/usr/share/pki/ca/conf/proxy.conf

This file is indexed.

/usr/share/pki/ca/conf/proxy.conf is in pki-ca 10.6.0-1ubuntu2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

ProxyRequests Off

# matches for ee port
<LocationMatch "^/ca/ee/*|^/ca/renewal|^/ca/certbasedenrollment|^/ca/ocsp|^/ca/enrollment|^/ca/profileSubmit|^/ca/cgi-bin/pkiclient.exe">
    NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
    NSSVerifyClient none
    ProxyPassMatch ajp://[PKI_HOSTNAME]:[PKI_AJP_PORT]/
    ProxyPassReverse ajp://[PKI_HOSTNAME]:[PKI_AJP_PORT]/
</LocationMatch>

# matches for admin port 
<LocationMatch "^/ca/admin/*|^/ca/auths|^/ca/acl|^/ca/server|^/ca/caadmin|^/ca/caprofile|^/ca/jobsScheduler|^/ca/capublisher|^/ca/log|^/ca/ug">
    NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
    NSSVerifyClient none
    ProxyPassMatch ajp://[PKI_HOSTNAME]:[PKI_AJP_PORT]/
    ProxyPassReverse ajp://[PKI_HOSTNAME]:[PKI_AJP_PORT]/
</LocationMatch>

# matches for agent port and eeca port
<LocationMatch "^/ca/agent/*|^/ca/ca/getCertFromRequest|^/ca/ca/GetBySerial|^/ca/ca/connector|/ca/ca/displayCertFromRequest|^/ca/doRevoke|^/ca/eeca/*">
    NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
    NSSVerifyClient require
    ProxyPassMatch ajp://[PKI_HOSTNAME]:[PKI_AJP_PORT]/
    ProxyPassReverse ajp://[PKI_HOSTNAME]:[PKI_AJP_PORT]/
</LocationMatch>

# static content
<LocationMatch "^/graphics/*">
    NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
    NSSVerifyClient none
    ProxyPassMatch ajp://[PKI_HOSTNAME]:[PKI_AJP_PORT]/
    ProxyPassReverse ajp://[PKI_HOSTNAME]:[PKI_AJP_PORT]/
</LocationMatch>

pki-ca 10.6.0-1ubuntu2 / usr / share / pki / ca / conf / proxy.conf