A scenario where we want to disable access to Release Automation port 8080 and selected design we opted is to implement below.

1: Hide Release Automation Data Management Servers behind Load balancer running on Secure Port

2: Configure Load balancer over the secure port of Data Management Servers

With above configuration in place you will observe below.

• You will be able to access Release Operation Center User Interface seamless via LB
• When you are launching ASAP Studio via asap.jnlp you will find below errors in java console(at client end).

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
                at sun.security.validator.PKIXValidator.doBuild(Unknown Source)

The reason for above where ASAP fail to render over SSL is because it was missing configuration require to secure UI communication.

Release Automation Version 6.1 and higher

Please follow step below.

1. Export the public key of HAProxy into a cert.
2. Go to document link(respective to RA version)  and follow step 3-8 (under section "Secure UI communication")
3. Restart the NAC server and try launching asap.

Document Links