grouper-users - RE: [grouper-users] containerized grouper noob questions
Subject: Grouper Users - Open Discussion List
List archive
- From: "Coleman, Erik C" <>
- To: Baron Fujimoto <>, Grouper Users <>
- Subject: RE: [grouper-users] containerized grouper noob questions
- Date: Thu, 16 Jul 2020 04:32:20 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=illinois.edu; dmarc=pass action=none header.from=illinois.edu; dkim=pass header.d=illinois.edu; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5HcU3tNPAuOoBBS+nrR3XVNw0DbcoXdx/4S/MQKPcQo=; b=X+8w2h46LrwvNSGRVo12wuzXnvi/T3PboGm1O8RIhPfByqVczoo+rzeXhnHxr7+3dzk2nfFw7CnsnNte/2NWHiEa8JR9DUk94t2dEz/KL5n2gtuB2ri21HthhJHJhaK6J1LqskPrkHZcmXYz98q1FyXeh54xlYXBVv9EBSWXnCbSIVqF4l49iCuaGGETSgHTQhupqp6c6B9GPxz7X2nRPHa+A71KeZypE6ZEOJBJyQitv0qZ+aEF83SYgrLwT8OyLanBIr8rWe5C3HhpbCb75kP/kSkCdNZ4KHtXGAZRq+4GU+Ya6rk0CY9bxgJyc5oFXDxUSvM7DDLYkejIHD/Lsw==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gOXVVOKRi9GxNuToWniCw2QIgaNnr73lqxnRKD0HKDBnC3anDjJYyKsKw4Cx2dipSYYFYPGe5vtR4rpqRX16pojnY0GEb20OcDMuv/ObQkQyYZZLpFvydFId9RK0aLzq8ZTTre3cBEBYTxfA66dW1cIhhyvU+LbZ2c7HtE/ze7B4jtFrh5pVU4zrzJz9/Qr3iUpz4Hr8ovOZ5YoEWyPATZxeYdMz14b5p26AJ8NTrglXKho9J/IGEcL3obv1L/aE3VLpra0bZq/GPxdwNefDkbQ9zKzpe2At0lZCWxUEl6XHyKipGw6AddfFqwOoJ221J7jGIzWjEi9dgA5HKhsDDw==
Baron,
We do exactly the last part-- our TLS is terminated at the AWS App Load
Balancer, and then everything is proxied non-SSL behind the ALB to the
containers, with separate UI and ws container. We're still on 2.4.0 so
Apache is in the middle of that using AJP to Tomcat. So ours looks something
like:
RP: <https://grouperapp.someschool.edu/grouper> (port 443 on ALB) --> UI:
http://ui-container-host:80 (Apache) -> http://localhost:8009 (AJP)
I think this is simplified in 2.5.x.
-Erik Coleman
-----Original Message-----
From:
<> On Behalf Of Baron Fujimoto
Sent: Tuesday, July 14, 2020 4:25 PM
To: Grouper Users <>
Subject: Re: [grouper-users] containerized grouper noob questions
Ahh, ok. To make sure I understand, the reverse proxy listens on the standard
port 443, and depending on the URI path routes the traffic to the appropriate
UI or WS docker container:
RP: <https://grouper.example.edu/grouper> (port 443) -> UI:
http(s?)://grouper.example.edu:8080/grouper>
RP: <https://grouper.example.edu/grouper-ws> (port 443) -> WS:
http(s?)://grouper.example.edu:8888/grouper-ws>
Currently, we terminate our TLS in the shared Tomcat servlet container. How
do you handle this when using the reverse proxy? Do you move the TLS
termination up to the RP and connect via http to the proxied docker
containers?
On Mon, Jul 13, 2020 at 10:51:48PM -0400, Darren Boss wrote:
>One option would be to set up a reverse proxy in front of the
>containers that directs traffic to the correct container based on the
>url pattern. That reverse proxy is grouper.example.edu and it has rules
>so traffic to /grouper goes to the ui container while /grouper-ws goes
>to the web services container. In Kubernetes, this is a core part of
>the platform and called the ingress controller which is typically done
>via Nginx.
