I've got my FreeIPA setup in an internal infrastructure, but I want to be
able to have users access the web UI externally. I tweaked the
ipa-rewrite.conf so it won't redirect me to the FQDN and then tried both a
nginx reverse proxy and port forwarding, both works if the client manually
sets the host name of the IPA server eg. ipa01.internaldomain.local in
their /etc/hosts file. However if the client tries to to use eg.
ipa.externaldomain.com with the same port forwarding or nginx proxy config,
it'll silently error. The docs briefly touches on this - but doesn't really
give much to go on.
Freeipa-users mailing list