[Building Sakai] Sakai with SSL

Anand Mehta anand.mehta at yahoo.com
Wed Jan 9 07:18:19 PST 2013


Hi Bogdan,

Have you tried secure="true" for the AJP connector? Also, take a look at this and see if it helps - http://old.nabble.com/Re%3A--Building-Sakai--Sakai-and-HTTPS-%28Possible-Error-in-some-tools%29-p31900724.html.

 
Thanks,
Anand


________________________________
 From: Bogdan Mariesan <Bogdan.Mariesan at isdc.eu>
To: Hedrick Charles <hedrick at rutgers.edu> 
Cc: "sakai-dev at collab.sakaiproject.org" <sakai-dev at collab.sakaiproject.org> 
Sent: Wednesday, January 9, 2013 8:12 AM
Subject: Re: [Building Sakai] Sakai with SSL
 

We’ve also tried to add a proxyName and proxyPort on the AJP connector as:
<Connector port="8009" enableLookups="false" proxyName="saksslnb.loi.local" proxyPort="443" redirectPort="8443" protocol="AJP/1.3" address="172.16.99.81"
               scheme="https" secure="false" URIEncoding="UTF-8"/>
 
By using the solution above the Wicket tools will start but none of the CSS/Javascript resources will be loaded as you can see in the attached screenshot.
 
Regards,
Bogdan Mariesan
 
From:Bogdan Mariesan 
Sent: Wednesday, January 09, 2013 9:55 AM
To: 'Hedrick Charles'
Cc: sakai-dev at collab.sakaiproject.org
Subject: RE: [Building Sakai] Sakai with SSL
 
Hi Charles,
 
I’ve setup a very similar configuration as the one bellow but the problem is that the wicket tools and one or two of the other tools are not working with this configuration.
I’ve redefined our connector to be similar to what you suggested:
 
<Connector port="8080" maxHttpHeaderSize="8192" proxyName="saksslnb.loi.local" proxyPort="443"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" redirectPort="8443" acceptCount="100" scheme="https" secure="false"
               connectionTimeout="20000" disableUploadTimeout="true" address="172.16.99.81" URIEncoding="UTF-8"/>
 
And also in sakai.properties I have:
 
serverUrl=https://saksslnb.loi.local/
(the force.url.secure param is commented I assume is not needed for this configuration)
 
I’ve attached a screenshot on how sakai looks when I try to open a wicket tool.
 
Regards,
Bogdan Mariesan
 
 
From:Hedrick Charles [mailto:hedrick at rutgers.edu] 
Sent: Wednesday, January 09, 2013 2:33 AM
To: Bogdan Mariesan
Cc: sakai-dev at collab.sakaiproject.org
Subject: Re: [Building Sakai] Sakai with SSL
 
in sakai.properties, 
 
serverUrl=https://sakai.rutgers.edu
 
Any URL that will be presented to the user needs to be https:.
 
Since you're doing SSL decoding in your load balancer, connections come in as normal HTTP. But the software needs to think it is SSL or URLs constructed for users will be wrong.
 
    <Connector port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"
               scheme="https" secure="false" proxyPort="443"
               maxThreads="2000" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false"  acceptCount="100" URIEncoding="UTF-8"
                  disableUploadTimeout="true" maxHttpHeaderSize="8192" />
 
Note the scheme="https". When the code constructs a URL for the user, that's what it will use.
 
 
On Jan 8, 2013, at 10:11:29 AM, Bogdan Mariesan <Bogdan.Mariesan at isdc.eu> wrote:
 
Hi,
 
We are having some problems in configuring our Sakai environment to work with SSL and I was wondering if any of you have a similar configuration as the one we use.
I’ve attached a PDF with our current network configuration.
 
Please let me know if any of you have a similar configuration and if possible provide some hints on how to properly configure our system.
 
With kind regards,
 
Bogdan Marieșan                                 
Developer
 
T / +40 (0)364 403 900
T / +31 (0)35 629 39 59
Bogdan.Mariesan at isdc.eu
 
<image001.png>
 
AVRAM IANCU 506-508 – 407280 FLORESTI
CLUJ - ROMANIA
WWW.ISDC.EU
 
Bogdan Marieșan recommends the ISDC E-Zine 
 
Please consider the environment before printing. 
The content of this communication is classified as ISDC Confidential and Proprietary Information. The content of this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this communication then delete it from your system. ISDC does not guarantee that the integrity of this communication has been maintained nor that this communication is free of viruses, interceptions or interference. We appreciate your assistance in preserving the confidentiality of our correspondence. Thank you. 
 
<www5.pdf>_______________________________________________
sakai-dev mailing list
sakai-dev at collab.sakaiproject.org
http://collab.sakaiproject.org/mailman/listinfo/sakai-dev

TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
 
_______________________________________________
sakai-dev mailing list
sakai-dev at collab.sakaiproject.org
http://collab.sakaiproject.org/mailman/listinfo/sakai-dev

TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20130109/82b69e31/attachment.html 


More information about the sakai-dev mailing list