From 4c288e653aec9c5d58ef782f07a13b9efde6e148 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 24 Mar 2008 15:54:55 -0400
Subject: Re-root the IPA web UI to /ipa and the XML-RPC interface to /ipaxml.

438021
---
 ipa-server/xmlrpc-server/ipa-rewrite.conf |  5 +++++
 ipa-server/xmlrpc-server/ipa.conf         | 27 +++++++++------------------
 2 files changed, 14 insertions(+), 18 deletions(-)

(limited to 'ipa-server/xmlrpc-server')

diff --git a/ipa-server/xmlrpc-server/ipa-rewrite.conf b/ipa-server/xmlrpc-server/ipa-rewrite.conf
index 977be739..af3a3afe 100644
--- a/ipa-server/xmlrpc-server/ipa-rewrite.conf
+++ b/ipa-server/xmlrpc-server/ipa-rewrite.conf
@@ -1,5 +1,10 @@
 RewriteEngine on
 
+# By default forward all requests to /ipa. If you don't want IPA
+# to be the default on your web server comment this line out. You will
+# need to modify ipa_webgui.cfg as well.
+RewriteRule ^/$$ https://$FQDN/ipa [L,NC,R=301]
+
 # Redirect to the fully-qualified hostname. Not redirecting to secure
 # port so configuration files can be retrieved without requiring SSL.
 RewriteCond %{HTTP_HOST}    !^$FQDN$$ [NC]
diff --git a/ipa-server/xmlrpc-server/ipa.conf b/ipa-server/xmlrpc-server/ipa.conf
index 10c9b5ec..c08282e3 100644
--- a/ipa-server/xmlrpc-server/ipa.conf
+++ b/ipa-server/xmlrpc-server/ipa.conf
@@ -22,36 +22,27 @@ AddType application/java-archive        jar
   Order deny,allow
   Allow from all
 
-  # We create a subrequest to find REMOTE_USER. Don't do this for every
-  # subrequest too (slow and huge logs result)
-  RewriteCond %{IS_SUBREQ}% false
-  RewriteRule .* - [E=RU:%{LA-U:REMOTE_USER}]
-  RequestHeader set X-Forwarded-User %{RU}e
   RequestHeader set X-Forwarded-Keytab %{KRB5CCNAME}e
 
   # RequestHeader unset Authorization
 </Proxy>
 
 # The URI's with a trailing ! are those that aren't handled by the proxy
-ProxyPass /cgi-bin !
-ProxyPass /errors !
-ProxyPass /config !
-ProxyPass /ipa !
-#ProxyPass /ipatest !
-ProxyPass / http://localhost:8080/
-ProxyPassReverse /cgi-bin !
-ProxyPassReverse /errors !
-ProxyPassReverse /config !
-ProxyPassReverse /ipa !
-#ProxyPassReverse /ipatest !
-ProxyPassReverse / http://localhost:8080/
+ProxyPass /ipa http://localhost:8080/ipa
+ProxyPassReverse /ipa http://localhost:8080/ipa
 
 # Configure the XML-RPC service
+Alias /ipaxml "/usr/share/ipa/ipaserver/XMLRPC"
 
-Alias /ipa "/usr/share/ipa/ipaserver/XMLRPC"
+# This is where we redirect on failed auth
 Alias /errors "/usr/share/ipa/html"
+
+# For the MIT Windows config files
 Alias /config "/usr/share/ipa/html"
 
+# So we don't have to hardcode a path into the CSS
+Alias /static "/usr/share/ipa/ipagui/static"
+
 <Directory "/usr/share/ipa/ipaserver">
   AuthType Kerberos
   AuthName "Kerberos Login"
-- 
cgit