<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <style type="text/css" style="display:none;"></style> </head> <body dir="ltr"> <div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;font-family:Calibri,Arial,Helvetica,sans-serif;" dir="ltr"> <p>Adding Jan into the email thread. Hopefully Jan can help too</p> <p><br> </p> <p>Best Regards,</p> <p>Deepak</p> <br> <br> <div style="color: rgb(0, 0, 0);"> <hr tabindex="-1" style="display:inline-block; width:98%"> <div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> Deepak Dimri <deepak_dimri@hotmail.com><br> <b>Sent:</b> Sunday, November 27, 2016 8:08 PM<br> <b>To:</b> Chris Dagdigian<br> <b>Subject:</b> Re: [Freeipa-users] URL is changing on the browser</font> <div> </div> </div> <div> <div id="divtagdefaultwrapper" dir="ltr" style="font-size:12pt; color:#000000; font-family:Calibri,Arial,Helvetica,sans-serif"> <p>Hello Chris,</p> <p><br> </p> <p>Were you able to get around AWS ELB integration with IPA Server? I am stuck with this - when i hit my ELB URL i am getting redirected to internal FQDN of the IP server ( hosted on private subnet). I tried tweaking ipa-rewrite.conf but in vain. As an alternate i have installed Apache reverse proxy on the public subnet and then proxying the requests to IPA. But then it does not work if i add one more IPA server <span style="font-family:Calibri,Arial,Helvetica,sans-serif,"Apple Color Emoji","Segoe UI Emoji",NotoColorEmoji,"Segoe UI Symbol","Android Emoji",EmojiSymbols; font-size:16px">for load balancing/failover - </span> i think its failing at "RequestHeader edit Referer" directive work.<span style="font-size:12pt"></span></p> <p><br> </p> <p></p> <p>Just thought of checking with you if found any solution to this issue</p> <p><br> </p> <p>Many Thanks for your time,</p> <p>Deepak</p> <p><br> </p> <br> <br> <div style="color:rgb(0,0,0)"> <div> <hr tabindex="-1" style="display:inline-block; width:98%"> <div id="x_divRplyFwdMsg" dir="ltr"><br> </div> </div> <font size="2"><span style="font-size:10pt"> <div class="PlainText">> On 15-Nov-2016, at 00:33, Chris Dagdigian <dag@sonsorol.org> wrote:<br> > <br> > <br> > I'm still interested in this topic as our IPA servers are on private AWS subnets and it would be really nice to have an internal AWS ALB or ELB be the user-facing interface so we can route traffic between IPA systems and only "advertise" a single hostname for access. Plus it would be great to put the load balancer name into the various sssd.conf and krb5.conf client files since our internal DNS-based service discovery has some brittleness that is outside my control to fix.<br> > <br> > I played with this for a short time and hit the "IPA redirects to it's internal FQDN" problem as well. Now that this appears to be a somewhat simple tweak to the httpd.conf type files I may start playing around with putting private IPA systems behind a private AWS load balancer<br> > <br> > Chris<br> > <br> > <br> > <br> > Deepak Dimri wrote:<br> >> we discussed the options internally and finally decided to host ipa within the private subnets - our security team wast too comfortable to expose ipa servers on to the public network.<br> > <br> </div> </span></font></div> </div> </div> </div> </div> </body> </html>