Hi Jan, Thanks for your reply. Sorry for the typo its AWS ELB.
I have seen the link you shared below. My issue is that i want my IPA servers in Failover/Load Balancing mode and when i add another IPA server using Proxy balancer i believe ProxyPassReverseCookieDomain and RequestHeader edit Referer directives does not work for me. Basically I am trying to make the balancer to work with below configuration but its failing at the ProxyPassReverseCookieDomain and RequestHeader edit Referer directives level: <VirtualHost _default_:443> <Proxy balancer://ipacluster> # IPA Server 1 BalancerMember https://ipa1.int.example.com/ # IPA Server 2 BalancerMember https://ipa2.int.example.com/ </Proxy> SSLProxyEngine on ProxyPass / balancer://ipacluster/ ProxyPassReverse / balancer://ipacluster/ ProxyPassReverseCookieDomain ipa1.int.example.com webipa.example.com RequestHeader edit Referer ^https://webipa\.example\.com/ https://ipa1.int.example.com/ ProxyPassReverseCookieDomain ipa2.int.example.com webipa.example.com RequestHeader edit Referer ^https://webipa\.example\.com/ https://ipa2.int.example.com/ </VirtualHost> I am not sure how ProxyPassReverseCookieDomain and RequestHeader edit Referer can be configured in this scenario along with Proxy balancer? Regards, Deepak ________________________________ From: freeipa-users-boun...@redhat.com <freeipa-users-boun...@redhat.com> on behalf of Jan Pazdziora <jpazdzi...@redhat.com> Sent: Monday, November 28, 2016 3:04 AM To: deepak dimri Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] IPA rewrite conf On Sun, Nov 27, 2016 at 01:06:36PM +0530, deepak dimri wrote: > Hi All, > > I am posting my issue here with an hope that i get a response. > > I have WS ELB configured to connect to FreeIPA servers on Ubuntu. My > FreeIPA servers are in private subnets. I am able to access my test > index.html page deployed on the FreeIPA server by hitting https://<elb > url>/index.html. However when i try IPA UI https://<elb url>/ipa/ui then i > am getting redirected to my internal IPA address which then resulting to > "site cannot be reached" error. I am wondering if i have an option of > tweaking my /usr/share/ipa/ipa-rewrite.conf file so that i can access IPA > UI using external ELB URL? > > Would appreciate if some one can give some pointers I don't know what WS ELB is but maybe https://www.adelton.com/freeipa/freeipa-behind-proxy-with-different-name can get you started? -- Jan Pazdziora Senior Principal Software Engineer, Identity Management Engineering, Red Hat -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
