pki/base/ca/shared/conf/proxy.conf


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

ProxyRequests Off

# matches for ee port
<LocationMatch "^/ca/ee/*|^/ca/renewal|^/ca/certbasedenrollment|^/ca/ocsp|^/ca/enrollment|^/ca/profileSubmit|^/ca/cgi-bin/pkiclient.exe">
    NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
    NSSVerifyClient none
    ProxyPassMatch ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/
    ProxyPassReverse ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/
</LocationMatch>

# matches for admin port 
<LocationMatch "^/ca/admin/*|^/ca/auths|^/ca/acl|^/ca/server|^/ca/caadmin|^/ca/caprofile|^/ca/jobsScheduler|^/ca/capublisher|^/ca/log|^/ca/ug">
    NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
    NSSVerifyClient none
    ProxyPassMatch ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/
    ProxyPassReverse ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/
</LocationMatch>

# matches for agent port and eeca port
<LocationMatch "^/ca/agent/*|^/ca/ca/getCertFromRequest|^/ca/ca/GetBySerial|^/ca/ca/connector|/ca/ca/displayCertFromRequest|^/ca/doRevoke|^/ca/eeca/*">
    NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
    NSSVerifyClient require
    ProxyPassMatch ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/
    ProxyPassReverse ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/
</LocationMatch>

# static content
<LocationMatch "^/graphics/*">
    NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
    NSSVerifyClient none
    ProxyPassMatch ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/
    ProxyPassReverse ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/
</LocationMatch>