From d9cda33f9832604bb8b8b936c1ca63f9b6f64063 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= <aurelien@bompard.org>
Date: Wed, 21 Oct 2020 15:52:16 +0200
Subject: [PATCH] IPA: missing rewrite
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
---
 roles/ipa/server/files/ipa-rewrite.conf | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/roles/ipa/server/files/ipa-rewrite.conf b/roles/ipa/server/files/ipa-rewrite.conf
index 12722ee807..7e0c29b3d6 100644
--- a/roles/ipa/server/files/ipa-rewrite.conf
+++ b/roles/ipa/server/files/ipa-rewrite.conf
@@ -1 +1,22 @@
 # VERSION 6 - DO NOT REMOVE THIS LINE
+
+RewriteEngine on
+
+# By default forward all requests to /ipa. If you don't want IPA
+# to be the default on your web server comment this line out.
+# RewriteRule ^/$ https://id{{ env_suffix }}.fedoraproject.org/ipa/ui [L,NC,R=301]
+
+# Redirect to the fully-qualified hostname. Not redirecting to secure
+# port so configuration files can be retrieved without requiring SSL.
+# RewriteCond %{HTTP_HOST}    !^id{{ env_suffix }}.fedoraproject.org$ [NC]
+# RewriteRule ^/ipa/(.*)      http://id{{ env_suffix }}.fedoraproject.org/ipa/$1 [L,R=301]
+
+# Redirect to the secure port if not displaying an error or retrieving
+# configuration.
+# RewriteCond %{SERVER_PORT}  !^443$
+# RewriteCond %{REQUEST_URI}  !^/ipa/(errors|config|crl)
+# RewriteCond %{REQUEST_URI}  !^/ipa/[^\?]+(\.js|\.css|\.png|\.gif|\.ico|\.woff|\.svg|\.ttf|\.eot)$
+# RewriteRule ^/ipa/(.*)      https://id{{ env_suffix }}.fedoraproject.org/ipa/$1 [L,R=301,NC]
+
+# Rewrite for plugin index, make it like it's a static file
+RewriteRule ^/ipa/ui/js/freeipa/plugins.js$    /ipa/wsgi/plugins.py [PT]