// listener is different (e.g. 8001) than the one used by CA. Note
// the commands should still be sent via CA. The dedicated listener
// is specifically for HA updates only.
- // For security reasons, a port lower than 1024 should be used (e.g. 890).
"http-port": 8000,
// Extra HTTP headers to add in responses.
// listener is different (e.g. 8001) than the one used by CA. Note
// the commands should still be sent via CA. The dedicated listener
// is specifically for HA updates only.
- // For security reasons, a port lower than 1024 should be used (e.g. 890).
"http-port": 8000,
// TLS trust anchor (Certificate Authority). This is a file name or
// listener is different (e.g. 8001) than the one used by CA. Note
// the commands should still be sent via CA. The dedicated listener
// is specifically for HA updates only.
- // For security reasons, a port lower than 1024 should be used (e.g. 890).
"http-port": 8000,
// TLS trust anchor (Certificate Authority). This is a file name or
// listener is different (e.g. 8001) than the one used by CA. Note
// the commands should still be sent via CA. The dedicated listener
// is specifically for HA updates only.
- // For security reasons, a port lower than 1024 should be used (e.g. 890).
"http-port": 8000,
// Extra HTTP headers to add in responses.
// commands should still be sent to a control socket.
// The dedicated listener is specifically for HA
// updates only.
- // For security reasons, a port lower than 1024 should be used (e.g. 894).
"socket-port": 8004,
// TLS trust anchor (Certificate Authority). This is a
// instance if multi-threading is enabled.
// The "http-host" and "http-port" values must be set to different
// values then the ones used by the Control Agent.
- // For security reasons, a port lower than 1024 should be used (e.g. 895).
"url": "http://192.168.56.33:8005",
// Trust anchor aka certificate authority file or directory.
"trust-anchor": "/usr/lib/kea/CA.pem",
// to run on the partner's machine if multi-threading is enabled.
// The "http-host" and "http-port" values must be set to different
// values then the ones used by the Control Agent.
- // For security reasons, a port lower than 1024 should be used (e.g. 895).
"url": "http://192.168.56.66:8005",
// Trust anchor aka certificate authority file or directory.
"trust-anchor": "/usr/lib/kea/CA.pem",
// to run on the partner's machine if multi-threading is enabled.
// The "http-host" and "http-port" values must be set to different
// values then the ones used by the Control Agent.
- // For security reasons, a port lower than 1024 should be used (e.g. 895).
"url": "http://192.168.56.33:8005",
// The partner is primary. This server is secondary.
"role": "primary"
// instance if multi-threading is enabled.
// The "http-host" and "http-port" values must be set to different
// values then the ones used by the Control Agent.
- // For security reasons, a port lower than 1024 should be used (e.g. 895).
"url": "http://192.168.56.66:8005",
// This server is secondary. The other one must be
// primary.
// commands should still be sent to a control socket.
// The dedicated listener is specifically for HA
// updates only.
- // For security reasons, a port lower than 1024 should be used (e.g. 896).
"socket-port": 8006,
// TLS trust anchor (Certificate Authority). This is a
// Control Agent must run along with this DHCPv6 server
// instance and the "http-host" and "http-port" must be
// set to the corresponding values.
- // For security reasons, a port lower than 1024 should be used (e.g. 897).
"url": "http://192.168.56.33:8007",
// This server is primary. The other one must be
// standby.
// channel can be reached. The Control Agent is required
// to run on the partner's machine with "http-host" and
// "http-port" values set to the corresponding values.
- // For security reasons, a port lower than 1024 should be used (e.g. 897).
"url": "http://192.168.56.66:8007",
// The partner is standby. This server is primary.
"role": "standby"
// channel can be reached. The Control Agent is required
// to run on the partner's machine with "http-host" and
// "http-port" values set to the corresponding values.
- // For security reasons, a port lower than 1024 should be used (e.g. 897).
"url": "http://192.168.56.33:8007",
// The partner is primary. This server is standby.
"role": "primary"
// Control Agent must run along with this DHCPv6 server
// instance and the "http-host" and "http-port" must be
// set to the corresponding values.
- // For security reasons, a port lower than 1024 should be used (e.g. 897).
"url": "http://192.168.56.66:8007",
// This server is standby. The other one must be
// primary.
// listener is different (e.g. 8001) than the one used by CA. Note
// the commands should still be sent via CA. The dedicated listener
// is specifically for HA updates only.
- // For security reasons, a port lower than 1024 should be used (e.g. 890).
"http-port": 8001,
"control-sockets":
// listener is different (e.g. 8001) than the one used by CA. Note
// the commands should still be sent via CA. The dedicated listener
// is specifically for HA updates only.
- // For security reasons, a port lower than 1024 should be used (e.g. 890).
"http-port": 8001,
"control-sockets":
// The Control Agent is not needed for the High Availability
// with multi-threading, but if it is used, it must use
// different values for "http-host" and "http-port".
- // For security reasons, a port lower than 1024 should be used (e.g. 895).
"url": "http://192.168.1.2:8005",
// Trust anchor aka certificate authority file or directory.
"trust-anchor": "/usr/lib/kea/CA.pem",
// The Control Agent is not needed for the High Availability
// with multi-threading, but if it is used, it must use
// different values for "http-host" and "http-port".
- // For security reasons, a port lower than 1024 should be used (e.g. 895).
"url": "http://192.168.1.3:8005",
// Trust anchor aka certificate authority file or directory.
"trust-anchor": "/usr/lib/kea/CA.pem",
// The Control Agent is not needed for the High Availability
// with multi-threading, but if it is used, it must use
// different values for "http-host" and "http-port".
