Adding Jan into the email thread. Hopefully Jan can help too

Best Regards,

Deepak


________________________________
From: Deepak Dimri <deepak_di...@hotmail.com>
Sent: Sunday, November 27, 2016 8:08 PM
To: Chris Dagdigian
Subject: Re: [Freeipa-users] URL is changing on the browser


Hello Chris,


Were you able to get around AWS ELB integration with IPA Server?  I am stuck 
with this - when i hit my ELB URL i am getting redirected to internal FQDN of 
the IP server ( hosted on private subnet). I tried tweaking ipa-rewrite.conf 
but in vain.  As an alternate i have installed Apache reverse proxy on the 
public subnet and then proxying the requests to IPA. But then it does not work 
if i add one more IPA server for load balancing/failover -  i think its failing 
at  "RequestHeader edit Referer" directive work.


Just thought of checking with you if found any solution to this issue


Many Thanks for your time,

Deepak



________________________________

> On 15-Nov-2016, at 00:33, Chris Dagdigian <d...@sonsorol.org> wrote:
>
>
> I'm still interested in this topic as our IPA servers are on private AWS 
> subnets and it would be really nice to have an internal AWS ALB or ELB be the 
> user-facing interface so we can route traffic between IPA systems and only 
> "advertise" a single hostname for access. Plus it would be great to put the 
> load balancer name into the various sssd.conf and krb5.conf client files 
> since our internal DNS-based service discovery has some brittleness that is 
> outside my control to fix.
>
> I played with this for a short time and hit the "IPA redirects to it's 
> internal FQDN" problem as well. Now that this appears to be a somewhat simple 
> tweak to the httpd.conf type files I may start playing around with putting 
> private IPA systems behind a private AWS load balancer
>
> Chris
>
>
>
> Deepak Dimri wrote:
>> we discussed the options internally and finally decided to host ipa within 
>> the private subnets - our security team wast too comfortable  to  expose ipa 
>> servers on to the public network.
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to