[Freeipa-users] URL is changing on the browser
Chris Dagdigian
dag at sonsorol.org
Mon Nov 14 19:03:16 UTC 2016
I'm still interested in this topic as our IPA servers are on private AWS
subnets and it would be really nice to have an internal AWS ALB or ELB
be the user-facing interface so we can route traffic between IPA systems
and only "advertise" a single hostname for access. Plus it would be
great to put the load balancer name into the various sssd.conf and
krb5.conf client files since our internal DNS-based service discovery
has some brittleness that is outside my control to fix.
I played with this for a short time and hit the "IPA redirects to it's
internal FQDN" problem as well. Now that this appears to be a somewhat
simple tweak to the httpd.conf type files I may start playing around
with putting private IPA systems behind a private AWS load balancer
Chris
Deepak Dimri wrote:
> we discussed the options internally and finally decided to host ipa within the private subnets - our security team wast too comfortable to expose ipa servers on to the public network.
More information about the Freeipa-users
mailing list