URL: https://github.com/freeipa/freeipa/pull/395 Author: flo-renaud Title: #395: Configure PKI ajp redirection to use "localhost" instead of "::1" Action: opened
PR body: """ When ipa-server-install configures PKI, it provides a configuration file with the parameter pki_ajp_host set to ::1. This parameter is used to configure Tomcat redirection in /etc/pki/pki-tomcat/server.xml: <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" address="::1" /> ie all requests to port 8009 are redirected to port 8443 on address ::1. If the /etc/hosts config file does not define ::1 for localhost, then AJP redirection fails and replica install is not able to request a certificate for the replica. Using "localhost" instead works with IPv4 or IPv6. https://fedorahosted.org/freeipa/ticket/6575 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/395/head:pr395 git checkout pr395
From d021e7264daaccbf9f7fc3d0ce9c302350d4dbfc Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud <f...@redhat.com> Date: Thu, 12 Jan 2017 18:17:15 +0100 Subject: [PATCH] Configure PKI ajp redirection to use "localhost" instead of "::1" When ipa-server-install configures PKI, it provides a configuration file with the parameter pki_ajp_host set to ::1. This parameter is used to configure Tomcat redirection in /etc/pki/pki-tomcat/server.xml: <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" address="::1" /> ie all requests to port 8009 are redirected to port 8443 on address ::1. If the /etc/hosts config file does not define ::1 for localhost, then AJP redirection fails and replica install is not able to request a certificate for the replica. Using "localhost" instead works with IPv4 or IPv6. https://fedorahosted.org/freeipa/ticket/6575 --- ipaserver/install/cainstance.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index f933479..e291986 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -597,7 +597,7 @@ def __spawn_instance(self): # PKI IPv6 Configuration config.add_section("Tomcat") - config.set("Tomcat", "pki_ajp_host", "::1") + config.set("Tomcat", "pki_ajp_host", "localhost") # Generate configuration file with open(cfg_file, "wb") as f:
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code