----- On Nov 14, 2016, at 9:38 AM, Peter Fern <free...@0xc0dedbad.com> wrote: 

> I'd be interested to hear from anyone who has a working recipe for
> HA/load-balancing (with HAProxy preferably). Cookie rewriting is doable, but I
> can't see a way to rewrite the referrer for multiple backend hosts.
One (quite hack-ish) way of doing it could be: 
2 apache vhosts, one pointing to one IPA server, set up like 
https://www.adelton.com/freeipa/freeipa-behind-proxy-with-different-name 

SSLProxyEngine on
ProxyPass / https://ipa.int.example.com/
ProxyPassReverse / https://ipa.int.example.com/
ProxyPassReverseCookieDomain ipa.int.example.com webipa.example.com
RequestHeader edit Referer ^https://webipa\.example\.com/ 
https://ipa.int.example.com/ 

Then set up a second HA using HAproxy or Apache (with sticky session) pointing 
to the two Apache IPA vhosts. 
Thoug, not quite sure what will happen if you hit a down IPA server, but you 
should be able to configure that in the HA... 
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to