[Freeipa-devel] Documentation for running FreeIPA in a VirtualHost
David O'Brien
daobrien at redhat.com
Fri Feb 8 15:42:41 UTC 2008
Chris Lalancette wrote:
> Hello,
> As promised to Simo and Rob yesterday, attached is a little bit of
> documentation for running FreeIPA in a VirtualHost container. It's not very
> complicated, but I figured it might be worthwhile to put up on the website for
> an easy HOWTO for people. I'm not actually subscribed to the list, so please
> make sure to CC me on replies.
>
> Thanks,
> Chris Lalancette
>
> ------------------------------------------------------------------------
>
> This document explains how to setup FreeIPA so that it can run on a
> different port, instead of port 80. This is useful, for instance, if you
> want to run a standard apache instance on your normal port 80 but want to run
> FreeIPA on a secondary port (like port 8089). There is a caveat with this;
> as of now, I haven't figured out how to make sure it is going over SSL. That
> means that all requests will go over standard HTTP. Assuming you already have
> FreeIPA up and running properly on port 80, the steps to move it to a
> different port:
>
> 1) Log in as the root user
>
> 2) Edit /etc/httpd/conf.d/ipa.conf. You'll want to add three lines at the top:
>
> Listen 8089
> NameVirtualHost *:8089
> <VirtualHost *:8089>
>
> and one line at the very bottom:
>
> </VirtualHost>
>
> This basically wraps the entire FreeIPA configuration in a VirtualHost, and
> makes sure that Apache is listening to that port. Note that you *cannot*
> use port 8080, since that is the port the ipa-webgui is listening on.
>
> 3) Edit /etc/httpd/conf.d/ipa.conf. You'll need to comment out a couple of
> the rewrite rules. Basically take all of these lines:
>
> ----------------------------------------------------------------------
> # Redirect to the fully-qualified hostname. Not redirecting to secure
> # port so configuration files can be retrieved without requiring SSL.
> RewriteCond %{HTTP_HOST} !^host.foo.com$ [NC]
> RewriteRule ^/(.*) http://host.foo.com/$1 [L,R=301]
>
> # Redirect to the secure port if not displaying an error or retrieving
> # configuration.
> RewriteCond %{SERVER_PORT} !^443$
> RewriteCond %{REQUEST_URI} !^/(errors|config|favicon.ico)
> RewriteRule ^/(.*) https://host.foo.com/$1 [L,R=301,NC]
> ---------------------------------------------------------------------
>
> And comment them out.
>
> 4) # service httpd reload
>
> That should be it; FreeIPA should now be running on port 8089, and you can run
> your normal website on port 80.
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
Chris,
Thanks a lot for doing this. I'll raise a bugzilla for me to add this to
freeipa.com and get to it soon.
cheers
--
David O'Brien
IPA Content Author
"We couldn't care less about comfort. We make you feel good."
Federico Minoli CEO Ducati Motor S.p.A.
More information about the Freeipa-devel
mailing list