[Deploying Sakai] Proxying through Apache

Paul Gibbs pgibbsjr at hotmail.com
Tue Jun 23 13:18:37 PDT 2009

Also--I failed to mention in my last e-mail that, in addition to the modification to the default-ssl file, I used Dave's server.xml example below (cut-and-paste) and made the name change in both that file and sakai.properties. His observation about scheme="https" probably should be a point of discussion at some point with whoever is maintaining the Sakai documention.

> Subject: RE: [Deploying Sakai] Proxying through Apache
> Date: Tue, 23 Jun 2009 10:07:16 -0400
> From: da1 at vt.edu
> To: pgibbsjr at hotmail.com; production at collab.sakaiproject.org
> On each of our app servers we run Tomcat behind httpd using mod_proxy.
> (We load balance the servers behind a BIG-IP, but that doesn't change
> the configuration meaningfully.) I prefer mod_proxy because the httpd
> config is a lot simpler, but honestly Tomcat and Sakai are designed to
> use mod_jk for connectivity. Mod_proxy still works, though. Here's our
> config.
> Tomcat runs on 8080 and only listens for connections on the loopback
> interface. Here's the *entire* Tomcat server.xml:
> -----
> <?xml version="1.0" encoding="UTF-8"?>
> <Server port="8005" shutdown="SHUTDOWN">
>   <Service name="Catalina">
>     <Connector port="8080" enableLookups="false" URIEncoding="UTF-8"
>                proxyName="scholar.vt.edu" proxyPort="443"
>                scheme="https" address="localhost"
>                maxThreads="150" />
>     <Engine name="Catalina" defaultHost="localhost">
>       <Host name="localhost" appBase="webapps" />
>     </Engine>
>   </Service>
> </Server>
> -----
> We don't have Tomcat running the SSL for us. But, there are some
> important settings in there. proxyName and proxyPort in particular have
> to be set to the correct public values. 'address="localhost"' binds us
> to only accept locally sourced connections. And here's the key to
> working with Sakai using mod_proxy on httpd without enabling SSL on
> Tomcat: 'scheme="https"', but *not* 'secure="true"'.
> If you've found the docs about "force.url.secure=443" etc, ignore those,
> that only fixes a couple of things. Sakai is very flaky about writing
> self-referent URLs (that's partially, but not all, Tomcat's fault). But
> if you set scheme="https" and set your serverUrl property in
> sakai.properties, everything should work.
> Then, we have httpd listening with SSL on port 8043 and handling a few
> rewrites and request logging. But here's the essential httpd config that
> you could just drop at the end of the default config and it should work:
> -----
> ProxyPass / http://localhost:8080/
> ProxyPassReverse / http://localhost:8080/
> -----
> If you need to exclude any paths from the proxy (ie stuff you want
> hosted by Apache) you can just include a line like this *before* the
> ProxyPass line above:
> ProxyPass /apachehostedpath !
> Then if you set serverUrl in your sakai.properties to whatever the real
> endpoint is:
> -----
> serverUrl=https://scholar.vt.edu
> -----
> If you still have trouble, I suggest breaking it down into each part of
> the puzzle and making sure you can make each piece work independently of
> the others and in each possible pairing. Then if you can identify the
> pieces that are giving you trouble, we can probably provide more
> focussed advice.
> David Adams
> Director of Systems Integration and Support
> Virginia Tech Learning Technologies
> > -----Original Message-----
> > From: production-bounces at collab.sakaiproject.org [mailto:production-
> > bounces at collab.sakaiproject.org] On Behalf Of Paul Gibbs
> > Sent: Tuesday, June 23, 2009 9:30 AM
> > To: production at collab.sakaiproject.org
> > Subject: [Deploying Sakai] Proxying through Apache
> > 
> > Does anyone have any advice on configuring Sakai with Apache? I have
> > had a hard time getting the resources I've found online to work for
> me.
> > 
> > Ultimately, what I'd like to do is run Apache as a front-end for Sakai
> > on the same machine and have users log in via 443. Is this how most of
> > you are currently set up?
> > 
> > Thank you!
> > 
> > Paul Gibbs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/production/attachments/20090623/015f6f23/attachment-0001.html 

More information about the production mailing list