[Deploying Sakai] SSL termination, Tomcat, and IP preservation

Sam Ottenhoff ottenhoff at longsight.com
Mon Oct 3 10:12:53 PDT 2011

Yes, I use it too.  Also, I think the RemoteIpValve is built into Tomcat 6
and above: no need for adding in the Xebia JAR.


On Mon, Oct 3, 2011 at 1:03 PM, Seth Theriault <slt at columbia.edu> wrote:

> Hello,
> Recently, Columbia moved to new load-balancing hardware for its
> Sakai installation. As part of this move, we also began using the
> load-balancer's SSL termination capabilities.
> We were confronted with a series of required configuration
> modifications for Apache, Tomcat, and Sakai, especially to
> correctly log access. Initially, we had to significantly
> reconfigure both Tomcat and Sakai to meet about 98% of our goals,
> but in the end all of it was rendered moot by using a Tomcat
> valve called RemoteIpValve:
> http://code.google.com/p/xebia-france/wiki/RemoteIpValve
> It's a port of the forthcoming Apache mod_remoteip module to
> Tomcat. I discovered it while searching for a way to preserve
> remote IPs so that the Online tool shows the right ones (the
> remaining 2%).
> To implement, you will need to have the load-balancer insert some
> headers (which it might be doing already), but other than that
> it's straightfoward to setup by following the docs.
> If you would like more details, let me know. If there is
> significant interest, I will post a summary.
> Seth
> _______________________________________________
> production mailing list
> production at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/production
> TO UNSUBSCRIBE: send email to
> production-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/production/attachments/20111003/0e6d0ffb/attachment.html 

More information about the production mailing list