[Freeipa-users] freeipa on http?
Simo Sorce
simo at redhat.com
Wed Aug 19 02:14:54 UTC 2015
On Tue, 2015-08-18 at 17:44 -0700, Janelle wrote:
> Simo,
>
> I read your blog sometime ago and do like it. However in this case, this
> is only for HTTPS, not kerberos, so the names do not have to match. It
> is for users managing accounts across any number of hosts. But thank you.
There is still the problem of the referer, but should be easy to fix
with a rewrite rule.
Simo.
> ~J
>
> On 8/18/15 3:02 PM, Simo Sorce wrote:
> > On Tue, 2015-08-18 at 18:01 -0400, Simo Sorce wrote:
> >> The load balancer would have to have the exact same name (for the
> >> clients) as the IPA server, which may be challenging depending on the
> >> network configuration you have.
> > More on that issue here:
> > http://ssimo.org/blog/id_019.html
> >
> >> On Tue, 2015-08-18 at 14:58 -0700, Janelle wrote:
> >>> Tried that -- but it gives a blank screen. I will try playing with it
> >>> some more. At least I know we are thinking in the same ballpark
> >>> Thank you
> >>> ~J
> >>>
> >>>
> >>> On 8/18/15 1:55 PM, Rob Crittenden wrote:
> >>>> Janelle wrote:
> >>>>> Hi,
> >>>>>
> >>>>> Is there a way to force freeipa web server to accept http requests and
> >>>>> not redirect to https? Reason is simple - offloading SSL to a load
> >>>>> balancer on the front end. (this is for web only, not the LDAP or
> >>>>> Kerberos)
> >>>>>
> >>>>> Thank you
> >>>>> ~J
> >>>>>
> >>>> You could try disabling the rewrite rules to do this in
> >>>> /etc/httpd/conf.d/ipa-rewrite.conf.
> >>>>
> >>>> rob
> >>
> >> --
> >> Simo Sorce * Red Hat, Inc * New York
> >>
> >
>
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list