[Freeipa-users] IPA rewrite conf
Deepak Dimri
deepak_dimri at hotmail.com
Mon Nov 28 11:25:30 UTC 2016
Hi Jan, Thanks for your reply. Sorry for the typo its AWS ELB.
I have seen the link you shared below. My issue is that i want my IPA servers in Failover/Load Balancing mode and when i add another IPA server using Proxy balancer i believe ProxyPassReverseCookieDomain and RequestHeader edit Referer directives does not work for me. Basically I am trying to make the balancer to work with below configuration but its failing at the ProxyPassReverseCookieDomain and RequestHeader edit Referer directives level:
<VirtualHost _default_:443>
<Proxy balancer://ipacluster>
# IPA Server 1
BalancerMember https://ipa1.int.example.com/
# IPA Server 2
BalancerMember https://ipa2.int.example.com/
</Proxy>
SSLProxyEngine on
ProxyPass / balancer://ipacluster/
ProxyPassReverse / balancer://ipacluster/
ProxyPassReverseCookieDomain ipa1.int.example.com webipa.example.com
RequestHeader edit Referer ^https://webipa\.example\.com/ https://ipa1.int.example.com/
ProxyPassReverseCookieDomain ipa2.int.example.com webipa.example.com
RequestHeader edit Referer ^https://webipa\.example\.com/ https://ipa2.int.example.com/
</VirtualHost>
I am not sure how ProxyPassReverseCookieDomain and RequestHeader edit Referer can be configured in this scenario along with Proxy balancer?
Regards,
Deepak
________________________________
From: freeipa-users-bounces at redhat.com <freeipa-users-bounces at redhat.com> on behalf of Jan Pazdziora <jpazdziora at redhat.com>
Sent: Monday, November 28, 2016 3:04 AM
To: deepak dimri
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] IPA rewrite conf
On Sun, Nov 27, 2016 at 01:06:36PM +0530, deepak dimri wrote:
> Hi All,
>
> I am posting my issue here with an hope that i get a response.
>
> I have WS ELB configured to connect to FreeIPA servers on Ubuntu. My
> FreeIPA servers are in private subnets. I am able to access my test
> index.html page deployed on the FreeIPA server by hitting https://<elb
> url>/index.html. However when i try IPA UI https://<elb url>/ipa/ui then i
> am getting redirected to my internal IPA address which then resulting to
> "site cannot be reached" error. I am wondering if i have an option of
> tweaking my /usr/share/ipa/ipa-rewrite.conf file so that i can access IPA
> UI using external ELB URL?
>
> Would appreciate if some one can give some pointers
I don't know what WS ELB is but maybe
https://www.adelton.com/freeipa/freeipa-behind-proxy-with-different-name
can get you started?
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161128/7af44b94/attachment.htm>
More information about the Freeipa-users
mailing list