diff options
Diffstat (limited to 'ipa-server/xmlrpc-server')
| -rw-r--r-- | ipa-server/xmlrpc-server/ipa-rewrite.conf | 5 | ||||
| -rw-r--r-- | ipa-server/xmlrpc-server/ipa.conf | 27 |
2 files changed, 14 insertions, 18 deletions
diff --git a/ipa-server/xmlrpc-server/ipa-rewrite.conf b/ipa-server/xmlrpc-server/ipa-rewrite.conf index 977be7398..af3a3afe2 100644 --- a/ipa-server/xmlrpc-server/ipa-rewrite.conf +++ b/ipa-server/xmlrpc-server/ipa-rewrite.conf @@ -1,5 +1,10 @@ RewriteEngine on +# By default forward all requests to /ipa. If you don't want IPA +# to be the default on your web server comment this line out. You will +# need to modify ipa_webgui.cfg as well. +RewriteRule ^/$$ https://$FQDN/ipa [L,NC,R=301] + # Redirect to the fully-qualified hostname. Not redirecting to secure # port so configuration files can be retrieved without requiring SSL. RewriteCond %{HTTP_HOST} !^$FQDN$$ [NC] diff --git a/ipa-server/xmlrpc-server/ipa.conf b/ipa-server/xmlrpc-server/ipa.conf index 10c9b5ec2..c08282e3b 100644 --- a/ipa-server/xmlrpc-server/ipa.conf +++ b/ipa-server/xmlrpc-server/ipa.conf @@ -22,36 +22,27 @@ AddType application/java-archive jar Order deny,allow Allow from all - # We create a subrequest to find REMOTE_USER. Don't do this for every - # subrequest too (slow and huge logs result) - RewriteCond %{IS_SUBREQ}% false - RewriteRule .* - [E=RU:%{LA-U:REMOTE_USER}] - RequestHeader set X-Forwarded-User %{RU}e RequestHeader set X-Forwarded-Keytab %{KRB5CCNAME}e # RequestHeader unset Authorization </Proxy> # The URI's with a trailing ! are those that aren't handled by the proxy -ProxyPass /cgi-bin ! -ProxyPass /errors ! -ProxyPass /config ! -ProxyPass /ipa ! -#ProxyPass /ipatest ! -ProxyPass / http://localhost:8080/ -ProxyPassReverse /cgi-bin ! -ProxyPassReverse /errors ! -ProxyPassReverse /config ! -ProxyPassReverse /ipa ! -#ProxyPassReverse /ipatest ! -ProxyPassReverse / http://localhost:8080/ +ProxyPass /ipa http://localhost:8080/ipa +ProxyPassReverse /ipa http://localhost:8080/ipa # Configure the XML-RPC service +Alias /ipaxml "/usr/share/ipa/ipaserver/XMLRPC" -Alias /ipa "/usr/share/ipa/ipaserver/XMLRPC" +# This is where we redirect on failed auth Alias /errors "/usr/share/ipa/html" + +# For the MIT Windows config files Alias /config "/usr/share/ipa/html" +# So we don't have to hardcode a path into the CSS +Alias /static "/usr/share/ipa/ipagui/static" + <Directory "/usr/share/ipa/ipaserver"> AuthType Kerberos AuthName "Kerberos Login" |