{"id":5621,"date":"2018-11-15T00:55:34","date_gmt":"2018-11-15T04:55:34","guid":{"rendered":"https:\/\/www.dr-chuck.com\/csev-blog\/?p=5621"},"modified":"2023-01-09T11:33:52","modified_gmt":"2023-01-09T15:33:52","slug":"putting-sakai-behind-cloudflare","status":"publish","type":"post","link":"https:\/\/www.dr-chuck.com\/csev-blog\/2018\/11\/putting-sakai-behind-cloudflare\/","title":{"rendered":"Putting Sakai Behind Cloudflare"},"content":{"rendered":"

I love Cloudflare.\u00a0 <\/span>I use it extensively for any production server I support.\u00a0 <\/span>I use it for https termination, DDOS mitigation, performance improvement for static content, super flexible DNS management and many more things.<\/p>\n

In building my support for IMS LTI Advantage I decided I just needed a server that would run a particular tag or branch of Sakai in production for basic testing rather than pushing everything to master and waiting until the nightly server went through the rebuild.<\/p>\n

Here are my notes on putting Sakai behind Cloudflare.<\/p>\n

– In CloudFlare under “Overview” Make sure SSL is “Flexible” to keep CloudFlare talking on the backend on port 80<\/p>\n

– In CloudFlare, Make a rule for “Automatic HTTPS Rewrites”<\/p>\n

– In CloudFlare make a rule that matches<\/p>\n

*.sakaicloud.com\/webcomponents\/*\r\nCache Level<\/span>: Cache Everything<\/span>, Opportunistic Encryption<\/span>: O<\/span>n\r\n\r\n*.sakaicloud.com\/library\/*\r\nCache Level<\/span>: Cache Everything<\/span>, Opportunistic Encryption<\/span>: O<\/span>n\r\n\r\n*.sakaicloud.com\/imsblis\/*\r\nBrowser Integrity Check: Off, Always Online: Off, Security Level: Essentially Off, Cache Level: Bypas<\/pre>\n
– In the Sakai server in the file .\/apache-tomcat-8.0.30\/conf\/server.xml<\/strong> set up the connector like this<\/p>\n
<Connector port=\"80\" \r\n    protocol=\"HTTP\/1.1\"\u00a0\u00a0 <\/span>\r\n    connectionTimeout=\"20000\"\u00a0\r\n    scheme=\"https\"\u00a0 <\/span>\/><\/pre>\n
This runs an http (port 80) without requiring any key fussing.\u00a0 <\/span>Since Cloudflare does the SSL we don’t need it in Tomcat. \u00a0 <\/span>See https:\/\/tomcat.apache.org\/tomcat-7.0-doc\/config\/http.html#SSL_Support<\/a><\/p>\n
Interestingly, one thing I did not need to do was adjust the caching for the “\/library” urls in Sakai. \u00a0 <\/span>Sakai sets all the headers so well that Cloudflare needs no further guidance and neither does the browser.\u00a0 <\/span>Just as a simple test, the actual un-cached download for the initial page in Sakai Prior to login is 8.8KB.\u00a0 <\/span>That is *KILO-BYTES*.\u00a0 <\/span>A normal post-login page in Sakai’s Lessons is 31.4 KB\u00a0 <\/span>data transferred. Amazingly low bandwidth usage for an enterprise application like Sakai.<\/p>\n
Pretty cool.<\/p>\n
If you want to run your Sakai on port 8080 (i.e. not root) but CloudFlare insists on 80, you can do the following trick:<\/p>\n
iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT\r\niptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT\r\niptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080<\/code><\/pre>\n
Thanks to https:\/\/iwearshorts.com\/blog\/redirect-port-80-to-8080-using-iptables\/<\/a><\/p>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
I love Cloudflare.\u00a0 I use it extensively for any production server I support.\u00a0 I use it for https termination, DDOS mitigation, performance improvement for static content, super flexible DNS management and many more things. In building my support for IMS LTI Advantage I decided I just needed a server that would run a particular tag […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-5621","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/posts\/5621","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/comments?post=5621"}],"version-history":[{"count":7,"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/posts\/5621\/revisions"}],"predecessor-version":[{"id":5993,"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/posts\/5621\/revisions\/5993"}],"wp:attachment":[{"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/media?parent=5621"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/categories?post=5621"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/tags?post=5621"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}