summaryrefslogtreecommitdiffstats
path: root/doc/examples/https/shell
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-04 11:36:04 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-04 11:36:04 +0000
commit040eee1aa49b49df4698d83a05af57c220127fd1 (patch)
treef635435954e6ccde5eee9893889e24f30ca68346 /doc/examples/https/shell
parentInitial commit. (diff)
downloadisc-kea-040eee1aa49b49df4698d83a05af57c220127fd1.tar.xz
isc-kea-040eee1aa49b49df4698d83a05af57c220127fd1.zip
Adding upstream version 2.2.0.upstream/2.2.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'doc/examples/https/shell')
-rw-r--r--doc/examples/https/shell/kea-stunnel.conf46
1 files changed, 46 insertions, 0 deletions
diff --git a/doc/examples/https/shell/kea-stunnel.conf b/doc/examples/https/shell/kea-stunnel.conf
new file mode 100644
index 0000000..1d40aca
--- /dev/null
+++ b/doc/examples/https/shell/kea-stunnel.conf
@@ -0,0 +1,46 @@
+; This file contains an example stunnel TLS client configuration which
+; enables secure transport for Kea RESTful API. An access to
+; the service is protected by client's and server's certificate
+; verification mechanism (as known as mutual authentication).
+;
+; Note that the setup below (and reused nginx or httpd2 setups)
+; are provided as an example for testing purposes only. Always
+; consider best known security measures to protect your production
+; environment.
+;
+; Transport marked with ==> (vs -->) is secured against passive
+; (i.e. eavesdropping) and active (i.e. man-in-the-middle) attacks
+;
+; kea-shell -- 127.0.0.1 port 8888 -->
+; stunnel == 127.0.0.1 port 443 ==>
+; nginx -- 127.0.0.1 port 8000 -->
+; kea-agent
+;
+; stunnel configuration starts here.
+
+; in the case you would like to follow what happens
+;; foreground = yes
+;; debug = 7
+
+; kea service
+[kea]
+ ; client (vs server) mode
+ client = yes
+
+ ; accept requests from the kea-shell tool
+ accept = 127.0.0.1:8888
+
+ ; forward requests to the https peer
+ connect = 127.0.0.1:443
+
+ ; client certificate
+ cert = kea-client.crt
+
+ ; client private key
+ key = kea-client.key
+
+ ; check server certificate
+ verifyPeer = yes
+
+ ; server certificate
+ CAfile = kea-proxy.crt