[Building Sakai] Sakai Behind Load Balancer

Jon Gorrono jpgorrono at ucdavis.edu
Tue Apr 19 20:28:32 PDT 2011 

WRT gradebook2 issues .... the HTTPOnly header field in 2.7 will cause
you trouble with gb2 until we fix

https://jira.sakaiproject.org/browse/GRBK-908


2011/4/14 Robert Cohen <robert.cohen at anu.edu.au>:
> We had a similar issue.
>
> We're using apache on the servers proxing to the tomcat by mod_proxy_ajp.
>
> Our first fix for the problem was to terminate the SSL connection at the
> balancer then have the balancer establish a new https connection to the
> server. So the tomcat was still aware that it was a SSL connection it was
> talking to.
>
> But recently I found a different solution.
> We're only using it on the test server at present, but it seems to work.
>
> In the server.xml file, I set up a separate connector on port 8010 with
> properties
> secure="true" scheme="https" proxyPort="443"
>
> The balancer is setup to strip the SSL and send connections that were SSL to
> 8443. The apache listening on 8443 proxies connections on that port to 8010.
>
> The only thing that doesn't work quite correctly is that if the application
> generates a redirect it still redirects to 8443. But the balancer is smart
> enough to catch them and rewrite them back to https.
> And I don't think sakai uses redirects in the normal course of operation.
> Its only our custom front page that uses a redirect so its probably not an
> issue for most people.
>
>
>
> On 14/4/11 5:33 PM, "Juan José Meroño Sánchez" <jjmerono at um.es> wrote:
>
>>   Hi,
>>
>>      I'm testing sakai 2.7.1 behind a load balancer (i'm using pound for
>> testing purposes).
>> Users connects using https but the connection between load balancer and
>> apache web servers are using http,
>> so i'm using the system property "sakai.force.url.secure".
>>
>>      I've obtained some errors accessing applications like Profile2 and
>> SiteStats (made with Wicket) and also in Gradebook2 (made with GWT).
>> I think those errors are motivated by the construction of the url for
>> redirect without considering "sakai.force.url.secure" property, but i'm
>> not sure.
>> Maybe the "rewriteURL" method inside ActiveToolComponent and
>> RequestFilter needs to consider the use of this property.
>>
>>      I would like to know if someone else have Sakai configured with
>> similar structure and if they experimented the same problems or not,
>> or if i've forgoten some configuration.
>>
>> Thanks !!
>
> =======================================
> Robert Cohen
> Information Technology Infrastructure
> Division of Information
> R.G Menzies Building
> Building 2
> The Australian National University
> Canberra ACT 0200 Australia
>
> T: +61 2 6125 8389
> F: +61 2 6125 7699
> http://www.anu.edu.au
>
> CRICOS Provider #00120C
> =======================================
>
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
>



-- 
Jon Gorrono
PGP Key: 0x5434509D -
http{pgp.mit.edu:11371/pks/lookup?search=0x5434509D&op=index}
GSWoT Introducer - {GSWoT:US75 5434509D Jon P. Gorrono <jpgorrono - gswot.org>}
http{sysdev.ucdavis.edu}

More information about the sakai-dev mailing list