Accessing nodes in uPortal service
12 views
Skip to first unread message
Benito J. Gonzalez
Dec 27, 2019, 12:30:26 AM12/27/19
to uPortal Developers
Hi folks,
Anyone have a setup that allows accessing a particular uPortal server behind a load balancer?
Benito J. Gonzalez
Senior Software Developer
Unicon, Inc.
Voice: 209.777.2754
Text: 209.777.2754
Email: bgon...@unicon.net
GitHub: bjagg
BitBucket: bjagg
Anyone have a setup that allows accessing a particular uPortal server behind a load balancer?
Benito J. Gonzalez
Senior Software Developer
Unicon, Inc.
Voice: 209.777.2754
Text: 209.777.2754
Email: bgon...@unicon.net
GitHub: bjagg
BitBucket: bjagg
Lauren Anderson
Dec 27, 2019, 4:27:14 PM12/27/19
to Benito J. Gonzalez, uPortal Developers
I use the EditThisCookie plugin for Chrome to specify the server behind the load balancer. The load balancer is an Apache Web Server with BalanceMember pointing to the AJP port (8009) of the uPortal server. The balancer configuration looks like this (substituting "app-server-pool" and "app-server" for our uPortal server pool and server names):
<Proxy balancer://app-server-pool>
Header add Set-Cookie "PORTAL_SERVER_ID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
BalancerMember ajp://app-server-1:8009 route=bal1
BalancerMember ajp://app-server-2:8009 route=bal2
BalancerMember ajp://app-server-3:8009 route=bal3
BalancerMember ajp://app-server-4:8009 route=bal4
ProxySet stickysession=PORTAL_SERVER_ID
</Proxy>
In the Cookie manager, I edit the server name in PORTAL_SERVER_ID cookie (.bal1, .bal2, .bal3, .bal4) and refresh the page to test each server behind the load balancer. This has come in handy many times when users complain of intermittent errors. Usually one of the servers has a problem while the others are fine, which explains why it appears randomly.
Lauren
--
You received this message because you are subscribed to the Google Groups "uPortal Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to uportal-dev...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-dev/358EED99-0D75-4275-9E46-B7C87E8FD7DD%40unicon.net.
<Proxy balancer://app-server-pool>
Header add Set-Cookie "PORTAL_SERVER_ID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
BalancerMember ajp://app-server-1:8009 route=bal1
BalancerMember ajp://app-server-2:8009 route=bal2
BalancerMember ajp://app-server-3:8009 route=bal3
BalancerMember ajp://app-server-4:8009 route=bal4
ProxySet stickysession=PORTAL_SERVER_ID
</Proxy>
In the Cookie manager, I edit the server name in PORTAL_SERVER_ID cookie (.bal1, .bal2, .bal3, .bal4) and refresh the page to test each server behind the load balancer. This has come in handy many times when users complain of intermittent errors. Usually one of the servers has a problem while the others are fine, which explains why it appears randomly.
Lauren
You received this message because you are subscribed to the Google Groups "uPortal Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to uportal-dev...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-dev/358EED99-0D75-4275-9E46-B7C87E8FD7DD%40unicon.net.
Lauren Anderson
Dec 27, 2019, 4:32:01 PM12/27/19
to Benito J. Gonzalez, uPortal Developers
Sorry, I should have said 'substituting "load-balancer-config-file" and "app-server" for our uPortal load balancer config file and server names.
I use the EditThisCookie plugin for Chrome to specify the server behind the load balancer. The load balancer is an Apache Web Server with BalanceMember pointing to the AJP port (8009) of the uPortal server. The balancer configuration looks like this (substituting "load-balancer-config-file" and "app-server" for our uPortal load balancer config file and server names):
<Proxy balancer://load-balancer-config-file>
I use the EditThisCookie plugin for Chrome to specify the server behind the load balancer. The load balancer is an Apache Web Server with BalanceMember pointing to the AJP port (8009) of the uPortal server. The balancer configuration looks like this (substituting "load-balancer-config-file" and "app-server" for our uPortal load balancer config file and server names):
<Proxy balancer://load-balancer-config-file>
Header add Set-Cookie "PORTAL_SERVER_ID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
BalancerMember ajp://app-server-1:8009 route=bal1
BalancerMember ajp://app-server-2:8009 route=bal2
BalancerMember ajp://app-server-3:8009 route=bal3
BalancerMember ajp://app-server-4:8009 route=bal4
ProxySet stickysession=PORTAL_SERVER_ID
</Proxy>
In the Cookie manager, I edit the server name in PORTAL_SERVER_ID cookie (.bal1, .bal2, .bal3, .bal4) and refresh the page to test each server behind the load balancer. This has come in handy many times when users complain of intermittent errors. Usually one of the servers has a problem while the others are fine, which explains why it appears randomly.
