hi chris, i have the setup working fine with ELB -> apache reverse proxy on 
Fedora (public subnet) -> ipa (private subnet).  i want to use ubuntu instead 
of Fedora for the reverse proxy and i am unable to make the reverse proxy works 
on unbuntu with all the configurations we need for ipa. it would be really nice 
if someone can shareb  documented configurations steps for the ubuntu as well - 
simiar to the what is given in the link that martin had shared


Sent from my iPhone

> On 15-Nov-2016, at 00:33, Chris Dagdigian <d...@sonsorol.org> wrote:
> I'm still interested in this topic as our IPA servers are on private AWS 
> subnets and it would be really nice to have an internal AWS ALB or ELB be the 
> user-facing interface so we can route traffic between IPA systems and only 
> "advertise" a single hostname for access. Plus it would be great to put the 
> load balancer name into the various sssd.conf and krb5.conf client files 
> since our internal DNS-based service discovery has some brittleness that is 
> outside my control to fix.
> I played with this for a short time and hit the "IPA redirects to it's 
> internal FQDN" problem as well. Now that this appears to be a somewhat simple 
> tweak to the httpd.conf type files I may start playing around with putting 
> private IPA systems behind a private AWS load balancer
> Chris
> Deepak Dimri wrote:
>> we discussed the options internally and finally decided to host ipa within 
>> the private subnets - our security team wast too comfortable  to  expose ipa 
>> servers on to the public network.

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to