A few steps in making my zenoss installation more usefull.
1. Get rid of the localhost.localdomain in alert messages.
Settings -> Daemons -> zenactions -> zopeurl
Put in the full URL as it will be seen and appended to by alert messages. Because I anticipated using SSL my zopeurl looked something like this: https://myserver.name:2345
2. Create a http.conf file for my prxied service
vi /etc/http/conf.d/myserver.name-2345.conf
Listen 0.0.0.0:2345
NameVirtualHost myserver.name:2345
<VirtualHost <http server IP Address>:2345>
ServerName myserver.name
ProxyRequests Off
RewriteEngine on
RewriteLog /var/log/httpd/myserver.name-2345-rewrite_log
RewriteLogLevel 1
SSLEngine On
SSLCACertificateFile /etc/httpd/conf/myserver.name/ssl/ssl-cachain.pem
SSLCertificateFile /etc/httpd/conf/myserver.name/ssl/cert.pem
SSLCertificateKeyFile /etc/httpd/conf/myserver.name/ssl/key.pem
SSLProtocol TLSv1 SSLv3
SSLCipherSuite HIGH
ErrorLog logs/myserver.name-2345-error_log
CustomLog logs/myserver.name-2345-access_log common
SetEnv force-proxy-request-1.0.1
SetEnv proxy-nokeepalive 1
ProxyPass / http://127.0.0.1:8080/VirtualHostBase/https/myserver.name:2345/VirtualHostRoot/
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Files ~ "\.(inc|class)$">
Deny from all
</Files>
</VirtualHost>
Personally I like to keep the .conf file in a single location. I use /etc/http/conf/myserver.name/
In that directory I place my ssl and any related conf files then, from inside the conf.d directory I ln -s ../conf/myserver.name/myserver.name-2345.conf ./
From there I check the conf/myserver.name into a git repo. A note on this. Beware of putting sensitive data like the key file into a shared repository.
So… that’s it. Restart apache and you should be able to hit the secure site.
An easy way to create and manage certs if you are going with self signed is TinyCA2
Props go out to http://jang.blogs.ilrt.org/2009/05/28/zenoss-general-zope-behind-an-apache-proxy/ for the actual URL to redirect to.