[Freeipa-users] Web UI access from outside the home network via port forwarding
Rob Crittenden
rcritten at redhat.com
Tue Jul 12 02:56:23 UTC 2016
Harry Kashouli wrote:
> Hi all,
>
> I have a freeipa server set up, and would like to access the Web UI
> remotely (from outside my home network).
>
> I set up a fresh Fedora 24 server install, and installed freeipa-server.
> - I own a domain, domain.com <http://domain.com>
> - The hostname of my freeipa server is hostname.subdomain.domain.com
> <http://hostname.subdomain.domain.com>
> - My home network domain is subdomain.domain.com
> <http://subdomain.domain.com>
>
> I set up a CNAME hostname.domain.com <http://hostname.domain.com> and
> port forwardings, and I tested this works with nginx on the same
> machine; I can successfully see the nginx test page.
> I then assumed I could do the same with the freeipa Web UI, but when I
> navigate to http://hostname.domain.com:<external_port>, it switches to
> https://hostname.subdomain.domain.com:<internal_port>, and with the
> following error: "Server not found"
>
> What am I doing wrong?
Look at ipa-rewrite.conf in the IPA Apache config. It does rewriting to
the real name of the IPA server when it was installed. You can try
tweaking this to allow both names, or to just not do the rewriting.
You may have issues with Kerberos and SSL due to using a different name.
You definitely don't want to use IPA over an unsecure channel.
rob
More information about the Freeipa-users
mailing list