Adding Jan into the email thread. Hopefully Jan can help too
Best Regards, Deepak ________________________________ From: Deepak Dimri <deepak_di...@hotmail.com> Sent: Sunday, November 27, 2016 8:08 PM To: Chris Dagdigian Subject: Re: [Freeipa-users] URL is changing on the browser Hello Chris, Were you able to get around AWS ELB integration with IPA Server? I am stuck with this - when i hit my ELB URL i am getting redirected to internal FQDN of the IP server ( hosted on private subnet). I tried tweaking ipa-rewrite.conf but in vain. As an alternate i have installed Apache reverse proxy on the public subnet and then proxying the requests to IPA. But then it does not work if i add one more IPA server for load balancing/failover - i think its failing at "RequestHeader edit Referer" directive work. Just thought of checking with you if found any solution to this issue Many Thanks for your time, Deepak ________________________________ > On 15-Nov-2016, at 00:33, Chris Dagdigian <d...@sonsorol.org> wrote: > > > I'm still interested in this topic as our IPA servers are on private AWS > subnets and it would be really nice to have an internal AWS ALB or ELB be the > user-facing interface so we can route traffic between IPA systems and only > "advertise" a single hostname for access. Plus it would be great to put the > load balancer name into the various sssd.conf and krb5.conf client files > since our internal DNS-based service discovery has some brittleness that is > outside my control to fix. > > I played with this for a short time and hit the "IPA redirects to it's > internal FQDN" problem as well. Now that this appears to be a somewhat simple > tweak to the httpd.conf type files I may start playing around with putting > private IPA systems behind a private AWS load balancer > > Chris > > > > Deepak Dimri wrote: >> we discussed the options internally and finally decided to host ipa within >> the private subnets - our security team wast too comfortable to expose ipa >> servers on to the public network. >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project