[Building Sakai] Sakai with SSL
Bogdan Mariesan
Bogdan.Mariesan at isdc.eu
Wed Jan 9 06:12:38 PST 2013
We’ve also tried to add a proxyName and proxyPort on the AJP connector as:
<Connector port="8009" enableLookups="false" proxyName="saksslnb.loi.local" proxyPort="443" redirectPort="8443" protocol="AJP/1.3" address="172.16.99.81"
scheme="https" secure="false" URIEncoding="UTF-8"/>
By using the solution above the Wicket tools will start but none of the CSS/Javascript resources will be loaded as you can see in the attached screenshot.
Regards,
Bogdan Mariesan
From: Bogdan Mariesan
Sent: Wednesday, January 09, 2013 9:55 AM
To: 'Hedrick Charles'
Cc: sakai-dev at collab.sakaiproject.org
Subject: RE: [Building Sakai] Sakai with SSL
Hi Charles,
I’ve setup a very similar configuration as the one bellow but the problem is that the wicket tools and one or two of the other tools are not working with this configuration.
I’ve redefined our connector to be similar to what you suggested:
<Connector port="8080" maxHttpHeaderSize="8192" proxyName="saksslnb.loi.local" proxyPort="443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100" scheme="https" secure="false"
connectionTimeout="20000" disableUploadTimeout="true" address="172.16.99.81" URIEncoding="UTF-8"/>
And also in sakai.properties I have:
serverUrl=https://saksslnb.loi.local/
(the force.url.secure param is commented I assume is not needed for this configuration)
I’ve attached a screenshot on how sakai looks when I try to open a wicket tool.
Regards,
Bogdan Mariesan
From: Hedrick Charles [mailto:hedrick at rutgers.edu]
Sent: Wednesday, January 09, 2013 2:33 AM
To: Bogdan Mariesan
Cc: sakai-dev at collab.sakaiproject.org<mailto:sakai-dev at collab.sakaiproject.org>
Subject: Re: [Building Sakai] Sakai with SSL
in sakai.properties,
serverUrl=https://sakai.rutgers.edu
Any URL that will be presented to the user needs to be https:.
Since you're doing SSL decoding in your load balancer, connections come in as normal HTTP. But the software needs to think it is SSL or URLs constructed for users will be wrong.
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
scheme="https" secure="false" proxyPort="443"
maxThreads="2000" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" acceptCount="100" URIEncoding="UTF-8"
disableUploadTimeout="true" maxHttpHeaderSize="8192" />
Note the scheme="https". When the code constructs a URL for the user, that's what it will use.
On Jan 8, 2013, at 10:11:29 AM, Bogdan Mariesan <Bogdan.Mariesan at isdc.eu<mailto:Bogdan.Mariesan at isdc.eu>> wrote:
Hi,
We are having some problems in configuring our Sakai environment to work with SSL and I was wondering if any of you have a similar configuration as the one we use.
I’ve attached a PDF with our current network configuration.
Please let me know if any of you have a similar configuration and if possible provide some hints on how to properly configure our system.
With kind regards,
Bogdan Marieșan
Developer
T / +40 (0)364 403 900
T / +31 (0)35 629 39 59
Bogdan.Mariesan at isdc.eu<mailto:Bogdan.Mariesan at isdc.eu>
<image001.png>
AVRAM IANCU 506-508 – 407280 FLORESTI
CLUJ - ROMANIA
WWW.ISDC.EU<http://www.isdc.eu/>
Bogdan Marieșan recommends the ISDC E-Zine<http://www.isdc.eu/ezine.aspx>
Please consider the environment before printing.
The content of this communication is classified as ISDC Confidential and Proprietary Information. The content of this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this communication then delete it from your system. ISDC does not guarantee that the integrity of this communication has been maintained nor that this communication is free of viruses, interceptions or interference. We appreciate your assistance in preserving the confidentiality of our correspondence. Thank you.
<www5.pdf>_______________________________________________
sakai-dev mailing list
sakai-dev at collab.sakaiproject.org<mailto:sakai-dev at collab.sakaiproject.org>
http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org<mailto:sakai-dev-unsubscribe at collab.sakaiproject.org> with a subject of "unsubscribe"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20130109/8aa64597/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sakaiscreen2.png
Type: image/png
Size: 227122 bytes
Desc: sakaiscreen2.png
Url : http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20130109/8aa64597/attachment.png
More information about the sakai-dev
mailing list