freeipa/install/conf/ipa-rewrite.conf

# VERSION 6 - DO NOT REMOVE THIS LINE

RewriteEngine on

# By default forward all requests to /ipa. If you don't want IPA
# to be the default on your web server comment this line out.
${AUTOREDIR}RewriteRule ^/$$ https://$FQDN/ipa/ui [L,NC,R=301]

# Redirect to the fully-qualified hostname. Not redirecting to secure
# port so configuration files can be retrieved without requiring SSL.
RewriteCond %{HTTP_HOST}    !^$FQDN$$ [NC]
RewriteRule ^/ipa/(.*)      http://$FQDN/ipa/$$1 [L,R=301]

# Redirect to the secure port if not displaying an error or retrieving
# configuration.
RewriteCond %{SERVER_PORT}  !^443$$
RewriteCond %{REQUEST_URI}  !^/ipa/(errors|config|crl)
RewriteCond %{REQUEST_URI}  !^/ipa/[^\?]+(\.js|\.css|\.png|\.gif|\.ico|\.woff|\.svg|\.ttf|\.eot)$$
RewriteRule ^/ipa/(.*)      https://$FQDN/ipa/$$1 [L,R=301,NC]

# Rewrite for plugin index, make it like it's a static file
RewriteRule ^/ipa/ui/js/freeipa/plugins.js$$    /ipa/wsgi/plugins.py [PT]
Do not redirect to https in /ipa/ui on non-HTML files Those resources are needed by page which has to use http(browser config) prior to acceptance of CA cert. https://fedorahosted.org/freeipa/ticket/3748 2013-06-24 10:44:15 -05:00			`# VERSION 6 - DO NOT REMOVE THIS LINE`
Refine our web space some more so that everything we reference is in /ipa UI: /ipa/ui XML-RPC: /ipa/xml errors: /ipa/errors config: /ipa/config I had to hardcode that URI into the CSS pages but TurboGears handles the rest of the translations with tg.url(). Added a version to ipa.conf and ipa-rewrite.conf so we can update them in the future if needed with ipa-upgradeconfig 440443 2008-05-07 08:33:00 -05:00
Redirect users when they don't use the FQDN on both SSL and non-SSL ports We update the mod_nss configuration (nss.conf) during installation to include ipa-rewrite.conf to handle the SSL side. 433054 2008-02-21 15:25:09 -06:00			`RewriteEngine on`

Re-root the IPA web UI to /ipa and the XML-RPC interface to /ipaxml. 438021 2008-03-24 14:54:55 -05:00			`# By default forward all requests to /ipa. If you don't want IPA`
Rewrite the migration page using WSGI 2010-10-29 08:38:17 -05:00			`# to be the default on your web server comment this line out.`
Add option to install without the automatic redirect to the Web UI. ticket 1570 2011-08-16 12:34:04 -05:00			`${AUTOREDIR}RewriteRule ^/$$ https://$FQDN/ipa/ui [L,NC,R=301]`
Re-root the IPA web UI to /ipa and the XML-RPC interface to /ipaxml. 438021 2008-03-24 14:54:55 -05:00
Redirect users when they don't use the FQDN on both SSL and non-SSL ports We update the mod_nss configuration (nss.conf) during installation to include ipa-rewrite.conf to handle the SSL side. 433054 2008-02-21 15:25:09 -06:00			`# Redirect to the fully-qualified hostname. Not redirecting to secure`
			`# port so configuration files can be retrieved without requiring SSL.`
			`RewriteCond %{HTTP_HOST} !^$FQDN$$ [NC]`
Limit the mod_rewrite rules to just /ipa 459209 2008-08-20 14:33:45 -05:00			`RewriteRule ^/ipa/(.*) http://$FQDN/ipa/$$1 [L,R=301]`
Redirect users when they don't use the FQDN on both SSL and non-SSL ports We update the mod_nss configuration (nss.conf) during installation to include ipa-rewrite.conf to handle the SSL side. 433054 2008-02-21 15:25:09 -06:00
			`# Redirect to the secure port if not displaying an error or retrieving`
			`# configuration.`
			`RewriteCond %{SERVER_PORT} !^443$$`
Do not redirect ipa/crl to HTTPS https://fedorahosted.org/freeipa/ticket/3713 2013-06-20 03:55:39 -05:00			`RewriteCond %{REQUEST_URI} !^/ipa/(errors\|config\|crl)`
Do not redirect to https in /ipa/ui on non-HTML files Those resources are needed by page which has to use http(browser config) prior to acceptance of CA cert. https://fedorahosted.org/freeipa/ticket/3748 2013-06-24 10:44:15 -05:00			`RewriteCond %{REQUEST_URI} !^/ipa/[^\?]+(\.js\|\.css\|\.png\|\.gif\|\.ico\|\.woff\|\.svg\|\.ttf\|\.eot)$$`
Limit the mod_rewrite rules to just /ipa 459209 2008-08-20 14:33:45 -05:00			`RewriteRule ^/ipa/(.*) https://$FQDN/ipa/$$1 [L,R=301,NC]`
Generate plugin index dynamically https://fedorahosted.org/freeipa/ticket/3235 2013-04-23 12:54:21 -05:00
			`# Rewrite for plugin index, make it like it's a static file`
			`RewriteRule ^/ipa/ui/js/freeipa/plugins.js$$ /ipa/wsgi/plugins.py [PT]`