diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-04 11:36:04 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-04 11:36:04 +0000 |
commit | 040eee1aa49b49df4698d83a05af57c220127fd1 (patch) | |
tree | f635435954e6ccde5eee9893889e24f30ca68346 /doc/examples/https/shell | |
parent | Initial commit. (diff) | |
download | isc-kea-040eee1aa49b49df4698d83a05af57c220127fd1.tar.xz isc-kea-040eee1aa49b49df4698d83a05af57c220127fd1.zip |
Adding upstream version 2.2.0.upstream/2.2.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'doc/examples/https/shell')
-rw-r--r-- | doc/examples/https/shell/kea-stunnel.conf | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/doc/examples/https/shell/kea-stunnel.conf b/doc/examples/https/shell/kea-stunnel.conf new file mode 100644 index 0000000..1d40aca --- /dev/null +++ b/doc/examples/https/shell/kea-stunnel.conf @@ -0,0 +1,46 @@ +; This file contains an example stunnel TLS client configuration which +; enables secure transport for Kea RESTful API. An access to +; the service is protected by client's and server's certificate +; verification mechanism (as known as mutual authentication). +; +; Note that the setup below (and reused nginx or httpd2 setups) +; are provided as an example for testing purposes only. Always +; consider best known security measures to protect your production +; environment. +; +; Transport marked with ==> (vs -->) is secured against passive +; (i.e. eavesdropping) and active (i.e. man-in-the-middle) attacks +; +; kea-shell -- 127.0.0.1 port 8888 --> +; stunnel == 127.0.0.1 port 443 ==> +; nginx -- 127.0.0.1 port 8000 --> +; kea-agent +; +; stunnel configuration starts here. + +; in the case you would like to follow what happens +;; foreground = yes +;; debug = 7 + +; kea service +[kea] + ; client (vs server) mode + client = yes + + ; accept requests from the kea-shell tool + accept = 127.0.0.1:8888 + + ; forward requests to the https peer + connect = 127.0.0.1:443 + + ; client certificate + cert = kea-client.crt + + ; client private key + key = kea-client.key + + ; check server certificate + verifyPeer = yes + + ; server certificate + CAfile = kea-proxy.crt |