[Freeipa-users] URL is changing on the browser

Deepak Dimri deepak_dimri at hotmail.com
Mon Nov 28 01:15:17 UTC 2016 

Adding Jan into the email thread. Hopefully Jan can help too


Best Regards,

Deepak


________________________________
From: Deepak Dimri <deepak_dimri at hotmail.com>
Sent: Sunday, November 27, 2016 8:08 PM
To: Chris Dagdigian
Subject: Re: [Freeipa-users] URL is changing on the browser


Hello Chris,


Were you able to get around AWS ELB integration with IPA Server?  I am stuck with this - when i hit my ELB URL i am getting redirected to internal FQDN of the IP server ( hosted on private subnet). I tried tweaking ipa-rewrite.conf but in vain.  As an alternate i have installed Apache reverse proxy on the public subnet and then proxying the requests to IPA. But then it does not work if i add one more IPA server for load balancing/failover -  i think its failing at  "RequestHeader edit Referer" directive work.


Just thought of checking with you if found any solution to this issue


Many Thanks for your time,

Deepak



________________________________

> On 15-Nov-2016, at 00:33, Chris Dagdigian <dag at sonsorol.org> wrote:
>
>
> I'm still interested in this topic as our IPA servers are on private AWS subnets and it would be really nice to have an internal AWS ALB or ELB be the user-facing interface so we can route traffic between IPA systems and only "advertise" a single hostname for access. Plus it would be great to put the load balancer name into the various sssd.conf and krb5.conf client files since our internal DNS-based service discovery has some brittleness that is outside my control to fix.
>
> I played with this for a short time and hit the "IPA redirects to it's internal FQDN" problem as well. Now that this appears to be a somewhat simple tweak to the httpd.conf type files I may start playing around with putting private IPA systems behind a private AWS load balancer
>
> Chris
>
>
>
> Deepak Dimri wrote:
>> we discussed the options internally and finally decided to host ipa within the private subnets - our security team wast too comfortable  to  expose ipa servers on to the public network.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161128/cad986cb/attachment.htm>

More information about the Freeipa-users mailing list