Georgiy Odisharia via FreeIPA-users wrote: > Hello there, > > I completely newbie in questions of LDAP. I want to deploy FreeIPA to my VPS > hosted on DigitalOcean using Docker image, It will be used only for personal > purposes. > > I have couple of questions. > > 1, Could I set up FreeIPA with following domains this way: > a. LDAP server is available from freeipa.<my domain>. > b. Web interface is available through services.<my domain>/freeipa.
I'm not sure why you'd want to do this. It adds a ton of complexity. If you're just starting out I think you would have endless problems. > c. My devices will be in DEVICES.<MY DOMAIN> domain. What devices? > > 2. FreeIPA contains DNS server. I have on my host machine enabled proxy > caching DNS server in systemd. I understand I must disable it. Which > consequences it will bring? What should I do to have DNS resolving on my host > machine and have DNS enabled inside Docker container with DNS server inside > it? IPA DNS is not mandatory. You just need sane forward and reverse DNS. The only thing you lose is when enrolling clients they can update their reverse DNS entry and share their SSH keys. > > 3. I want to reuse my acme.sh issued keys by Let's Encrypt for my personal > website for FreeIPA. Is it enough and what should I do to achieve that? I > don't want to use recommended way to do it, I want to integrate acme.sh > issued keys inside FreeIPA container. I'm not sure what recommended way you're talking about. Providing the web and LDAP certs at install time is fine. See the ipa-server-install man page. Personally I wouldn't mess with multiple DNS names until you can get the basics working. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
