Re: [Freeipa-users] A question related to ipa webui
Jan Pazdziora wrote: On Thu, Aug 11, 2016 at 11:10:21AM +0200, bahan w wrote: I'm using ipa 3.0.0.47. I have an architecture where the IPA server is located on a secure zone, not accessible from anyone. The IPA server has 2 network interfaces : - IP1 - IP2 In the secure zone, the IP1 network is used for the communication between the servers. The IP2 is used for administrators to connect to the servers inside the secure zone. The only way to connect to the IPA server for external users is a proxy which allows us to connect to the IP2. I installed the ipa-server using the IP1 network interface. When I try to connect through proxy to the IPA webui, I use the IP2 network interface. My problem is the following : I type the following URL : https:// It redirects me to the following URL : https:///ipa/ui When I try https:///ipa/ui, it redirects me to https:///ipa/ui. [...] httpd2433 apache4u IPv4 xx 0t0 TCP *:https (LISTEN) httpd2434 apache4u IPv4 xx 0t0 TCP *:https (LISTEN) httpd 30861 root4u IPv4 xx 0t0 TCP *:https (LISTEN) ### Is there something I am missing in the IPA configuration for the WebUI please ? Perhaps https://www.adelton.com/freeipa/freeipa-behind-proxy-with-different-name could give some hints. It was tested on FreeIPA 4.* -- on 3.0, you might need to tweak it a bit but the theory and goal should be the same. It is the mod_rewrite rules in /etc/httpd/conf.d/ipa-rewrite.conf doing the redirects. As Jan points out there are going to be hostname issues, etc that his blog should help with. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] A question related to ipa webui
On Thu, Aug 11, 2016 at 11:10:21AM +0200, bahan w wrote: > > I'm using ipa 3.0.0.47. > > I have an architecture where the IPA server is located on a secure zone, > not accessible from anyone. > > The IPA server has 2 network interfaces : > - IP1 > - IP2 > > In the secure zone, the IP1 network is used for the communication between > the servers. > The IP2 is used for administrators to connect to the servers inside the > secure zone. > > The only way to connect to the IPA server for external users is a proxy > which allows us to connect to the IP2. > > I installed the ipa-server using the IP1 network interface. > When I try to connect through proxy to the IPA webui, I use the IP2 network > interface. > > My problem is the following : > I type the following URL : > https:// > > It redirects me to the following URL : > https:///ipa/ui > > When I try https:///ipa/ui, it redirects me to https:///ipa/ui. [...] > httpd2433 apache4u IPv4 xx 0t0 TCP *:https (LISTEN) > httpd2434 apache4u IPv4 xx 0t0 TCP *:https (LISTEN) > httpd 30861 root4u IPv4 xx 0t0 TCP *:https (LISTEN) > ### > > Is there something I am missing in the IPA configuration for the WebUI > please ? Perhaps https://www.adelton.com/freeipa/freeipa-behind-proxy-with-different-name could give some hints. It was tested on FreeIPA 4.* -- on 3.0, you might need to tweak it a bit but the theory and goal should be the same. -- Jan Pazdziora Senior Principal Software Engineer, Identity Management Engineering, Red Hat -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] A question related to ipa webui
Hello ! I'm using ipa 3.0.0.47. I have an architecture where the IPA server is located on a secure zone, not accessible from anyone. The IPA server has 2 network interfaces : - IP1 - IP2 In the secure zone, the IP1 network is used for the communication between the servers. The IP2 is used for administrators to connect to the servers inside the secure zone. The only way to connect to the IPA server for external users is a proxy which allows us to connect to the IP2. I installed the ipa-server using the IP1 network interface. When I try to connect through proxy to the IPA webui, I use the IP2 network interface. My problem is the following : I type the following URL : https:// It redirects me to the following URL : https:///ipa/ui When I try https:///ipa/ui, it redirects me to https:///ipa/ui. And unfortunately, this IP1 is not reachable from outside of the secure zone. When I check from the server, I can see the service is listening on all network interfaces. ### # lsof -i :443 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME httpd2427 apache4u IPv4 xx 0t0 TCP *:https (LISTEN) httpd2428 apache4u IPv4 xx 0t0 TCP *:https (LISTEN) httpd2429 apache4u IPv4 xx 0t0 TCP *:https (LISTEN) httpd2430 apache4u IPv4 xx 0t0 TCP *:https (LISTEN) httpd2431 apache4u IPv4 xx 0t0 TCP *:https (LISTEN) httpd2432 apache4u IPv4 xx 0t0 TCP *:https (LISTEN) httpd2433 apache4u IPv4 xx 0t0 TCP *:https (LISTEN) httpd2434 apache4u IPv4 xx 0t0 TCP *:https (LISTEN) httpd 30861 root4u IPv4 xx 0t0 TCP *:https (LISTEN) ### Is there something I am missing in the IPA configuration for the WebUI please ? Best regards. Bahan -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
