Adding Jan into the email thread. Hopefully Jan can help too

Best Regards,


From: Deepak Dimri <>
Sent: Sunday, November 27, 2016 8:08 PM
To: Chris Dagdigian
Subject: Re: [Freeipa-users] URL is changing on the browser

Hello Chris,

Were you able to get around AWS ELB integration with IPA Server?  I am stuck 
with this - when i hit my ELB URL i am getting redirected to internal FQDN of 
the IP server ( hosted on private subnet). I tried tweaking ipa-rewrite.conf 
but in vain.  As an alternate i have installed Apache reverse proxy on the 
public subnet and then proxying the requests to IPA. But then it does not work 
if i add one more IPA server for load balancing/failover -  i think its failing 
at  "RequestHeader edit Referer" directive work.

Just thought of checking with you if found any solution to this issue

Many Thanks for your time,



> On 15-Nov-2016, at 00:33, Chris Dagdigian <> wrote:
> I'm still interested in this topic as our IPA servers are on private AWS 
> subnets and it would be really nice to have an internal AWS ALB or ELB be the 
> user-facing interface so we can route traffic between IPA systems and only 
> "advertise" a single hostname for access. Plus it would be great to put the 
> load balancer name into the various sssd.conf and krb5.conf client files 
> since our internal DNS-based service discovery has some brittleness that is 
> outside my control to fix.
> I played with this for a short time and hit the "IPA redirects to it's 
> internal FQDN" problem as well. Now that this appears to be a somewhat simple 
> tweak to the httpd.conf type files I may start playing around with putting 
> private IPA systems behind a private AWS load balancer
> Chris
> Deepak Dimri wrote:
>> we discussed the options internally and finally decided to host ipa within 
>> the private subnets - our security team wast too comfortable  to  expose ipa 
>> servers on to the public network.
Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to