[Deploying Sakai] SSL termination, Tomcat, and IP preservation
Seth Theriault
slt at columbia.edu
Mon Oct 3 10:03:36 PDT 2011
Hello,
Recently, Columbia moved to new load-balancing hardware for its
Sakai installation. As part of this move, we also began using the
load-balancer's SSL termination capabilities.
We were confronted with a series of required configuration
modifications for Apache, Tomcat, and Sakai, especially to
correctly log access. Initially, we had to significantly
reconfigure both Tomcat and Sakai to meet about 98% of our goals,
but in the end all of it was rendered moot by using a Tomcat
valve called RemoteIpValve:
http://code.google.com/p/xebia-france/wiki/RemoteIpValve
It's a port of the forthcoming Apache mod_remoteip module to
Tomcat. I discovered it while searching for a way to preserve
remote IPs so that the Online tool shows the right ones (the
remaining 2%).
To implement, you will need to have the load-balancer insert some
headers (which it might be doing already), but other than that
it's straightfoward to setup by following the docs.
If you would like more details, let me know. If there is
significant interest, I will post a summary.
Seth
More information about the production
mailing list