[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Pki-devel] [Fwd: [Freeipa-devel] script to proxy-ize a dogtag instance]



Cross posting to pki-devel.
--- Begin Message ---
Hi, 

With recent changes, Dogtag instances in IPA now reside behind an Apache
proxy and are accessed using ports 80 and 443.  This is the default
configuration for any newly created instances.

Older instances that have been recently upgraded will need to run a
script to upgrade the Dogtag configuration to use the Apache proxy.

A script (pki_setup_proxy) is attached.  It is essentially complete -
only needing things like usage() and some cleanup.  It has been through
some minimal testing.  I am posting it now to help users who are stuck
to fix their existing instances.  It will be delivered as part of
pki-setup in the very near future.

The script will modify the following files (making a backup of each as
"$filename.pre-proxy" beforehand).
/var/lib/pki-ca/conf/proxy.conf
/var/lib/pki-ca/conf/CS.cfg
/var/lib/pki-ca/conf/server.xml
/var/lib/pki-ca/webapps/ca/WEB_INF/web.xml
/var/lib/pki-ca/webappas/ca/ee/ca/ProfileSubmit.template

And will log all actions in /var/log/pki-ca-proxy-setup.log

*************************************************
Instructions for IPA:

1. Run the script as follows (as root):
    chmod +x pki-setup-proxy
    ./pki-setup-proxy -pki_instance_root=/var/lib -pki_instance_name=pki-ca -subsystem_type=ca

2. Copy the proxy.conf file: 

    cp /var/lib/pki-ca/conf/proxy.conf /etc/httpd/conf.d/ipa-pki-proxy.conf

3. Restart IPA.

************************************************

Please send me feedback if things don't work!

Thanks, 
Ade


Attachment: pki-setup-proxy
Description: Perl program

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel redhat com
https://www.redhat.com/mailman/listinfo/freeipa-devel

--- End Message ---

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]