# VERSION 8 - DO NOT REMOVE THIS LINE
ProxyRequests Off
# matches for ee port
NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
NSSVerifyClient none
ProxyPassMatch ajp://localhost:$DOGTAG_PORT
ProxyPassReverse ajp://localhost:$DOGTAG_PORT
# matches for admin port and installer
NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
NSSVerifyClient none
ProxyPassMatch ajp://localhost:$DOGTAG_PORT
ProxyPassReverse ajp://localhost:$DOGTAG_PORT
# matches for agent port and eeca port
NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
NSSVerifyClient require
ProxyPassMatch ajp://localhost:$DOGTAG_PORT
ProxyPassReverse ajp://localhost:$DOGTAG_PORT
# matches for CA REST API
NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
NSSVerifyClient optional
ProxyPassMatch ajp://localhost:$DOGTAG_PORT
ProxyPassReverse ajp://localhost:$DOGTAG_PORT
# matches for KRA REST API
NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
NSSVerifyClient optional
ProxyPassMatch ajp://localhost:$DOGTAG_PORT
ProxyPassReverse ajp://localhost:$DOGTAG_PORT
# Only enable this on servers that are not generating a CRL
${CLONE}RewriteRule ^/ipa/crl/MasterCRL.bin https://$FQDN/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL [L,R=301,NC]