[Freeipa-devel] Documentation for running FreeIPA in a VirtualHost

Fri Feb 8 15:42:41 UTC 2008

Chris Lalancette wrote:
> Hello,
>      As promised to Simo and Rob yesterday, attached is a little bit of
> documentation for running FreeIPA in a VirtualHost container.  It's not very
> complicated, but I figured it might be worthwhile to put up on the website for
> an easy HOWTO for people.  I'm not actually subscribed to the list, so please
> make sure to CC me on replies.
>
> Thanks,
> Chris Lalancette
>   
> ------------------------------------------------------------------------
>
> This document explains how to setup FreeIPA so that it can run on a
> different port, instead of port 80.  This is useful, for instance, if you
> want to run a standard apache instance on your normal port 80 but want to run
> FreeIPA on a secondary port (like port 8089).  There is a caveat with this; 
> as of now, I haven't figured out how to make sure it is going over SSL.  That
> means that all requests will go over standard HTTP.  Assuming you already have
> FreeIPA up and running properly on port 80, the steps to move it to a
> different port:
>
> 1)  Log in as the root user
>
> 2)  Edit /etc/httpd/conf.d/ipa.conf.  You'll want to add three lines at the top:
>
> Listen 8089
> NameVirtualHost *:8089
> <VirtualHost *:8089>
>
> and one line at the very bottom:
>
> </VirtualHost>
>
> This basically wraps the entire FreeIPA configuration in a VirtualHost, and
> makes sure that Apache is listening to that port.  Note that you *cannot*
> use port 8080, since that is the port the ipa-webgui is listening on.
>
> 3)  Edit /etc/httpd/conf.d/ipa.conf.  You'll need to comment out a couple of
> the rewrite rules.  Basically take all of these lines:
>
> ----------------------------------------------------------------------
> # Redirect to the fully-qualified hostname. Not redirecting to secure
> # port so configuration files can be retrieved without requiring SSL.
> RewriteCond %{HTTP_HOST}    !^host.foo.com$ [NC]
> RewriteRule ^/(.*)          http://host.foo.com/$1 [L,R=301]
>
> # Redirect to the secure port if not displaying an error or retrieving
> # configuration.
> RewriteCond %{SERVER_PORT}  !^443$
> RewriteCond %{REQUEST_URI}  !^/(errors|config|favicon.ico)
> RewriteRule ^/(.*)          https://host.foo.com/$1 [L,R=301,NC]
> ---------------------------------------------------------------------
>
> And comment them out.
>
> 4)  # service httpd reload
>
> That should be it; FreeIPA should now be running on port 8089, and you can run
> your normal website on port 80.
>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel

Chris,
Thanks a lot for doing this. I'll raise a bugzilla for me to add this to 
freeipa.com and get to it soon.

cheers

-- 

David O'Brien
IPA Content Author

"We couldn't care less about comfort. We make you feel good."
Federico Minoli CEO Ducati Motor S.p.A.