[Building Sakai] Sakai with SSL

Bogdan Mariesan Bogdan.Mariesan at isdc.eu
Tue Jan 8 23:54:46 PST 2013 

Hi Charles,

I’ve setup a very similar configuration as the one bellow but the problem is that the wicket tools and one or two of the other tools are not working with this configuration.
I’ve redefined our connector to be similar to what you suggested:

<Connector port="8080" maxHttpHeaderSize="8192" proxyName="saksslnb.loi.local" proxyPort="443"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" redirectPort="8443" acceptCount="100" scheme="https" secure="false"
               connectionTimeout="20000" disableUploadTimeout="true" address="172.16.99.81" URIEncoding="UTF-8"/>

And also in sakai.properties I have:

serverUrl=https://saksslnb.loi.local/
(the force.url.secure param is commented I assume is not needed for this configuration)

I’ve attached a screenshot on how sakai looks when I try to open a wicket tool.

Regards,
Bogdan Mariesan


From: Hedrick Charles [mailto:hedrick at rutgers.edu]
Sent: Wednesday, January 09, 2013 2:33 AM
To: Bogdan Mariesan
Cc: sakai-dev at collab.sakaiproject.org
Subject: Re: [Building Sakai] Sakai with SSL

in sakai.properties,

serverUrl=https://sakai.rutgers.edu

Any URL that will be presented to the user needs to be https:.

Since you're doing SSL decoding in your load balancer, connections come in as normal HTTP. But the software needs to think it is SSL or URLs constructed for users will be wrong.

    <Connector port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"
               scheme="https" secure="false" proxyPort="443"
               maxThreads="2000" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false"  acceptCount="100" URIEncoding="UTF-8"
                  disableUploadTimeout="true" maxHttpHeaderSize="8192" />

Note the scheme="https". When the code constructs a URL for the user, that's what it will use.


On Jan 8, 2013, at 10:11:29 AM, Bogdan Mariesan <Bogdan.Mariesan at isdc.eu<mailto:Bogdan.Mariesan at isdc.eu>> wrote:


Hi,

We are having some problems in configuring our Sakai environment to work with SSL and I was wondering if any of you have a similar configuration as the one we use.
I’ve attached a PDF with our current network configuration.

Please let me know if any of you have a similar configuration and if possible provide some hints on how to properly configure our system.

With kind regards,

Bogdan Marieșan
Developer

T / +40 (0)364 403 900
T / +31 (0)35 629 39 59
Bogdan.Mariesan at isdc.eu<mailto:Bogdan.Mariesan at isdc.eu>

<image001.png>

AVRAM IANCU 506-508 – 407280 FLORESTI
CLUJ - ROMANIA
WWW.ISDC.EU<http://www.isdc.eu/>

Bogdan Marieșan recommends the ISDC E-Zine<http://www.isdc.eu/ezine.aspx>

Please consider the environment before printing.
The content of this communication is classified as ISDC Confidential and Proprietary Information. The content of this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this communication then delete it from your system. ISDC does not guarantee that the integrity of this communication has been maintained nor that this communication is free of viruses, interceptions or interference. We appreciate your assistance in preserving the confidentiality of our correspondence. Thank you.

<www5.pdf>_______________________________________________
sakai-dev mailing list
sakai-dev at collab.sakaiproject.org<mailto:sakai-dev at collab.sakaiproject.org>
http://collab.sakaiproject.org/mailman/listinfo/sakai-dev

TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org<mailto:sakai-dev-unsubscribe at collab.sakaiproject.org> with a subject of "unsubscribe"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20130109/05d2b553/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sakaiscreen.JPG
Type: image/jpeg
Size: 202370 bytes
Desc: sakaiscreen.JPG
Url : http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20130109/05d2b553/attachment.jpe

More information about the sakai-dev mailing list