[Freeipa-users] freeipa on http?
Janelle
janellenicole80 at gmail.com
Mon Aug 24 15:00:39 UTC 2015
Going to give this a try today.
Thanks so much for taking the time to work this out.
~J
On 8/24/15 2:01 AM, Jan Pazdziora wrote:
> On Thu, Aug 20, 2015 at 02:26:43PM +0200, Jan Pazdziora wrote:
>> On Tue, Aug 18, 2015 at 02:58:50PM -0700, Janelle wrote:
>>> Tried that -- but it gives a blank screen. I will try playing with it some
>>> more. At least I know we are thinking in the same ballpark
>> I was able to set this up just fine with
>> freeipa-server-4.1.4-4.fc22.x86_64. You need to disable the
>>
>> # Redirect to the secure port if not displaying an error or retrieving
>> # configuration.
>> RewriteCond %{SERVER_PORT} !^443$
>> RewriteCond %{REQUEST_URI} !^/ipa/(errors|config|crl)
>> RewriteCond %{REQUEST_URI} !^/ipa/[^\?]+(\.js|\.css|\.png|\.gif|\.ico|\.woff|\.svg|\.ttf|\.eot)$
>> RewriteRule ^/ipa/(.*) https://ipa.example.test/ipa/$1 [L,R=301,NC]
>>
>> part on the IPA server or you will get infinite redirection loop.
>>
>> Also you will need to test it through that SSL proxy, not directly
>> against http://ipa.example.test/, or authentication on the WebUI will
>> not work -- the session cookie is marked as Secure so the browser will
>> not store it when it comes via http, plus the UI checks referer to
>> start with https://.
> I've put the notes about the setup I've tried to
>
> http://www.adelton.com/freeipa/freeipa-behind-ssl-proxy
>
More information about the Freeipa-users
mailing list