and non-intrusive for the RC and aim
>> for a clean solution by the time of the hackathon.
>>
>
> OK, that sounds reasonable. What changes are necessary to make it
> (kind-of) work for the moment? Do you have the time to take care
> of it? I don't have a proxied setup running ATM.
>
> -- Andreas
>
>
>
It does kind of work at the moment. The only caveat is if you have the
editing under SSL you have to base it at the root level
https://example.com/default/authoring
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org
Re: [FREEZE-ANNOUNCEMENT] 1.4 Release Candidate 1, Attempt 2
Posted by Jörn Nettingsmeier <ne...@apache.org>.
Andreas Hartmann wrote:
> Joern Nettingsmeier schrieb:
>
> [...]
>
>> i think this is a really fundamental issue with lenya, and fixing it
>> requires very intrusive changes (see my other post)... the way i see it,
>> we should do something half-assed and non-intrusive for the RC and aim
>> for a clean solution by the time of the hackathon.
>
> OK, that sounds reasonable. What changes are necessary to make it
> (kind-of) work for the moment? Do you have the time to take care
> of it? I don't have a proxied setup running ATM.
i have a stylesheet here that will munge src and href attributes. but in
order to make it work for css as well, it will have to be included all
over the place. not nice.
i'm currently looking into a fix for the existing solution...
--
Jörn Nettingsmeier
Kurt is up in heaven now.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org
Re: [FREEZE-ANNOUNCEMENT] 1.4 Release Candidate 1, Attempt 2
Posted by Andreas Hartmann <an...@apache.org>.
Joern Nettingsmeier schrieb:
[...]
> i think this is a really fundamental issue with lenya, and fixing it
> requires very intrusive changes (see my other post)... the way i see it,
> we should do something half-assed and non-intrusive for the RC and aim
> for a clean solution by the time of the hackathon.
OK, that sounds reasonable. What changes are necessary to make it
(kind-of) work for the moment? Do you have the time to take care
of it? I don't have a proxied setup running ATM.
-- Andreas
--
Andreas Hartmann, CTO
BeCompany GmbH
http://www.becompany.ch
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org
Re: [FREEZE-ANNOUNCEMENT] 1.4 Release Candidate 1, Attempt 2
Posted by Joern Nettingsmeier <ne...@folkwang-hochschule.de>.
Jörn Nettingsmeier wrote:
> my feelings about that are mixed. on the one hand i'm pretty frustrated
> that it does not work as is, otoh a clean solution looks like a major
> rewrite, and i'd hate to see the RC delayed again...
>
> i wonder: should we declare that feature as broken, remove the ssl
> checkboxes for now, ignore the proxy settings and provide documentation
> on how to hack in a global link rewriter xslt for people who need
> proxying now?
> i'm working on such a beast atm, and while it cannot offer granular ssl
> like the checkboxes would, it will hopefully work and be self-contained
> so that it can easily be thrown away when we have a better solution.
the basic functionality is there. all you need to do is add
<map:transform src="fallback://lenya/xslt/util/proxy-hack.xsl">
<map:parameter name="proxy" value="https://stackingdwarves.net/cms/"/>
</map:transform>
to your publication's sitemap.xmap.
but there is a showstopper: css links need to be rewritten as well.
which means that this stupid hack gets spread all over the place. bad.
if ssl proxying is just needed for authoring, it's not too bad. i'd
rather we live with ugly-looking menus than muck up our code in several
places.
i think this is a really fundamental issue with lenya, and fixing it
requires very intrusive changes (see my other post)... the way i see it,
we should do something half-assed and non-intrusive for the RC and aim
for a clean solution by the time of the hackathon.
wdyt?
--
jörn nettingsmeier
home://germany/45128 essen/lortzingstr. 11/
http://spunk.dnsalias.org
phone://+49/201/491621
Kurt is up in Heaven now.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org
Re: [FREEZE-ANNOUNCEMENT] 1.4 Release Candidate 1, Attempt 2
Posted by Jörn Nettingsmeier <ne...@apache.org>.
Andreas Hartmann wrote:
> Andreas Hartmann schrieb:
>> Hi Lenya devs,
>>
>> apart from Joern, nobody commented on my request
>> to cancel the freeze. Joern suggested to start again
>> early this week.
>>
>> So I'm announcing the second code freeze for 1.4 RC 1.
>>
>> It will start in 7 days:
>>
>> Mon, May 7, 02:00 PM CEST
>
> I suggest that we postpone the freeze until the SSL issues
> are resolved.
>
> Any objections?
my feelings about that are mixed. on the one hand i'm pretty frustrated
that it does not work as is, otoh a clean solution looks like a major
rewrite, and i'd hate to see the RC delayed again...
i wonder: should we declare that feature as broken, remove the ssl
checkboxes for now, ignore the proxy settings and provide documentation
on how to hack in a global link rewriter xslt for people who need
proxying now?
i'm working on such a beast atm, and while it cannot offer granular ssl
like the checkboxes would, it will hopefully work and be self-contained
so that it can easily be thrown away when we have a better solution.
as it is now, i think we should roll a 1.4-dot-zero worthy of the name
real soon now :) when it's out the door, we can tackle the growing list
of 1.4.1 issues.
--
Jörn Nettingsmeier
Kurt is up in heaven now.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org