[Building Sakai] Chrome 30 and HTTP

Matt Clare Matt.Clare at BrockU.CA
Wed Oct 9 10:29:37 PDT 2013 

Hi Bill,

	Parts of the solution Sam mentioned about X-Forwarded-Proto on Friday, but Sam's recent E-mail http://collab.sakaiproject.org/pipermail/sakai-dev/2013-October/024772.html  and link summarizes the solution well.  The X-Forwarded-Proto header is the path Brock University will ultimately take when we migrate from 2.8 to 2.9 in the spring, but at the moment our load balancer has more than the capacity to affect and support  this change and 5 hours into it hitting production we have neither perceived or measured an impact on responsiveness.

	.\.\att

 ::  Matt Clare
Manager, eLearning
 Centre for Pedagogical Innovation 
Part-time Instructor
 Interactive Arts and Sciences
Brock University, Niagara Region, Ontario, Canada
http://brocku.ca/pedagogical-innovation    905 688 5550 xt 4539   Office: SBH321

Running for Parkinson's Research this October http://www2.michaeljfox.org/site/TR/Sponsored/TeamFox?px=1624726&pg=personal&fr_id=1400

On 2013-10-09, at 12:28 PM, "Niebel, William (wdn5e)" <wdn5e at eservices.virginia.edu>
 wrote:

> Hi, Matt.
>     We're working on this problem also at the University of Virginia.
> 
>     You said "A number of responders in Sakai-dev mentioned a few solutions that have been successful."  This makes me think I might be missing something in this thread so far.
> 
>     Running SSL between load-balancer and Sakai server certainly counts as one solution.  Am I missing any other solutions that have been mentioned?  (I think in saying "a few", you weren't counting your own solution of using front-end rewrite rules.)
> 
>     Supplying either property, sakai.force.url.secure or force.url.secure, is not a solution, because, at least with kernel 1.3.1 and Sakai 2.9.1, redirects aren't conditioned on either of those properties.  (I know about how Sakai code mirrors one of these property's value to the other.)
> 
>     And Sakai redirects seem to be one cause of the Chrome 30 problem.  We especially see that tools using CARET WebappToolServlet send redirects which trigger Chrome's http/s block.  I think there are also instances which don't involve that framework.
> 
>     We prefer to fix the Sakai code so that it works with Chrome 30, without running SSL between the load-balancer and Sakai server (as stated in the thread), and without adding rewrite rules above/outside Sakai, that is, rewrite rules in the load-balancer, webserver, or servlet container (as you're doing).  But I don't want to waste time fixing the code if someone else already has done it that way.
> 
>     Anyway, it would help me to know if there are solutions already which fix Sakai code to work behind an SSL load-balancer and non-SSL (webserver and) servlet container.
> 
> Thanks for your help.
>     Bill
> 
> 
> Bill Niebel
> University of Virginia

More information about the sakai-dev mailing list