[Building Sakai] Chrome 30 and HTTP
Kevin Pittman
kevin.pittman at oit.gatech.edu
Fri Oct 4 09:55:17 PDT 2013
On Fri, Oct 04, 2013 at 10:45:58AM +0100, Matthew Buckett wrote:
> I think you can force Sakai to generate HTTPS redirects even if the
> request came in over HTTP with the system property:
>
> sakai.force.url.secure=true
>
> Another fix (I think) is to set the secure attribute on your HTTP
> connector in your server.xml
>
> <Connector acceptCount="100" connectionTimeout="20000"
> disableUploadTimeout="true" enableLookups="false"
> maxHttpHeaderSize="8192" maxSpareThreads="75" maxThreads="150"
> minSpareThreads="25" port="8080" redirectPort="8443" secure="true"/>
I tried these fixes in our test environment (and as best as I can tell,
it's supposed to be "force.url.secure=443", though that option is not
documented in the Confulence property list in either form), but neither
one worked. I also tried setting the 'X-Forwarded-Proto' header, and
that didn't work either, albeit I couldn't add the suggested valve, as
my Tomcat doesn't recognize 'org.apache.catalina.valves.RemoteIpValve'
for some reason, though I don't know if the valve would make any
difference or not.
Right now, the only method I've found to work is running HTTPS on the
backend between our BIG-IP load balancer and our Sakai servers. It may
be extra overhead, but it seems like the safest approach to make sure
that every possible instance of http:// is properly rewritten as https://
Kevin
Georgia Tech Sakai Application Administrator
--
Kevin Pittman kevin.pittman at oit.gatech.edu
-----------------------------------------------------------------------
Senior Systems Support Engineer Office of Information Technology
Academic and Research Technologies Georgia Institute of Technology
More information about the sakai-dev
mailing list