[Freeipa-users] Adding virtual servers to IPA httpd
Rob Crittenden
rcritten at redhat.com
Tue Aug 25 01:30:58 UTC 2015
Ian Pilcher wrote:
> On 08/24/2015 01:47 AM, Martin Kosek wrote:
>> FreeIPA can play well with other stuff running on the same Apache as
>> long as
>> you do not break it's Apache configuration - like mod_nss running on
>> port 443,
>> CA proxy or the RPC connection URIs used by "ipa" tool or other tools.
>>
>> So the answer is - it is possible, but there are dragons lurking on the
>> shadows, so please be careful.
>
> So I think that I have this working. I've been able to set up a
> "default" named virtual host on port 80 that does the IPA web UI
> redirection, along with a separate named virtual host that redirects
> to a reverse proxy (SSL endpoint)/static content server on a random
> high port.
>
> (This will all be used to secure access to my new OpenSprinkler
> controller when it arrives.)
>
> I've posted a sanitized version of the config file at:
>
> http://pastebin.com/aPyG3q4v
>
> I've tested both "redirection" servers on port 80, using both short
> hostnames and FQDNs, and I've verified that the correct certificates
> and CA chains are being served on ports 443 and 59872.
>
> How can I test the CA proxy and RPC URIs? Is there anything else I
> should check before I declare victory and start drinking?
>
> Thanks!
>
This will exercise the basics:
ipa cert-show 1
As long as /ca is opened by IPA you should be ok.
rob
More information about the Freeipa-users
mailing list