Natxo Asenjo wrote: > hi, > > I just noticed some stuff was not functioning properly and it's because > the crl url is being redirected to https (centos 6.7). > > > $ curl http://kdc01.unix.domain.tld/ipa/crl/ > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> > <html><head> > <title>301 Moved Permanently</title> > </head><body> > <h1>Moved Permanently</h1> > <p>The document has moved <a > href="https://kdc01.unix.domain.tld/ipa/crl/">here</a>.</p> > <hr> > <address>Apache/2.2.15 (CentOS) Server at kdc01.unix.domain.tld Port > 80</address> > </body></html> > > This is ipa-rewrite.conf, it should not be happening, but it does: > > $ cat ipa-rewrite.conf > # VERSION 3 - DO NOT REMOVE THIS LINE > > RewriteEngine on > > # By default forward all requests to /ipa. If you don't want IPA > # to be the default on your web server comment this line out. > RewriteRule ^/$ https://kdc01.unix.iriszorg.nl/ipa/ui [L,NC,R=301] > > # Redirect to the fully-qualified hostname. Not redirecting to secure > # port so configuration files can be retrieved without requiring SSL. > RewriteCond %{HTTP_HOST} !^kdc01.unix.iriszorg.nl > <http://kdc01.unix.iriszorg.nl>$ [NC] > RewriteRule ^/ipa/(.*) http://kdc01.unix.iriszorg.nl/ipa/$1 [L,R=301] > > # Redirect to the secure port if not displaying an error or retrieving > # configuration. > RewriteCond %{SERVER_PORT} !^443$ > RewriteCond %{REQUEST_URI} !^/ipa/(errors|config) > RewriteRule ^/ipa/(.*) https://kdc01.unix.iriszorg.nl/ipa/$1 > [L,R=301,NC] > > Any ideas on how to fix this?
You should have a sections like these in /etc/httpd/conf.d/ipa.conf: <Location "/ipa/crl"> SetHandler None </Location> ... # For CRL publishing Alias /ipa/crl "/var/lib/ipa/pki-ca/publish" <Directory "/var/lib/ipa/pki-ca/publish"> SetHandler None AllowOverride None Options Indexes FollowSymLinks Satisfy Any Allow from all </Directory> rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project