[Deploying Sakai] Sakai over HTTPS + HAPROXY
Sam Ottenhoff
ottenhoff at longsight.com
Wed Jan 21 08:15:02 PST 2015
X-Forwarded-Proto set to HTTPS is the key.
https://confluence.sakaiproject.org/display/DOC/Sakai+Admin+Guide+-+Advanced+Tomcat++%28and+Apache%29+Configuration
Commenting our your IPs make this more difficult to debug. Are your Tomcat
IPs referenced in HAproxy on a public or private network?
On Wed, Jan 21, 2015 at 11:12 AM, Miguel Carro Pellicer <
mcarro at entornosdeformacion.com> wrote:
> Hi Subscribers,
>
> Are someone using Sakai over HTTPS using HAPROXY? I have a weird problem
> with this configuration, some tools are not rendering properly because says
> they are under HTTP, despite the iframe is loaded under HTTPS....
>
> The tools are gradebook, sections, chat, site-manage-participants,
> sitestats, sections....and some developed by myself using Wicket 6. I
> configured force.url.secure=443 and all the URLs are over HTTPS.
>
> The problem is because we're trying to use HAPROXY as webserver, the
> connection between users and HAPROXY is over HTTPS, then HAPROXY
> communicates with tomcat using HTTP.
>
> Here is the HA configuration:
>
> # BALANCER HTTPS LOGS
> frontend https
> bind X.X.X.X:443 ssl crt /etc/ssl/private/X.pem
> option dontlognull
> reqadd X-Forwarded-Proto:\ https
> default_backend sakai_https
> use_backend sakai_https if { ssl_fc_sni XXXXX }
> use_backend sakai_https if { ssl_fc_sni XXXXX }
> backend sakai_https
> mode http
> #http-request set-header X-Forwarded-Proto https if { ssl_fc }
> #http-request set-header X-Forwarded-Proto https if !{ ssl_fc }
> redirect scheme https if !{ ssl_fc }
> balance source
> option http-server-close
> option forwardfor header X-Real-IP
> timeout connect 30000
> timeout server 30000
> rspirep ^Location:\ http://(.*):80(.*) Location:\ https://\1:443\2
> rspirep ^(set-cookie:.*) \1;\ Secure
> retries 2
> option httpchk HEAD /content/monty/3e3e4r5tw.html HTTP/1.0
> server sakai01 X.X.X.X:8080 check inter 5000
> server sakai02 X.X.X.X:8080 check inter 50000
>
>
>
> Thanks for any help, Miguel
>
> --
> [image: Logo]
>
> Miguel Carro Pellicer
> <http://es.linkedin.com/pub/miguel-carro-pellicer/38/502/b92>
> *CTO Entornos de Formación S.L.*
>
> Phone: +34 - 686266485
> Email: mcarro at entornosdeformacion.com
>
> No me imprimas si no es necesario. Protejamos el medio ambiente
>
>
> AVISO LEGAL: El contenido de este mensaje de correo electrónico, incluidos
> los ficheros adjuntos, es confidencial y está protegido por el artículo
> 18.3 de la Constitución Española, que garantiza el secreto de las
> comunicaciones.
> Si usted recibe este mensaje por error, por favor póngase en contacto con
> el remitente para informarle de este hecho, y no difunda su contenido ni
> haga copias.
> *** Este mensaje ha sido verificado con herramientas de eliminación de
> virus y contenido malicioso ***
> Este aviso legal ha sido incorporado automáticamente al mensaje.
>
> _______________________________________________
> production mailing list
> production at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/production
>
> TO UNSUBSCRIBE: send email to
> production-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/production/attachments/20150121/a4a06ece/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: linkedin.jpg
Type: image/jpeg
Size: 1103 bytes
Desc: not available
Url : http://collab.sakaiproject.org/pipermail/production/attachments/20150121/a4a06ece/attachment-0002.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: entornos_logo.jpg
Type: image/jpeg
Size: 8726 bytes
Desc: not available
Url : http://collab.sakaiproject.org/pipermail/production/attachments/20150121/a4a06ece/attachment-0003.jpg
More information about the production
mailing list