[Freeipa-users] IPA Server UI Behind Proxy
Petr Vobornik
pvoborni at redhat.com
Wed Aug 14 07:36:42 UTC 2013
On 08/14/2013 08:00 AM, Andrew Lau wrote:
> Hi,
>
> I've got my FreeIPA setup in an internal infrastructure, but I want to be
> able to have users access the web UI externally. I tweaked the
> ipa-rewrite.conf so it won't redirect me to the FQDN and then tried both a
> nginx reverse proxy and port forwarding, both works if the client manually
> sets the host name of the IPA server eg. ipa01.internaldomain.local in
> their /etc/hosts file. However if the client tries to to use eg.
> ipa.externaldomain.com with the same port forwarding or nginx proxy config,
> it'll silently error. The docs briefly touches on this - but doesn't really
> give much to go on.
>
> Any suggestions?
>
> Andrew
> .
>
Hi,
FreeIPA RPC API, which Web UI uses, requires http referer header to
start with 'https://<ipa.server.hostname>/ipa'. Given that you are using
proxy, I assume that the referer is different and might be a cause of
the issue.
HTH
--
Petr Vobornik
More information about the Freeipa-users
mailing list