we discussed the options internally and finally decided to host ipa within the private subnets - our security team wast too comfortable to expose ipa servers on to the public network.
Sent from my iPhone > On 14-Nov-2016, at 17:56, Jan Pazdziora <jpazdzi...@redhat.com> wrote: > >> On Mon, Nov 14, 2016 at 08:49:34AM +0100, Martin Basti wrote: >>> On 13.11.2016 16:33, Deepak Dimri wrote: >>> >>> I have my IPA servers hosted in the AWS private subnets and i can access >>> them using AWS elb URL from public internet just fine. The problem is >>> that when i enter https://<elb>/index.htl (dummy index.html hosted on >>> IPA) i can access index.html just fine but when i try >>> https://<elb>/ipa/ui then i am getting redirected to >>> https://<ipa_private_hostname>/ipa/ui >>> <https://%3Cipa_private_hostname%3E/ipa/ui> which is resulting to >>> "This site can't be reached" error. >>> >>> What should i be doing to access IPA server(s) uri when they running >>> behind the load balancer or proxy servers? >> >> this may help you >> >> https://www.adelton.com/freeipa/freeipa-behind-proxy-with-different-name >> https://www.adelton.com/freeipa/freeipa-behind-ssl-proxy > > For the AWS case, wouldn't it be easier to just have the IPA server > use the public hostname from the very beginning? You can always put > appropriate records to /etc/hosts to shortcut the IPA->IPA traffic to > never leave the machine. > > -- > Jan Pazdziora > Senior Principal Software Engineer, Identity Management Engineering, Red Hat -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project