On 08/24/2015 01:47 AM, Martin Kosek wrote:
FreeIPA can play well with other stuff running on the same Apache as long as
you do not break it's Apache configuration - like mod_nss running on port 443,
CA proxy or the RPC connection URIs used by "ipa" tool or other tools.

So the answer is - it is possible, but there are dragons lurking on the
shadows, so please be careful.

So I think that I have this working.  I've been able to set up a
"default" named virtual host on port 80 that does the IPA web UI
redirection, along with a separate named virtual host that redirects
to a reverse proxy (SSL endpoint)/static content server on a random
high port.

(This will all be used to secure access to my new OpenSprinkler
controller when it arrives.)

I've posted a sanitized version of the config file at:

  http://pastebin.com/aPyG3q4v

I've tested both "redirection" servers on port 80, using both short
hostnames and FQDNs, and I've verified that the correct certificates
and CA chains are being served on ports 443 and 59872.

How can I test the CA proxy and RPC URIs?  Is there anything else I
should check before I declare victory and start drinking?

Thanks!

--
========================================================================
Ian Pilcher                                         arequip...@gmail.com
-------- "I grew up before Mark Zuckerberg invented friendship" --------
========================================================================

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to