[Building Sakai] Tomcat Connector Question When RUnning Behind a Proxy

Joshua Swink jswink at ucmerced.edu
Mon Aug 26 15:27:17 PDT 2013 

At UC Merced we do not set proxyName in the Tomcat connector - just
proxyPort and scheme. It seems to be working ok.

Josh



On Mon, Aug 26, 2013 at 2:49 PM, Charles Severance <csev at umich.edu> wrote:

> If people run their Tomcat's behind load balancers, do we typically set
> the proxyName and similar values on conf/server.xml or do we just let the
> defaults happen:
>
>     <!-- AJP Connector on port 8009 -->
>     <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
>                maxThreads="1000" minSpareThreads="50" maxSpareThreads="100"
>                maxPostSize="50000000" enableLookups="true"
>
>                proxyName="ctools.umich.edu"
>                proxyPort="443"
>                secure="true"
>                scheme="https"
>
>                tomcatAuthentication="false" URIEncoding="UTF-8" />
>
> If you want to be surprised at a bit of code inside Sakai
> serverUrl(HttpServletRequest req) in this code:
>
>
> https://source.sakaiproject.org/svn//kernel/trunk/api/src/main/java/org/sakaiproject/util/RequestFilter.java
>
> And then the look at getServerUrl() here
>
>
> https://source.sakaiproject.org/svn//kernel/trunk//kernel-impl/src/main/java/org/sakaiproject/component/impl/BasicConfigurationService.java
>
> If you trace all this code through it will become clear to you that when
> we do a
>
> ServerConfigurationService.getServerUrl()
>
> Depending on whether it is a tool, portlet, or servlet, we are actually
> quite likely to get a URL reconstructed from the HTTP request object
> *instead* of the
>
> serverUrl=https://ctools.umich.edu
>
> property from sakai.properties as I best most of us would expect given the
> behavior of most of the other ServerConfigurationService methods.
>
> So my question is whether or not people actively setting proxyName and
> friends in server.xml on their production and staging servers that live
> behind proxies?
>
> At this point I would *not* classify this as a bug per-se - but it does
> seem as though it is important for a Sakai system to function to have
> connectors behind proxies fully configured with the public-faxing proxy
> info.
>
> Or am I just confused.
>
> /Chuck
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20130826/9ae7e561/attachment.html

More information about the sakai-dev mailing list