diff options
author | vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-08-25 21:28:42 +0000 |
---|---|---|
committer | vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-08-25 21:28:42 +0000 |
commit | e90d291d9a737369587711eb6a879d700a3c5d7b (patch) | |
tree | 219ec045ffca61e759343b896ef23f36c5403951 /pki/base/ca/shared | |
parent | 888b8707a96369854787351390e52280c991872a (diff) | |
download | pki-e90d291d9a737369587711eb6a879d700a3c5d7b.tar.gz pki-e90d291d9a737369587711eb6a879d700a3c5d7b.tar.xz pki-e90d291d9a737369587711eb6a879d700a3c5d7b.zip |
Resolves #712931 - CS requires too many ports to be open in the FW. added proxy-ipa.conf
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2179 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/ca/shared')
-rw-r--r-- | pki/base/ca/shared/conf/proxy-ipa.conf | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/pki/base/ca/shared/conf/proxy-ipa.conf b/pki/base/ca/shared/conf/proxy-ipa.conf new file mode 100644 index 000000000..b619b551d --- /dev/null +++ b/pki/base/ca/shared/conf/proxy-ipa.conf @@ -0,0 +1,26 @@ +ProxyRequests Off + +# matches for ee port +<LocationMatch "^/ca/ee/ca/checkRequest|^/ca/ee/ca/getCertChain|^/ca/ee/ca/getTokenInfo|^/ca/ee/ca/tokenAuthenticate|^/ca/ocsp|^/ca/ee/ca/updateNumberRange"> + NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate + NSSVerifyClient none + ProxyPassMatch ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/ + ProxyPassReverse ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/ +</LocationMatch> + +# matches for admin port +<LocationMatch "^/ca/admin/ca/getCertChain|^/ca/admin/ca/getConfigEntries|^/ca/admin/ca/getCookie|^/ca/admin/ca/getStatus|^/ca/admin/ca/securityDomainLogin|^/ca/admin/ca/getDomainXML"> + NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate + NSSVerifyClient none + ProxyPassMatch ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/ + ProxyPassReverse ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/ +</LocationMatch> + +# matches for agent port and eeca port +<LocationMatch "^/ca/agent/ca/displayBySerial|^/ca/agent/ca/doRevoke|^/ca/agent/ca/doUnrevoke|^/ca/agent/ca/updateDomainXML|^/ca/eeca/ca/profileSubmitSSLClient"> + NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate + NSSVerifyClient require + ProxyPassMatch ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/ + ProxyPassReverse ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/ +</LocationMatch> + |