James Kingsbery's questions

Our team runs all our Nginx installations on 8443 instead of 443 for the obvious reason that you don't need to be root to listen on the port, and so the process can be started and stopped with lower privileges. (We then expose the application on port 443 by IP tables rules or load balancers.) We are in the process of integrating Shibboleth for SSO for doing our authentication.

I've come across this error:

OpenSAML.MessageDecoder.SAML2POST [2]: POST targeted at (https://myserver.com/Shibboleth.sso/SAML2/POST), but delivered to (https://myserver.com:8443/Shibboleth.sso/SAML2/POST)

This seems to be related to the fact that Nginx listens on 8443, but is publicly exposed on 443. Is there anyway to tell Shibboleth to stop adding the 8443 to the URL?

I've tried reading through the Shibboleth wiki, and didn't see anything that explained this scenario. I found one instance on the Internet of someone doing something similar, but the only answer given in the chain was to change some Apache configuration (I've been unable to find that Apache configuration or an equivalent in Nginx).

Looked on The Google, and couldn't find anything that explained how the score in proc/<pid>/oom_score is calculated. Why use this score instead of just using the total memory used?

We have several different environments (developer dekstop, integration, QA, prod) which should have slightly different variants of the same httpd.conf file. As an example, the httpd.conf file configures that httpd should act as a reverse proxy and proxy certain URLs to Jetty, but the hostname of the Jetty instance is different in each environment.

Is there a recommended practice for mangaging these kinds of differences? I looked around the apache documentation for the httpd.conf file and I didn't see anything that does what I need.