Any suggestions or workaround, short of having to switch the IPA's hostname
to use a public domain?

Andrew


On Wed, Aug 14, 2013 at 5:36 PM, Petr Vobornik <pvobo...@redhat.com> wrote:

> On 08/14/2013 08:00 AM, Andrew Lau wrote:
>
>> Hi,
>>
>> I've got my FreeIPA setup in an internal infrastructure, but I want to be
>> able to have users access the web UI externally. I tweaked the
>> ipa-rewrite.conf so it won't redirect me to the FQDN and then tried both a
>> nginx reverse proxy and port forwarding, both works if the client manually
>> sets the host name of the IPA server eg. ipa01.internaldomain.local in
>> their /etc/hosts file. However if the client tries to to use eg.
>> ipa.externaldomain.com with the same port forwarding or nginx proxy
>> config,
>> it'll silently error. The docs briefly touches on this - but doesn't
>> really
>> give much to go on.
>>
>> Any suggestions?
>>
>> Andrew
>> .
>>
>>  Hi,
>
> FreeIPA RPC API, which Web UI uses, requires http referer header to start
> with 'https://<ipa.server.hostname>**/ipa'. Given that you are using
> proxy, I assume that the referer is different and might be a cause of the
> issue.
>
> HTH
> --
> Petr Vobornik
>
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to