[Deploying Sakai] So Close

Steve Swinsburg steve.swinsburg at gmail.com
Thu Apr 7 19:11:23 PDT 2011


Ah yeah, that setup I wrote about was for a local dev box which I didn't want anyone to access except localhost. 'Allow from all' would do the trick.

cheers,
steve


On 08/04/2011, at 2:53 AM, Larry Dougher wrote:

> Okay Got IT!  I changed my ajo.conf to this:
> 
> ProxyRequests Off
> <Proxy *>
>         Order deny,allow
>         #Deny from all
>         Allow from internalip
> </Proxy>
> ProxyPass 		/ ajp://internalip:8009/
> ProxyPassReverse 	/ ajp://internalip:8009/
> 
> And now as you can see if you go to http://sakai.windsorschools.net/portal it works :)
> 
> Now who wants to help me with SSL?!
> 
> Thanks,
> 
> Larry Dougher
> Technology Coordinator / ACSP 10.6 / ACMT
> Windsor Southeast Supervisory Union
> 
> 
> 
> On Thu, Apr 7, 2011 at 12:44 PM, Larry Dougher <ldougher at windsorschools.net> wrote:
> Like this?:
> 
> ProxyRequests Off
> <Proxy *>
>         Order deny,allow
>         #Deny from all
>         Allow from all
> </Proxy>
> ProxyPass 		/ ajp://sakai.windsorschools.net:8009/
> ProxyPassReverse 	/ ajp://sakai.windsorschools.net:8009/
> 
> When I did the above I know get a different error message at http://sakai.windsorschools.net or http://sakai.windsorschools.net/portal
> 
> Thanks,
> 
> Larry Dougher
> Technology Coordinator / ACSP 10.6 / ACMT
> Windsor Southeast Supervisory Union
> 
> 
> 
> On Thu, Apr 7, 2011 at 12:27 PM, Mike De Simone <michael.desimone at rsmart.com> wrote:
> I would comment it out & save for maintenance periods.  You can change the allow from clause to include LAN ip's only, like : 'Allow from 192.168' or something like that.
> 
>  
> 
> Thanks,
> 
> -------------------------------
> Mike DeSimone
> Lead Systems Engineer
> rSmart | 602-490-0473
> 
> 
> On Thu, Apr 7, 2011 at 09:23, Larry Dougher <ldougher at windsorschools.net> wrote:
> Interesting Mike, so should I delete that entire line or just "deny from all, allow from localhost"?
> 
> 
> Thanks,
> 
> Larry Dougher
> Technology Coordinator / ACSP 10.6 / ACMT
> Windsor Southeast Supervisory Union
> 
> 
> 
> On Thu, Apr 7, 2011 at 12:22 PM, Mike De Simone <michael.desimone at rsmart.com> wrote:
> The way I am reading the apache documentation here: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxy
> 
> says to me that the "Proxy *, deny from all, allow from localhost" is preventing all access.  When I set up mod_proxy with load balancing, I don't have that clause because I need to allow web traffic from anywhere on the internet.  When I put the server into maintenance mode, I enable that clause to allow specific IPs into the system, but not the public (students) at large.
> 
> My understanding is at odds with what Steve has written in the wiki.  
> 
> 
> Thanks,
> 
> -------------------------------
> Mike DeSimone
> Lead Systems Engineer
> rSmart | 602-490-0473
> 
> 
> On Thu, Apr 7, 2011 at 08:54, Larry Dougher <ldougher at windsorschools.net> wrote:
> Thanks Mike, I have attached my httpd.conf and ajp.conf.  Does anything proxy-wise jump out to you as wrong?
> 
> 
> Thanks,
> 
> Larry Dougher
> Technology Coordinator / ACSP 10.6 / ACMT
> Windsor Southeast Supervisory Union
> 
> 
> 
> On Thu, Apr 7, 2011 at 11:48 AM, Mike De Simone <michael.desimone at rsmart.com> wrote:
> Hi Larry,
> 
> I see 2 issues here.  The first message to me means that the URI of /portal was not being passed to tomcat for some reason and was only being handled by apache.  So you'd have to double check the proxy setup to ensure all traffic gets back to tomcat for processing.
> 
> The second error seems to indicate that the directory that apache's error documents are in may somehow not be accessible/readable by apache (not sure why, seems strange).
>  
> 
> Thanks,
> 
> -------------------------------
> Mike DeSimone
> Lead Systems Engineer
> rSmart | 602-490-0473
> 
> 
> On Thu, Apr 7, 2011 at 04:18, Larry Dougher <ldougher at windsorschools.net> wrote:
> Hello all,
> 
> So, I have successfully used the mod_proxy fix so that apache is listening on port 80 (following Swinsburg's great documentation).  However, as you can see if you click on http://sakai.windsorschools.net or http://sakai.windsorschools.net/portal there is a permissions error.  I think it is a chmod fix but I don't know the exact command to use or the directory(ies) I need to use it in.  Any help would be greatly appreciated (I have restarted apache and tomcat to no avail). 
> 
> Thanks,
> 
> Larry Dougher
> Technology Coordinator / ACSP 10.6 / ACMT
> Windsor Southeast Supervisory Union
> 
> 
> _______________________________________________
> production mailing list
> production at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/production
> 
> TO UNSUBSCRIBE: send email to production-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> production mailing list
> production at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/production
> 
> TO UNSUBSCRIBE: send email to production-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/production/attachments/20110408/efb80398/attachment.html 


More information about the production mailing list