<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <style type="text/css" style="display:none;"></style> </head> <body dir="ltr"> <div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;font-family:Calibri,Arial,Helvetica,sans-serif;" dir="ltr"> Hi Jan, Thanks for your reply. Sorry for the typo its AWS ELB. I have seen the link you shared below. My issue is that i want my IPA servers in Failover/Load Balancing mode and when i add another IPA server using Proxy balancer i believe ProxyPassReverseCookieDomain and RequestHeader edit Referer directives does not work for me. Basically I am trying to make the balancer to work with below configuration but its failing at the ProxyPassReverseCookieDomain and RequestHeader edit Referer directives level: <pre style="margin-top: 0px; margin-bottom: 1em; padding: 5px; border: 0px; font-size: 13px; width: auto; max-height: 600px; overflow: auto; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; background-color: rgb(239, 240, 241); word-wrap: normal; color: rgb(36, 39, 41);"><code style="margin: 0px; padding: 0px; border: 0px; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; white-space: inherit;"><VirtualHost _default_:443> <Proxy balancer://ipacluster> # IPA Server 1 BalancerMember https://ipa1.int.example.com/ # IPA Server 2 BalancerMember https://ipa2.int.example.com/ </Proxy> SSLProxyEngine on ProxyPass / balancer://ipacluster/ ProxyPassReverse / balancer://ipacluster/ ProxyPassReverseCookieDomain ipa1.int.example.com webipa.example.com RequestHeader edit Referer ^https://webipa\.example\.com/ https://ipa1.int.example.com/ ProxyPassReverseCookieDomain ipa2.int.example.com webipa.example.com RequestHeader edit Referer ^https://webipa\.example\.com/ https://ipa2.int.example.com/ </VirtualHost> </code></pre> <p style="margin-right: 0px; margin-bottom: 1em; margin-left: 0px; padding: 0px; border: 0px; font-size: 15px; clear: both; color: rgb(36, 39, 41); font-family: Arial, "Helvetica Neue", Helvetica, sans-serif;"> I am not sure how ProxyPassReverseCookieDomain and RequestHeader edit Referer can be configured in this scenario along with Proxy balancer? <p style="margin-right: 0px; margin-bottom: 1em; margin-left: 0px; padding: 0px; border: 0px; font-size: 15px; clear: both; color: rgb(36, 39, 41); font-family: Arial, "Helvetica Neue", Helvetica, sans-serif;"> <p style="margin-right: 0px; margin-bottom: 1em; margin-left: 0px; padding: 0px; border: 0px; font-size: 15px; clear: both; color: rgb(36, 39, 41); font-family: Arial, "Helvetica Neue", Helvetica, sans-serif;"> Regards, <p style="margin-right: 0px; margin-bottom: 1em; margin-left: 0px; padding: 0px; border: 0px; font-size: 15px; clear: both; color: rgb(36, 39, 41); font-family: Arial, "Helvetica Neue", Helvetica, sans-serif;"> Deepak <div style="color: rgb(0, 0, 0);"> <div> <hr tabindex="-1" style="display:inline-block; width:98%"> <div id="x_divRplyFwdMsg" dir="ltr">From: freeipa-users-bounces@redhat.com <freeipa-users-bounces@redhat.com> on behalf of Jan Pazdziora <jpazdziora@redhat.com> Sent: Monday, November 28, 2016 3:04 AM To: deepak dimri Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] IPA rewrite conf <div> </div> </div> </div> <div class="PlainText">On Sun, Nov 27, 2016 at 01:06:36PM +0530, deepak dimri wrote: > Hi All, > > I am posting my issue here with an hope that i get a response. > > I have WS ELB configured to connect to FreeIPA servers on Ubuntu. My > FreeIPA servers are in private subnets. I am able to access my test > index.html page deployed on the FreeIPA server by hitting <a href="https://<elb"> https://<elb</a> > url>/index.html. However when i try IPA UI <a href="https://<elb">https://<elb</a> url>/ipa/ui then i > am getting redirected to my internal IPA address which then resulting to > "site cannot be reached" error. I am wondering if i have an option of > tweaking my /usr/share/ipa/ipa-rewrite.conf file so that i can access IPA > UI using external ELB URL? > > Would appreciate if some one can give some pointers I don't know what WS ELB is but maybe <a href="https://www.adelton.com/freeipa/freeipa-behind-proxy-with-different-name"> https://www.adelton.com/freeipa/freeipa-behind-proxy-with-different-name</a> can get you started? -- Jan Pazdziora Senior Principal Software Engineer, Identity Management Engineering, Red Hat -- Manage your subscription for the Freeipa-users mailing list: <a href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a> Go to <a href="http://freeipa.org">http://freeipa.org</a> for more info on the project </div> </div> </div> </body> </html>