[Building Sakai] Sakai Behind Load Balancer

Robert Cohen robert.cohen at anu.edu.au
Thu Apr 14 19:25:25 PDT 2011 

We had a similar issue.

We're using apache on the servers proxing to the tomcat by mod_proxy_ajp.

Our first fix for the problem was to terminate the SSL connection at the
balancer then have the balancer establish a new https connection to the
server. So the tomcat was still aware that it was a SSL connection it was
talking to.

But recently I found a different solution.
We're only using it on the test server at present, but it seems to work.

In the server.xml file, I set up a separate connector on port 8010 with
properties
secure="true" scheme="https" proxyPort="443"

The balancer is setup to strip the SSL and send connections that were SSL to
8443. The apache listening on 8443 proxies connections on that port to 8010.

The only thing that doesn't work quite correctly is that if the application
generates a redirect it still redirects to 8443. But the balancer is smart
enough to catch them and rewrite them back to https.
And I don't think sakai uses redirects in the normal course of operation.
Its only our custom front page that uses a redirect so its probably not an
issue for most people.



On 14/4/11 5:33 PM, "Juan José Meroño Sánchez" <jjmerono at um.es> wrote:

>   Hi,
> 
>      I'm testing sakai 2.7.1 behind a load balancer (i'm using pound for
> testing purposes).
> Users connects using https but the connection between load balancer and
> apache web servers are using http,
> so i'm using the system property "sakai.force.url.secure".
> 
>      I've obtained some errors accessing applications like Profile2 and
> SiteStats (made with Wicket) and also in Gradebook2 (made with GWT).
> I think those errors are motivated by the construction of the url for
> redirect without considering "sakai.force.url.secure" property, but i'm
> not sure.
> Maybe the "rewriteURL" method inside ActiveToolComponent and
> RequestFilter needs to consider the use of this property.
> 
>      I would like to know if someone else have Sakai configured with
> similar structure and if they experimented the same problems or not,
> or if i've forgoten some configuration.
> 
> Thanks !!

=======================================
Robert Cohen
Information Technology Infrastructure
Division of Information
R.G Menzies Building
Building 2
The Australian National University
Canberra ACT 0200 Australia
 
T: +61 2 6125 8389
F: +61 2 6125 7699
http://www.anu.edu.au
 
CRICOS Provider #00120C
=======================================

More information about the sakai-dev mailing list