----- On Nov 14, 2016, at 9:38 AM, Peter Fern <free...@0xc0dedbad.com> wrote:
> I'd be interested to hear from anyone who has a working recipe for > HA/load-balancing (with HAProxy preferably). Cookie rewriting is doable, but I > can't see a way to rewrite the referrer for multiple backend hosts. One (quite hack-ish) way of doing it could be: 2 apache vhosts, one pointing to one IPA server, set up like https://www.adelton.com/freeipa/freeipa-behind-proxy-with-different-name SSLProxyEngine on ProxyPass / https://ipa.int.example.com/ ProxyPassReverse / https://ipa.int.example.com/ ProxyPassReverseCookieDomain ipa.int.example.com webipa.example.com RequestHeader edit Referer ^https://webipa\.example\.com/ https://ipa.int.example.com/ Then set up a second HA using HAproxy or Apache (with sticky session) pointing to the two Apache IPA vhosts. Thoug, not quite sure what will happen if you hit a down IPA server, but you should be able to configure that in the HA...
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project