Any suggestions or workaround, short of having to switch the IPA's hostname to use a public domain?
Andrew On Wed, Aug 14, 2013 at 5:36 PM, Petr Vobornik <[email protected]> wrote: > On 08/14/2013 08:00 AM, Andrew Lau wrote: > >> Hi, >> >> I've got my FreeIPA setup in an internal infrastructure, but I want to be >> able to have users access the web UI externally. I tweaked the >> ipa-rewrite.conf so it won't redirect me to the FQDN and then tried both a >> nginx reverse proxy and port forwarding, both works if the client manually >> sets the host name of the IPA server eg. ipa01.internaldomain.local in >> their /etc/hosts file. However if the client tries to to use eg. >> ipa.externaldomain.com with the same port forwarding or nginx proxy >> config, >> it'll silently error. The docs briefly touches on this - but doesn't >> really >> give much to go on. >> >> Any suggestions? >> >> Andrew >> . >> >> Hi, > > FreeIPA RPC API, which Web UI uses, requires http referer header to start > with 'https://<ipa.server.hostname>**/ipa'. Given that you are using > proxy, I assume that the referer is different and might be a cause of the > issue. > > HTH > -- > Petr Vobornik >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
