blob: 1d40aca2685c1cacb775c0eac851a31aa965868a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
; This file contains an example stunnel TLS client configuration which
; enables secure transport for Kea RESTful API. An access to
; the service is protected by client's and server's certificate
; verification mechanism (as known as mutual authentication).
;
; Note that the setup below (and reused nginx or httpd2 setups)
; are provided as an example for testing purposes only. Always
; consider best known security measures to protect your production
; environment.
;
; Transport marked with ==> (vs -->) is secured against passive
; (i.e. eavesdropping) and active (i.e. man-in-the-middle) attacks
;
; kea-shell -- 127.0.0.1 port 8888 -->
; stunnel == 127.0.0.1 port 443 ==>
; nginx -- 127.0.0.1 port 8000 -->
; kea-agent
;
; stunnel configuration starts here.
; in the case you would like to follow what happens
;; foreground = yes
;; debug = 7
; kea service
[kea]
; client (vs server) mode
client = yes
; accept requests from the kea-shell tool
accept = 127.0.0.1:8888
; forward requests to the https peer
connect = 127.0.0.1:443
; client certificate
cert = kea-client.crt
; client private key
key = kea-client.key
; check server certificate
verifyPeer = yes
; server certificate
CAfile = kea-proxy.crt
|
