If you are running a Shibboleth 2 Service Provider on a Apache 2.2 HTTP server which resides behind a SSL Offloader you could run into a problem with the redirect schema expecting https but is rewritten as http. This is a easy problem to fix. Make sure your ServerName attribute is fully qualified with a schema name. You will want to make sure you add https to the domain name of the server. Here is a example of how my ServerName attribute looks.

ServerName https://sp.example.com

I don’t know if you have come across the all but wonderful Apache HTTP “502 Proxy Error”, but if you have you know it is a pain to diagnose. I just ran across this problem the other week. After much research, I found out that there are all kinds of little things that can cause this to happen. Everything from a application taking to long to respond to firewall and load balancer issues.

In my case we had a lot of things to look at. We were front ending a Glassfish cluster with a Apache HTTP server doing a proxy passthrough connection. The traffic between the HTTP server and the Glassfish cluster is being handled by a load balancer and passing through a firewall. What I discovered was that Glassfish would close a connection from the Proxy Server but the Proxy Server would see the connections as still being open. The next request would try to aquire, what it thought was a open connection, and would fail with this error.

To fix this issue I added the disablereuse and retry attributes to the ProxyPass connection. Here is a example of them being used. You need to set disableresue to On and retry to 0.

ProxyPass /example http://backend.example.com disableresue=On retry=0

I set retry to 0 so that that there is no wait in retrying a request. According to the Apache HTTP Documentation the disableresue should only be used in rare occasions where the connection is randomly dropped.

copied from the apache documentation

This parameter should be used when you want to force mod_proxy to immediately close a connection to the backend after being used, and thus, disable its persistent connection and pool for that backend. This helps in various situations where a firewall between Apache and the backend server (regardless of protocol) tends to silently drop connections or when backends themselves may be under round- robin DNS. To disable connection pooling reuse, set this property value to On.

Now that I have added these attributes I have not gotten the 502 Proxy Error once.

Phish is getting ready to start there new tour run this Friday at Hampton Colosseum. Since I easily got shut out for all three nights of that run, I am going to have to sit at home and wait for the downloads, so I can experience the magic of Phish for myself. This led me to find Mr. Miner's Phish Thoughts blog.

As I was looking through his blog, it appears that he is going to have the shows posted on the web for download within a hour after each show. Now of course he says that it might take more than a hour, but this should draw a ton of people to his site. In the facts section his response to the possiable huge traffic that he is expecting is this.

3. Isn’t the download link going to crater?
The files will be hosted on Amazon S3, so it shouldn’t.

There will also be a torrent (hosted by Amazon) that should be really fast if there are hundreds (perhaps thousands!?) of you grabbing it.

Well I know that I will be online checking to see if he has gotten the shows posted yet. This should also be a great test to see how efficient the download will be. I have been very interested in Amazon’s S3 service, and am very curious how things will pan out.

I will have to thank the administrator of “Mr. Miner's Phish Thoughts” site. He is doing a great thing by appeasing to my sense of impatience. He is also going above and beyond what could be expected of any taper. Now all I can do is hope and pray that Amazon can handle this type of bandwidth. I would expect that he is going to draw some amazing traffic after the show is done.

Also remember to go and sign up for free Soundboard Downloads provided by Phish's on LivePhish.com .