[Building Sakai] Chrome 30 and HTTP
Sam Ottenhoff
ottenhoff at longsight.com
Wed Oct 9 09:34:43 PDT 2013
> We prefer to fix the Sakai code so that it works with Chrome 30,
> without running SSL between the load-balancer and Sakai server (as stated
> in the thread), and without adding rewrite rules above/outside Sakai, that
> is, rewrite rules in the load-balancer, webserver, or servlet container (as
> you're doing). But I don't want to waste time fixing the code if someone
> else already has done it that way.
>
I believe the easiest way to get Tomcat to believe it is being delivered
over HTTPS is using the X-Forwarded-Proto. This is one of several
solutions described here:
https://confluence.sakaiproject.org/display/DOC/Sakai+Admin+Guide+-+Advanced+Tomcat++(and+Apache)+Configuration
The way it works: edit your front-end load balancer to send the header
X-Forwarded-Proto with a value of "https" to the Tomcat nodes.
Edit your Tomcat nodes conf/server.xml to use this Valve:
<Valve className="org.apache.catalina.valves.RemoteIpValve"
protocolHeader="X-Forwarded-Proto" />
Restart Tomcat and now Tomcat knows it is being served over https.
--Sam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20131009/853367cd/attachment.html
More information about the sakai-dev
mailing list