|
 |
e0e1b7 |
From 9bae5492270d8b695999cd82831cbee62b04626b Mon Sep 17 00:00:00 2001
|
|
|
e0e1b7 |
From: Florence Blanc-Renaud <flo@redhat.com>
|
|
|
e0e1b7 |
Date: Fri, 28 Jan 2022 16:58:42 +0100
|
|
|
e0e1b7 |
Subject: [PATCH] ipa-pki-proxy.conf: provide access to
|
|
|
e0e1b7 |
/kra/admin/kra/getStatus
|
|
|
e0e1b7 |
|
|
|
e0e1b7 |
The access to /kra/admin/kra/getStatus will be needed
|
|
|
e0e1b7 |
in order to fix pki-healthcheck.
|
|
|
e0e1b7 |
Note that this commit is a pre-requisite for the fix
|
|
|
e0e1b7 |
to be done on PKI side. No test added since the full
|
|
|
e0e1b7 |
integration test already exists in test_replica_promotion.py,
|
|
|
e0e1b7 |
in TestHiddenReplicaPromotion::test_ipahealthcheck_hidden_replica
|
|
|
e0e1b7 |
|
|
|
e0e1b7 |
Fixes: https://pagure.io/freeipa/issue/9099
|
|
|
e0e1b7 |
Related: https://pagure.io/freeipa/issue/8582
|
|
|
e0e1b7 |
|
|
|
e0e1b7 |
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
|
|
|
e0e1b7 |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
|
e0e1b7 |
---
|
|
|
e0e1b7 |
install/share/ipa-pki-proxy.conf.template | 4 ++--
|
|
|
e0e1b7 |
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
e0e1b7 |
|
|
|
e0e1b7 |
diff --git a/install/share/ipa-pki-proxy.conf.template b/install/share/ipa-pki-proxy.conf.template
|
|
|
e0e1b7 |
index 96708482c..7a46f20b9 100644
|
|
|
e0e1b7 |
--- a/install/share/ipa-pki-proxy.conf.template
|
|
|
e0e1b7 |
+++ b/install/share/ipa-pki-proxy.conf.template
|
|
|
e0e1b7 |
@@ -1,4 +1,4 @@
|
|
|
e0e1b7 |
-# VERSION 16 - DO NOT REMOVE THIS LINE
|
|
|
e0e1b7 |
+# VERSION 17 - DO NOT REMOVE THIS LINE
|
|
|
e0e1b7 |
|
|
|
e0e1b7 |
ProxyRequests Off
|
|
|
e0e1b7 |
|
|
|
e0e1b7 |
@@ -11,7 +11,7 @@ ProxyRequests Off
|
|
|
e0e1b7 |
</LocationMatch>
|
|
|
e0e1b7 |
|
|
|
e0e1b7 |
# matches for admin port and installer
|
|
|
e0e1b7 |
-<LocationMatch "^/ca/admin/ca/getCertChain|^/ca/admin/ca/getConfigEntries|^/ca/admin/ca/getCookie|^/ca/admin/ca/getStatus|^/ca/admin/ca/securityDomainLogin|^/ca/admin/ca/getDomainXML|^/ca/admin/ca/updateNumberRange|^/ca/admin/ca/tokenAuthenticate|^/ca/admin/ca/updateNumberRange|^/ca/admin/ca/updateDomainXML|^/ca/admin/ca/updateConnector|^/ca/admin/ca/getSubsystemCert|^/kra/admin/kra/updateNumberRange|^/kra/admin/kra/getConfigEntries">
|
|
|
e0e1b7 |
+<LocationMatch "^/ca/admin/ca/getCertChain|^/ca/admin/ca/getConfigEntries|^/ca/admin/ca/getCookie|^/ca/admin/ca/getStatus|^/ca/admin/ca/securityDomainLogin|^/ca/admin/ca/getDomainXML|^/ca/admin/ca/updateNumberRange|^/ca/admin/ca/tokenAuthenticate|^/ca/admin/ca/updateNumberRange|^/ca/admin/ca/updateDomainXML|^/ca/admin/ca/updateConnector|^/ca/admin/ca/getSubsystemCert|^/kra/admin/kra/updateNumberRange|^/kra/admin/kra/getConfigEntries|^/kra/admin/kra/getStatus">
|
|
|
e0e1b7 |
SSLOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
|
|
|
e0e1b7 |
SSLVerifyClient none
|
|
|
e0e1b7 |
ProxyPassMatch ajp://localhost:$DOGTAG_PORT $DOGTAG_AJP_SECRET
|
|
|
e0e1b7 |
--
|
|
|
e0e1b7 |
2.34.1
|
|
|
e0e1b7 |
|