[LON-CAPA-admin] Optimum Load Balancing

Abdel Messeh, Maged mmesseh at illinois.edu
Wed Mar 4 12:02:24 EST 2015 

Hi Stuart,

This is very helpful and solved my problem thanks so much.

I just had to add two extra lines to loncapa_rewrite.conf:

# this is to redirect the default /adm/sso to /adm/login which seems to be where the redirect is happening within lonCapa
RewriteRule ^/adm/sso  /adm/login  [R]

# this is to ensure that the shib session is destroyed by redirecting from access nodes to lon-balancer
RewriteRule ^/Shibboleth.sso/Logout https://lon-balancer.lon-capa.illinois.edu/Shibboleth.sso/Logout [R]

I have one more question, is lonCapa balancer capable of redirecting users for each request rather than on initial logins only.

Thanks,

Maged


-----Original Message-----
From: lon-capa-admin-bounces at mail.lon-capa.org [mailto:lon-capa-admin-bounces at mail.lon-capa.org] On Behalf Of Stuart Raeburn
Sent: Monday, March 2, 2015 6:06 PM
To: lon-capa-admin at mail.lon-capa.org
Subject: Re: [LON-CAPA-admin] Optimum Load Balancing

Hi,

What you can do currently in LON-CAPA is to use a domain configuration  
to cause users who are attempting to display the log-in page on each  
of your servers to be redirected to the LON-CAPA load-balancer server.

This avoids the infinite loop, because users who already have a  
session on one of the access servers will see the: "Already logged in"  
message, if they display the log-in page on that particular server.

As Domain Coordinator, use:
Main Menu -> Set domain configuration -> Display ("Log-in page  
options" checked).

If your domain contains more than one server then you will see a  
"Log-in Service" section.  For each access server listed select the  
hostname of the load balancer server in the "Redirect to" drop down  
list, and then choose the Path.

If you plan to use Shibboleth authentication on the load balancer  
server, you should select / as the path.  You can also enter IP  
addresses for clients which you wish to exempt from the redirect.  
(This is useful if you use periodic robotic log-in, role selection,  
course display, and log-out for each of your LON-CAPA servers from a  
script run on a dedicated monitoring server).

See:
https://library1.lon-capa.uiuc.edu/adm/help/Domain_Configuration_Login_Page.hlp


Stuart Raeburn
LON-CAPA Academic Consortium


Quoting "Abdel Messeh, Maged" <mmesseh at illinois.edu>:

> Hi All,
>
> I have recently successfully deployed a lon-balancer in our test   
> environment which works great, however in order to completely   
> benefit from it, I am looking for a way to redirect users to the   
> balancer when they try to go directly to an access node.  In other   
> words I do not want users to be able to go to a specific access node  
>  and potentially overload it.
>
> I tried to use apache redirects (mod_rewrite) to accomplish this but  
>  I ended up creating a loop in the folloing fashion:
> User goes to accesstest1 --> apache redirect to lon-balance -->   
> lon-balance redirect to accestest2 --> apache redirect to lon-balance
>
> I am not sure if there is a better way for doing this?  I am also   
> open for using external layer of redirects via nginx for exmaple.
>
> A more ambitious solution would be to completely hide which access   
> node the user is on, and hence they cannot go directly to any access  
>  node and then see if lon-balancer can redirect users for each   
> request rather than on initial logins only.
>
> I would greatly appreciate any thoughts on any of the above ideas.
>
> Thanks,
>
> Maged
>
>
> _______________________________________________
> LON-CAPA-admin mailing list
> LON-CAPA-admin at mail.lon-capa.org
> http://mail.lon-capa.org/mailman/listinfo/lon-capa-admin

_______________________________________________
LON-CAPA-admin mailing list
LON-CAPA-admin at mail.lon-capa.org
http://mail.lon-capa.org/mailman/listinfo/lon-capa-admin

More information about the LON-CAPA-admin mailing list