diff options
Diffstat (limited to 'base/ca/shared/conf/proxy.conf')
-rw-r--r-- | base/ca/shared/conf/proxy.conf | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/base/ca/shared/conf/proxy.conf b/base/ca/shared/conf/proxy.conf new file mode 100644 index 000000000..663ba5722 --- /dev/null +++ b/base/ca/shared/conf/proxy.conf @@ -0,0 +1,34 @@ +ProxyRequests Off + +# matches for ee port +<LocationMatch "^/ca/ee/*|^/ca/renewal|^/ca/certbasedenrollment|^/ca/ocsp|^/ca/enrollment|^/ca/profileSubmit|^/ca/cgi-bin/pkiclient.exe"> + NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate + NSSVerifyClient none + ProxyPassMatch ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/ + ProxyPassReverse ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/ +</LocationMatch> + +# matches for admin port +<LocationMatch "^/ca/admin/*|^/ca/auths|^/ca/acl|^/ca/server|^/ca/caadmin|^/ca/caprofile|^/ca/jobsScheduler|^/ca/capublisher|^/ca/log|^/ca/ug"> + NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate + NSSVerifyClient none + ProxyPassMatch ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/ + ProxyPassReverse ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/ +</LocationMatch> + +# matches for agent port and eeca port +<LocationMatch "^/ca/agent/*|^/ca/ca/getCertFromRequest|^/ca/ca/GetBySerial|^/ca/ca/connector|/ca/ca/displayCertFromRequest|^/ca/doRevoke|^/ca/eeca/*"> + NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate + NSSVerifyClient require + ProxyPassMatch ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/ + ProxyPassReverse ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/ +</LocationMatch> + +# static content +<LocationMatch "^/graphics/*"> + NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate + NSSVerifyClient none + ProxyPassMatch ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/ + ProxyPassReverse ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/ +</LocationMatch> + |