we discussed the options internally and finally decided to host ipa within the 
private subnets - our security team wast too comfortable  to  expose ipa 
servers on to the public network. 

Sent from my iPhone

> On 14-Nov-2016, at 17:56, Jan Pazdziora <jpazdzi...@redhat.com> wrote:
> 
>> On Mon, Nov 14, 2016 at 08:49:34AM +0100, Martin Basti wrote:
>>> On 13.11.2016 16:33, Deepak Dimri wrote:
>>> 
>>> I have my IPA servers hosted in the AWS private subnets and i can access
>>> them using AWS elb URL from public internet just fine.  The problem is
>>> that when i enter https://<elb>/index.htl  (dummy index.html hosted on
>>> IPA)  i can access index.html just fine but when i try
>>> https://<elb>/ipa/ui then i am getting redirected to
>>> https://<ipa_private_hostname>/ipa/ui
>>> <https://%3Cipa_private_hostname%3E/ipa/ui>  which is resulting to
>>> "This site can't be reached" error.
>>> 
>>> What should i be doing to access IPA server(s) uri when they running
>>> behind the load balancer or proxy servers?
>> 
>> this may help you
>> 
>> https://www.adelton.com/freeipa/freeipa-behind-proxy-with-different-name
>> https://www.adelton.com/freeipa/freeipa-behind-ssl-proxy
> 
> For the AWS case, wouldn't it be easier to just have the IPA server
> use the public hostname from the very beginning? You can always put
> appropriate records to /etc/hosts to shortcut the IPA->IPA traffic to
> never leave the machine.
> 
> -- 
> Jan Pazdziora
> Senior Principal Software Engineer, Identity Management Engineering, Red Hat

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to