[Freeipa-users] A question related to ipa webui
Rob Crittenden
rcritten at redhat.com
Thu Aug 11 15:56:01 UTC 2016
Jan Pazdziora wrote:
> On Thu, Aug 11, 2016 at 11:10:21AM +0200, bahan w wrote:
>>
>> I'm using ipa 3.0.0.47.
>>
>> I have an architecture where the IPA server is located on a secure zone,
>> not accessible from anyone.
>>
>> The IPA server has 2 network interfaces :
>> - IP1
>> - IP2
>>
>> In the secure zone, the IP1 network is used for the communication between
>> the servers.
>> The IP2 is used for administrators to connect to the servers inside the
>> secure zone.
>>
>> The only way to connect to the IPA server for external users is a proxy
>> which allows us to connect to the IP2.
>>
>> I installed the ipa-server using the IP1 network interface.
>> When I try to connect through proxy to the IPA webui, I use the IP2 network
>> interface.
>>
>> My problem is the following :
>> I type the following URL :
>> https://<IP2>
>>
>> It redirects me to the following URL :
>> https://<IP1>/ipa/ui
>>
>> When I try https://<IP2>/ipa/ui, it redirects me to https://<IP1>/ipa/ui.
>
> [...]
>
>> httpd 2433 apache 4u IPv4 xxxxxx 0t0 TCP *:https (LISTEN)
>> httpd 2434 apache 4u IPv4 xxxxxx 0t0 TCP *:https (LISTEN)
>> httpd 30861 root 4u IPv4 xxxxxx 0t0 TCP *:https (LISTEN)
>> ###
>>
>> Is there something I am missing in the IPA configuration for the WebUI
>> please ?
>
> Perhaps
>
> https://www.adelton.com/freeipa/freeipa-behind-proxy-with-different-name
>
> could give some hints.
>
> It was tested on FreeIPA 4.* -- on 3.0, you might need to tweak it
> a bit but the theory and goal should be the same.
>
It is the mod_rewrite rules in /etc/httpd/conf.d/ipa-rewrite.conf doing
the redirects. As Jan points out there are going to be hostname issues,
etc that his blog should help with.
rob
More information about the Freeipa-users
mailing list