/usr/share/pki/ca/conf/proxy.conf is in pki-ca 10.6.0-1ubuntu2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | ProxyRequests Off
# matches for ee port
<LocationMatch "^/ca/ee/*|^/ca/renewal|^/ca/certbasedenrollment|^/ca/ocsp|^/ca/enrollment|^/ca/profileSubmit|^/ca/cgi-bin/pkiclient.exe">
NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
NSSVerifyClient none
ProxyPassMatch ajp://[PKI_HOSTNAME]:[PKI_AJP_PORT]/
ProxyPassReverse ajp://[PKI_HOSTNAME]:[PKI_AJP_PORT]/
</LocationMatch>
# matches for admin port
<LocationMatch "^/ca/admin/*|^/ca/auths|^/ca/acl|^/ca/server|^/ca/caadmin|^/ca/caprofile|^/ca/jobsScheduler|^/ca/capublisher|^/ca/log|^/ca/ug">
NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
NSSVerifyClient none
ProxyPassMatch ajp://[PKI_HOSTNAME]:[PKI_AJP_PORT]/
ProxyPassReverse ajp://[PKI_HOSTNAME]:[PKI_AJP_PORT]/
</LocationMatch>
# matches for agent port and eeca port
<LocationMatch "^/ca/agent/*|^/ca/ca/getCertFromRequest|^/ca/ca/GetBySerial|^/ca/ca/connector|/ca/ca/displayCertFromRequest|^/ca/doRevoke|^/ca/eeca/*">
NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
NSSVerifyClient require
ProxyPassMatch ajp://[PKI_HOSTNAME]:[PKI_AJP_PORT]/
ProxyPassReverse ajp://[PKI_HOSTNAME]:[PKI_AJP_PORT]/
</LocationMatch>
# static content
<LocationMatch "^/graphics/*">
NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
NSSVerifyClient none
ProxyPassMatch ajp://[PKI_HOSTNAME]:[PKI_AJP_PORT]/
ProxyPassReverse ajp://[PKI_HOSTNAME]:[PKI_AJP_PORT]/
</LocationMatch>
|