Lauren
-----Original Message-----
From: uport...@apereo.org [mailto:uport...@apereo.org] On Behalf Of Benito J. Gonzalez
Sent: Thursday, December 26, 2019 10:30 PM
To: uPortal Developers <uport...@apereo.org>
Subject: [uportal-dev] Accessing nodes in uPortal service
BalancerMember ajp://app-server-1:8009 route=bal1
BalancerMember ajp://app-server-2:8009 route=bal2
BalancerMember ajp://app-server-3:8009 route=bal3
BalancerMember ajp://app-server-4:8009 route=bal4
ProxySet stickysession=PORTAL_SERVER_ID
</Proxy>
In the Cookie manager, I edit the server name in PORTAL_SERVER_ID cookie (.bal1, .bal2, .bal3, .bal4) and refresh the page to test each server behind the load balancer. This has come in handy many times when users complain of intermittent errors. Usually one of the servers has a problem while the others are fine, which explains why it appears randomly.
Lauren
-----Original Message-----
From: uport...@apereo.org [mailto:uport...@apereo.org] On Behalf Of Benito J. Gonzalez
Sent: Thursday, December 26, 2019 10:30 PM
To: uPortal Developers <uport...@apereo.org>
Subject: [uportal-dev] Accessing nodes in uPortal service
Andrew Petro
Jan 2, 2020, 10:58:36 AM1/2/20
to uPortal Developers
Yes.
MyUW has a public view, so you can try this out without a Wisconsin identity:
The generic virtual IP: https://public.my.wisc.edu
note in the footer helpful details including, in my case right now, "prod7". That indicates which specific node behind the load balancer I got.
I can get a different node with e.g. https://public.prod5.my.wisc.edu
This is accomplished by, in the case of the generic virtual IP,
1. A hardware L4 handles the "public.my.wisc.edu" and load balances to
2. any of 4 VMs, specifically to a Docker container containing httpd running mod_proxy_loadbalancer, which proxy to
3. any of 4 Docker containers running Tomcat.
The L4 load balancer is IP sticky.
The httpds are cookie (iirc) sticky and prefer to route to the Tomcat Docker running on its local VM to minimize latency.
And in the case of the node-specific "https://public.prod5.my.wisc.edu", in step 3 the httpd proxy config tells httpd to route to a specific Tomcat Docker rather than load balancing.
The Apache httpd configuration for this is pretty complicated and something I've inherited. It's got macros that call macros that call macros. I've had a lot of difficulty wrapping my brain around how it might route some paths to other Docker containers while still doing the load balancing and node-specific routing and so forth.
Been clicking around in Amazon Elastic Beanstalk a bit considering how we might accomplish this kind of thing in the cloud instead.
-Andrew
Julien Gribonvald
Jan 6, 2020, 5:27:08 AM1/6/20
to uport...@apereo.org
Hi folks and happy new year !
+1 with this way (I'm working with that).
After for proxy CAS we have also a direct url with
https://portail1.xxxxx, https://portail2.xxxx, etc... it's usefull to
validate CAS tickets on the good server. But as this isn't working in
the same load-balancing context than users we need to use the cookie way !
Julien
Julien Gribonvald
+1 with this way (I'm working with that).
After for proxy CAS we have also a direct url with
https://portail1.xxxxx, https://portail2.xxxx, etc... it's usefull to
validate CAS tickets on the good server. But as this isn't working in
the same load-balancing context than users we need to use the cookie way !
Julien
Reply all
Reply to author
Forward
0 new messages