[Freeipa-devel] [freeipa PR#395][opened] Configure PKI ajp redirection to use "localhost" instead of "::1"

Thu, 12 Jan 2017 23:59:13 -0800 

   URL: https://github.com/freeipa/freeipa/pull/395
Author: flo-renaud
 Title: #395: Configure PKI ajp redirection to use "localhost" instead of "::1"
Action: opened

PR body:
"""
When ipa-server-install configures PKI, it provides a configuration file
with the parameter pki_ajp_host set to ::1. This parameter is used to configure
Tomcat redirection in /etc/pki/pki-tomcat/server.xml:
    <Connector port="8009"
            protocol="AJP/1.3"
            redirectPort="8443"
            address="::1" />
ie all requests to port 8009 are redirected to port 8443 on address ::1.

If the /etc/hosts config file does not define ::1 for localhost, then AJP
redirection fails and replica install is not able to request a certificate
for the replica. Using "localhost" instead works with IPv4 or IPv6.

https://fedorahosted.org/freeipa/ticket/6575
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/395/head:pr395
git checkout pr395

From d021e7264daaccbf9f7fc3d0ce9c302350d4dbfc Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <f...@redhat.com>
Date: Thu, 12 Jan 2017 18:17:15 +0100
Subject: [PATCH] Configure PKI ajp redirection to use "localhost" instead of
 "::1"

When ipa-server-install configures PKI, it provides a configuration file
with the parameter pki_ajp_host set to ::1. This parameter is used to configure
Tomcat redirection in /etc/pki/pki-tomcat/server.xml:
    <Connector port="8009"
            protocol="AJP/1.3"
            redirectPort="8443"
            address="::1" />
ie all requests to port 8009 are redirected to port 8443 on address ::1.

If the /etc/hosts config file does not define ::1 for localhost, then AJP
redirection fails and replica install is not able to request a certificate
for the replica. Using "localhost" instead works with IPv4 or IPv6.

https://fedorahosted.org/freeipa/ticket/6575
---
 ipaserver/install/cainstance.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index f933479..e291986 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -597,7 +597,7 @@ def __spawn_instance(self):
 
         # PKI IPv6 Configuration
         config.add_section("Tomcat")
-        config.set("Tomcat", "pki_ajp_host", "::1")
+        config.set("Tomcat", "pki_ajp_host", "localhost")
 
         # Generate configuration file
         with open(cfg_file, "wb") as f:

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to