>
>On Mon, Jul 13, 2020 at 8:15 PM Baron Fujimoto <> wrote:
>>
>> On Thu, Jul 02, 2020 at 05:15:31PM -1000, Baron Fujimoto wrote:
>> >We're dipping our toes in the water of containerized Grouper, generally
>> >upgrading from 2.2 to 2.5. Upgrade issues aside, I have some basic
>> >questions about containerized Grouper that I hope aren't too stupid. I
>> >poked around the Grouper doucmentation I could find but didn't find what
>> >I was looking for – I'm happy to RTFM if someone will point me to TFM.
>> >
>>
>> Different question:
>>
>> Our current grouper UI and WS deployments share a common hostname and port
>> (443). E.g.:
>>
>> UI: <https://grouper.example.edu.grouper/grouper>
>> WS: <https://grouper.example.edu.grouper/grouper-ws>
>>
>> We achieve this by running both services out of a shared Tomcat servlet
>> container. With dockerized Grouper the the best practice seems to be to
>> run each service in its own docker container (each with its own Tomcat
>> servlet container)? Since each service can't listen to the same port
>> (right?), what is the recommended way of handling this? Just having, say,
>> the WS, listen to a different port? (Assuming we want to retain the same
>> hostname.) E.g.:
>>
>> UI: <https://grouper.example.edu.grouper/grouper>
>> WS: <https://grouper.example.edu.grouper:9443/grouper>
>>
>> --
>> UH Information Technology Services : Identity & Access Mgmt,
>> Middleware minutas cantorum, minutas balorum, minutas carboratum
>> desendus pantorum
>
>
>
>--
>Darren Boss
>Senior Programmer/Analyst
>Programmeur-analyste principal
>
--
UH Information Technology Services : Identity & Access Mgmt, Middleware
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
- Re: [grouper-users] containerized grouper noob questions, (continued)
- Re: [grouper-users] containerized grouper noob questions, Darren Boss, 07/04/2020
- Re: [grouper-users] containerized grouper noob questions, Baron Fujimoto, 07/04/2020
- RE: [grouper-users] containerized grouper noob questions, Black, Carey M., 07/05/2020
- RE: [grouper-users] containerized grouper noob questions, Black, Carey M., 07/06/2020
- RE: [grouper-users] containerized grouper noob questions, Black, Carey M., 07/05/2020
- Re: [grouper-users] containerized grouper noob questions, Baron Fujimoto, 07/14/2020
- Re: [grouper-users] containerized grouper noob questions, Darren Boss, 07/14/2020
- RE: [grouper-users] containerized grouper noob questions, Black, Carey M., 07/14/2020
- RE: [grouper-users] containerized grouper noob questions, Coleman, Erik C, 07/14/2020
- Re: [grouper-users] containerized grouper noob questions, Baron Fujimoto, 07/14/2020
- Re: [grouper-users] containerized grouper noob questions, Darren Boss, 07/15/2020
- RE: [grouper-users] containerized grouper noob questions, Coleman, Erik C, 07/16/2020
- RE: [grouper-users] containerized grouper noob questions, Black, Carey M., 07/16/2020
- Re: [grouper-users] containerized grouper noob questions, Baron Fujimoto, 07/21/2020
- Re: [grouper-users] containerized grouper noob questions, Greg Haverkamp, 07/21/2020
- RE: [grouper-users] containerized grouper noob questions, Black, Carey M., 07/22/2020
- Re: [grouper-users] containerized grouper noob questions, Baron Fujimoto, 07/21/2020
- RE: [grouper-users] containerized grouper noob questions, Black, Carey M., 07/16/2020
- Re: [grouper-users] containerized grouper noob questions, Darren Boss, 07/14/2020
Archive powered by MHonArc 2.6.19.