Skip to main content
Skip table of contents

Setting up a HA Proxy in front of EJBCA

OCSP URL rewriting

Scenario: redirect "" -> ""

frontend ocsp_front
        bind *:80
        stats uri /haproxy?stats
        default_backend ocsp_back

backend ocsp_back
        mode http
        option forwardfor
        option http-server-close
        reqrep ^([^\ :]*)\ [/]?(.*) \1\ /ejbca/publicweb/status/ocsp\2
        reqirep ^Host:\ Host:\
        server ejbca check

TLS Pass-through

Scenario: Have a proxy in front of Admin UI/WebService but just pass-through the TLS traffic in order to keep mutual authentication (allowing client certificate authentication to work in EJBCA). To do this you must use tcp mode. Hide behind proxy.

frontend ejbca_front
    bind *:443
    option tcplog
    mode tcp
    default_backend ca_nodes
backend ca_nodes
    mode tcp
    balance roundrobin
    option ssl-hello-chk
    server web01 check
    server web02 check

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.