[Deploying Sakai] SSL termination, Tomcat, and IP preservation
Sam Ottenhoff
ottenhoff at longsight.com
Mon Oct 3 10:12:53 PDT 2011
Yes, I use it too. Also, I think the RemoteIpValve is built into Tomcat 6
and above: no need for adding in the Xebia JAR.
--Sam
On Mon, Oct 3, 2011 at 1:03 PM, Seth Theriault <slt at columbia.edu> wrote:
> Hello,
>
> Recently, Columbia moved to new load-balancing hardware for its
> Sakai installation. As part of this move, we also began using the
> load-balancer's SSL termination capabilities.
>
> We were confronted with a series of required configuration
> modifications for Apache, Tomcat, and Sakai, especially to
> correctly log access. Initially, we had to significantly
> reconfigure both Tomcat and Sakai to meet about 98% of our goals,
> but in the end all of it was rendered moot by using a Tomcat
> valve called RemoteIpValve:
>
> http://code.google.com/p/xebia-france/wiki/RemoteIpValve
>
> It's a port of the forthcoming Apache mod_remoteip module to
> Tomcat. I discovered it while searching for a way to preserve
> remote IPs so that the Online tool shows the right ones (the
> remaining 2%).
>
> To implement, you will need to have the load-balancer insert some
> headers (which it might be doing already), but other than that
> it's straightfoward to setup by following the docs.
>
> If you would like more details, let me know. If there is
> significant interest, I will post a summary.
>
> Seth
> _______________________________________________
> production mailing list
> production at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/production
>
> TO UNSUBSCRIBE: send email to
> production-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/production/attachments/20111003/0e6d0ffb/attachment.html
More information about the production
mailing list