- // For security reasons, a port lower than 1024 should be used (e.g. 895).
"url": "http://192.168.1.2:8005",
// Trust anchor aka certificate authority file or directory.
"trust-anchor": "/usr/lib/kea/CA.pem",
// The Control Agent is not needed for the High Availability
// with multi-threading, but if it is used, it must use
// different values for "http-host" and "http-port".
- // For security reasons, a port lower than 1024 should be used (e.g. 895).
"url": "http://192.168.1.3:8005",
// Trust anchor aka certificate authority file or directory.
"trust-anchor": "/usr/lib/kea/CA.pem",
"http-host": "192.168.1.2",
// This specifies the port CA will listen on.
- // For security reasons, a port lower than 1024 should be used (e.g. 890).
"http-port": 8000,
"control-sockets":
"http-host": "192.168.1.3",
// This specifies the port CA will listen on.
- // For security reasons, a port lower than 1024 should be used (e.g. 890).
"http-port": 8000,
"control-sockets":
// Control Agent must run along with this DHCPv4 server
// instance and the "http-host" and "http-port" must be
// set to the corresponding values.
- // For security reasons, a port lower than 1024 should be used (e.g. 895).
"url": "http://192.168.1.2:8005",
// This server is primary. The other one must be
// secondary.
// channel can be reached. The Control Agent is required
// to run on the partner's machine with "http-host" and
// "http-port" values set to the corresponding values.
- // For security reasons, a port lower than 1024 should be used (e.g. 895).
"url": "http://192.168.1.3:8005",
// The other server is secondary. This one must be
// primary.
// channel can be reached. The Control Agent is required
// to run on the partner's machine with "http-host" and
// "http-port" values set to the corresponding values.
- // For security reasons, a port lower than 1024 should be used (e.g. 895).
"url": "http://192.168.1.2:8005",
// The other server is primary. This one must be
// secondary.
// Control Agent must run along with this DHCPv4 server
// instance and the "http-host" and "http-port" must be
// set to the corresponding values.
- // For security reasons, a port lower than 1024 should be used (e.g. 895).
"url": "http://192.168.1.3:8005",
// This server is secondary. The other one must be
// primary.
``https://10.20.30.40:8000/``. If these parameters are not specified, the
default URL is ``http://127.0.0.1:8000/``.
-For security reasons, a port lower than 1024 should be used (e.g. 890).
-
When using Kea's HA hook library with multi-threading,
the address:port combination used for CA must be
different from the HA peer URLs, which are strictly
``socket-port`` (default 8000) specify an IP address and port to which
the HTTP service will be bound.
-For security reasons, a port lower than 1024 should be used (e.g. 892).
-
The ``trust-anchor``, ``cert-file``, ``key-file``, and ``cert-required``
parameters specify the TLS setup for HTTP, i.e. HTTPS. If these parameters
are not specified, HTTP is used. The TLS/HTTPS support in Kea is
``socket-port`` (default 8000) specify an IP address and port to which
the HTTP service will be bound.
-For security reasons, a port lower than 1024 should be used (e.g. 894).
-
Since Kea 2.7.5 the ``http-headers`` parameter specifies a list of
extra HTTP headers to add to HTTP responses.
``socket-port`` (default 8000) specify an IP address and port to which
the HTTP service will be bound.
-For security reasons, a port lower than 1024 should be used (e.g. 896).
-
Since Kea 2.7.5 the ``http-headers`` parameter specifies a list of
extra HTTP headers to add to HTTP responses.
// listener is different (e.g. 8001) than the one used by CA. Note
// the commands should still be sent via CA. The dedicated listener
// is specifically for HA updates only.
- // For security reasons, a port lower than 1024 should be used (e.g. 890).
"http-port": 8000,
"control-sockets": {
// DHCPv4 server open its own socket. Note that it
// must be different than the one used by the CA
// (typically 8000). In this example, 8005 is used.
- // For security reasons, a port lower than 1024 should be used (e.g. 895).
"url": "http://192.0.2.1:8005",
// This server is primary. The other one must be
// secondary.
// DHCPv4 server open its own socket. Note that it
// must be different than the one used by the CA
// (typically 8000). In this example, 8005 is used.
- // For security reasons, a port lower than 1024 should be used (e.g. 895).
"url": "http://192.0.2.2:8005",
// The partner is a secondary. This server is a
// primary as specified in the previous "peers"
// listener is different (e.g. 8001) than the one used by CA. Note
// the commands should still be sent via CA. The dedicated listener
// is specifically for HA updates only.
- // For security reasons, a port lower than 1024 should be used (e.g. 890).
"http-port": 8000,
// TLS trust anchor (Certificate Authority). This is a file name or
The Control Agent (CA) can accept incoming HTTP or HTTPS connections. The default port is 8000, which
does not require privileged access.
-For security reasons, a port lower than 1024 should be used (e.g. 890).
-
Securing Kea Administrative Access
----------------------------------
// do. Comments in this configuration file sometimes refer to sections for more
// details. These are section numbers in Kea User's Guide. The version matching
// your software should come with your Kea package, but it is also available
-// in ISC's Knowledge base (https://kea.readthedocs.io; the direct link for
+// in ISC's Knowledgebase (https://kea.readthedocs.io; the direct link for
// the stable version is https://kea.readthedocs.io/).
//
// This configuration file contains only Control Agent's configuration.
// listener is different (e.g. 8001) than the one used by CA. Note
// the commands should still be sent via CA. The dedicated listener
// is specifically for HA updates only.
- // For security reasons, a port lower than 1024 should be used (e.g. 890).
"http-port": 8000,
// Allow access only to kea-api user.
projects / thirdparty / kea.git / commitdiff
