FreeIPA without web UI or change of ports

No, you cannot change the ports and configuration. Changing them will cause other parts of the system that expect JSON-RPC and XML-RPC end-points to fail because they assume the endpoints are available on 443, not anything else and there is no mechanism to negotiate an alternative port for the IPA framework and clients.

As result, client machines deployment will not work and IPA management from the command line will not work either. Web UI is just a JavaScript application that utilizes the same JSON-RPC endpoints which are used by command line tools.

Practically, the question is why you need to change the configuration? If you want to host other applications on FreeIPA master nodes, I do recommend to reconsider this. FreeIPA master nodes host your authentication infrastructure and co-hosting anything else is essentially expanding an attack surface for anyone interesting in hacking into the core of your infrastructure.


While it is not recommended for production purpose, you could run freeIPA as a docker container with the ports 80 & 443 reassigned.

If you want to use the FreeIPA server not just from the host where it is running but from external machines as well, you can use the -p options to make the services accessible externally. You will then likely want to also specify the IPA_SERVER_IP environment variable via the -e option to define what IP address the server should put to DNS as its address. Starting the server would then be

docker run --name freeipa-server-container -ti \
    -e IPA_SERVER_IP=10.12.0.98 \
    -p 53:53/udp -p 53:53 \
    -p 8880:80 -p 8443:443 -p 389:389 -p 636:636 -p 88:88 -p 464:464 \
    -p 88:88/udp -p 464:464/udp -p 123:123/udp \
    -h ipa.example.test --read-only \
    -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
    -v /var/lib/ipa-data:/data:Z \
    freeipa-server

See the freeipa docker image info here for more information.