[Building Sakai] Tomcat Connector Question When RUnning Behind a Proxy
Joshua Swink
jswink at ucmerced.edu
Mon Aug 26 15:27:17 PDT 2013
At UC Merced we do not set proxyName in the Tomcat connector - just
proxyPort and scheme. It seems to be working ok.
Josh
On Mon, Aug 26, 2013 at 2:49 PM, Charles Severance <csev at umich.edu> wrote:
> If people run their Tomcat's behind load balancers, do we typically set
> the proxyName and similar values on conf/server.xml or do we just let the
> defaults happen:
>
> <!-- AJP Connector on port 8009 -->
> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
> maxThreads="1000" minSpareThreads="50" maxSpareThreads="100"
> maxPostSize="50000000" enableLookups="true"
>
> proxyName="ctools.umich.edu"
> proxyPort="443"
> secure="true"
> scheme="https"
>
> tomcatAuthentication="false" URIEncoding="UTF-8" />
>
> If you want to be surprised at a bit of code inside Sakai
> serverUrl(HttpServletRequest req) in this code:
>
>
> https://source.sakaiproject.org/svn//kernel/trunk/api/src/main/java/org/sakaiproject/util/RequestFilter.java
>
> And then the look at getServerUrl() here
>
>
> https://source.sakaiproject.org/svn//kernel/trunk//kernel-impl/src/main/java/org/sakaiproject/component/impl/BasicConfigurationService.java
>
> If you trace all this code through it will become clear to you that when
> we do a
>
> ServerConfigurationService.getServerUrl()
>
> Depending on whether it is a tool, portlet, or servlet, we are actually
> quite likely to get a URL reconstructed from the HTTP request object
> *instead* of the
>
> serverUrl=https://ctools.umich.edu
>
> property from sakai.properties as I best most of us would expect given the
> behavior of most of the other ServerConfigurationService methods.
>
> So my question is whether or not people actively setting proxyName and
> friends in server.xml on their production and staging servers that live
> behind proxies?
>
> At this point I would *not* classify this as a bug per-se - but it does
> seem as though it is important for a Sakai system to function to have
> connectors behind proxies fully configured with the public-faxing proxy
> info.
>
> Or am I just confused.
>
> /Chuck
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20130826/9ae7e561/attachment.html
More information about the sakai-dev
mailing list