From e3f7d9befc0abdb4d5fb518a498b359675238828 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: May 05 2020 13:55:18 +0000 Subject: Simplify pki proxy conf ``pkispawn`` is being modified to use PKI CLI for installation. Add ``/pki/rest`` to proxied routes and simplify location matching with a prefix regular expression. Signed-off-by: Christian Heimes Reviewed-By: Alexander Bokovoy --- diff --git a/install/share/ipa-pki-proxy.conf.template b/install/share/ipa-pki-proxy.conf.template index 0710641..60088e2 100644 --- a/install/share/ipa-pki-proxy.conf.template +++ b/install/share/ipa-pki-proxy.conf.template @@ -1,4 +1,4 @@ -# VERSION 14 - DO NOT REMOVE THIS LINE +# VERSION 15 - DO NOT REMOVE THIS LINE ProxyRequests Off @@ -26,16 +26,8 @@ ProxyRequests Off ProxyPassReverse ajp://localhost:$DOGTAG_PORT -# matches for CA REST API - - SSLOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate - SSLVerifyClient optional - ProxyPassMatch ajp://localhost:$DOGTAG_PORT $DOGTAG_AJP_SECRET - ProxyPassReverse ajp://localhost:$DOGTAG_PORT - - -# matches for KRA REST API - +# matches for REST API of CA, KRA, and PKI + SSLOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate SSLVerifyClient optional ProxyPassMatch ajp://localhost:$DOGTAG_PORT $DOGTAG_AJP_SECRET