mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-05-11 10:32:27 +08:00
dd2093e4c6
There are some variables that need to be filled in ipa-rewrite.conf, but it was not in template directory, so that didn't happen. Signed-off-by: Michal Konecny <mkonecny@redhat.com>
33 lines
1.6 KiB
Plaintext
33 lines
1.6 KiB
Plaintext
# VERSION 6 - DO NOT REMOVE THIS LINE
|
|
|
|
RewriteEngine on
|
|
|
|
# By default forward all requests to /ipa. If you don't want IPA
|
|
# to be the default on your web server comment this line out.
|
|
# RewriteRule ^/$ https://id{{ env_suffix }}.fedoraproject.org/ipa/ui [L,NC,R=301]
|
|
|
|
# Redirect to the fully-qualified hostname. Not redirecting to secure
|
|
# port so configuration files can be retrieved without requiring SSL.
|
|
# RewriteCond %{HTTP_HOST} !^id{{ env_suffix }}.fedoraproject.org$ [NC]
|
|
# RewriteRule ^/ipa/(.*) http://id{{ env_suffix }}.fedoraproject.org/ipa/$1 [L,R=301]
|
|
|
|
# Redirect to the secure port if not displaying an error or retrieving
|
|
# configuration.
|
|
# RewriteCond %{SERVER_PORT} !^443$
|
|
# RewriteCond %{REQUEST_URI} !^/ipa/(errors|config|crl)
|
|
# RewriteCond %{REQUEST_URI} !^/ipa/[^\?]+(\.js|\.css|\.png|\.gif|\.ico|\.woff|\.svg|\.ttf|\.eot)$
|
|
# RewriteRule ^/ipa/(.*) https://id{{ env_suffix }}.fedoraproject.org/ipa/$1 [L,R=301,NC]
|
|
|
|
# Rewrite for plugin index, make it like it's a static file
|
|
RewriteRule ^/ipa/ui/js/freeipa/plugins.js$ /ipa/wsgi/plugins.py [PT]
|
|
|
|
# The following lines break the python-freeipa library that Noggin and FASJSON
|
|
# use. Don't enable them until we have found another way to make windows
|
|
# browsers happy.
|
|
# Maybe something like: https://github.com/gssapi/mod_auth_gssapi#example-1
|
|
# # The following disables the annoying kerberos popup for browsers on windows
|
|
# RewriteCond %{HTTP_COOKIE} !ipa_session
|
|
# RewriteCond %{HTTP_REFERER} ^(.+)/ipa/ui/$
|
|
# RewriteRule ^/ipa/session/json$ - [R=401,L]
|
|
# RedirectMatch 401 ^/ipa/session/login_kerberos
|