[Deploying Sakai] SSL termination, Tomcat, and IP preservation

Seth Theriault slt at columbia.edu
Mon Oct 3 10:03:36 PDT 2011


Recently, Columbia moved to new load-balancing hardware for its 
Sakai installation. As part of this move, we also began using the 
load-balancer's SSL termination capabilities.

We were confronted with a series of required configuration 
modifications for Apache, Tomcat, and Sakai, especially to 
correctly log access. Initially, we had to significantly 
reconfigure both Tomcat and Sakai to meet about 98% of our goals, 
but in the end all of it was rendered moot by using a Tomcat 
valve called RemoteIpValve:


It's a port of the forthcoming Apache mod_remoteip module to 
Tomcat. I discovered it while searching for a way to preserve 
remote IPs so that the Online tool shows the right ones (the 
remaining 2%).

To implement, you will need to have the load-balancer insert some 
headers (which it might be doing already), but other than that 
it's straightfoward to setup by following the docs.

If you would like more details, let me know. If there is 
significant interest, I will post a summary.


More information about the production mailing list