[Deploying Sakai] Proxying through Apache
pgibbsjr at hotmail.com
Tue Jun 23 13:13:19 PDT 2009
BTW: Can anyone think of any reason why I would need anything served by Sakai available via port 80? Based on the configuration I described in my prior message, Sakai is only proxied on port 443.
> Subject: RE: [Deploying Sakai] Proxying through Apache
> Date: Tue, 23 Jun 2009 10:07:16 -0400
> From: da1 at vt.edu
> To: pgibbsjr at hotmail.com; production at collab.sakaiproject.org
> On each of our app servers we run Tomcat behind httpd using mod_proxy.
> (We load balance the servers behind a BIG-IP, but that doesn't change
> the configuration meaningfully.) I prefer mod_proxy because the httpd
> config is a lot simpler, but honestly Tomcat and Sakai are designed to
> use mod_jk for connectivity. Mod_proxy still works, though. Here's our
> Tomcat runs on 8080 and only listens for connections on the loopback
> interface. Here's the *entire* Tomcat server.xml:
> <?xml version="1.0" encoding="UTF-8"?>
> <Server port="8005" shutdown="SHUTDOWN">
> <Service name="Catalina">
> <Connector port="8080" enableLookups="false" URIEncoding="UTF-8"
> proxyName="scholar.vt.edu" proxyPort="443"
> scheme="https" address="localhost"
> maxThreads="150" />
> <Engine name="Catalina" defaultHost="localhost">
> <Host name="localhost" appBase="webapps" />
> We don't have Tomcat running the SSL for us. But, there are some
> important settings in there. proxyName and proxyPort in particular have
> to be set to the correct public values. 'address="localhost"' binds us
> to only accept locally sourced connections. And here's the key to
> working with Sakai using mod_proxy on httpd without enabling SSL on
> Tomcat: 'scheme="https"', but *not* 'secure="true"'.
> If you've found the docs about "force.url.secure=443" etc, ignore those,
> that only fixes a couple of things. Sakai is very flaky about writing
> self-referent URLs (that's partially, but not all, Tomcat's fault). But
> if you set scheme="https" and set your serverUrl property in
> sakai.properties, everything should work.
> Then, we have httpd listening with SSL on port 8043 and handling a few
> rewrites and request logging. But here's the essential httpd config that
> you could just drop at the end of the default config and it should work:
> ProxyPass / http://localhost:8080/
> ProxyPassReverse / http://localhost:8080/
> If you need to exclude any paths from the proxy (ie stuff you want
> hosted by Apache) you can just include a line like this *before* the
> ProxyPass line above:
> ProxyPass /apachehostedpath !
> Then if you set serverUrl in your sakai.properties to whatever the real
> endpoint is:
> If you still have trouble, I suggest breaking it down into each part of
> the puzzle and making sure you can make each piece work independently of
> the others and in each possible pairing. Then if you can identify the
> pieces that are giving you trouble, we can probably provide more
> focussed advice.
> David Adams
> Director of Systems Integration and Support
> Virginia Tech Learning Technologies
> > -----Original Message-----
> > From: production-bounces at collab.sakaiproject.org [mailto:production-
> > bounces at collab.sakaiproject.org] On Behalf Of Paul Gibbs
> > Sent: Tuesday, June 23, 2009 9:30 AM
> > To: production at collab.sakaiproject.org
> > Subject: [Deploying Sakai] Proxying through Apache
> > Does anyone have any advice on configuring Sakai with Apache? I have
> > had a hard time getting the resources I've found online to work for
> > Ultimately, what I'd like to do is run Apache as a front-end for Sakai
> > on the same machine and have users log in via 443. Is this how most of
> > you are currently set up?
> > Thank you!
> > Paul Gibbs
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the production