#
# curl -k --key kea-client.key --cert kea-client.crt -X POST \
# -H Content-Type:application/json -d '{ "command": "list-commands" }' \
-# https://kea.example.org/kea
+# https://kea.example.org
#
# On some curl running on macOS the crypto library requires a PKCS#12
# bundle with the private key and the certificate as the cert argument.
#
# curl -k --cert kea-client.p12:kea -X POST \
# -H Content-Type:application/json -d '{ "command": "list-commands" }' \
-# https://kea.example.org/kea
+# https://kea.example.org
#
# nginx configuration starts here.
# Enable verification of the client certificate.
ssl_verify_client on;
- # For URLs such as https://kea.example.org/kea, forward the
- # requests to http://127.0.0.1:8080.
- # Use the / location for URLs with no path.
- location /kea {
- proxy_pass http://127.0.0.1:8080;
+ # For the URL https://kea.example.org forward the
+ # requests to http://127.0.0.1:8000.
+ # Since kea-shell doesn't currently support URLs with paths we
+ # use location /
+ location / {
+ proxy_pass http://127.0.0.1:8000;
}
}
}
; (i.e. eavesdropping) and active (i.e. man-in-the-middle) attacks
;
; kea-shell -- 127.0.0.1 port 8080 -->
-; stunnel == 127.0.0.1 port 8443 ==>
+; stunnel == 127.0.0.1 port 443 ==>
; nginx -- 127.0.0.1 port 8000 -->
; kea-agent
;
accept = 127.0.0.1:8080
; forward requests to the https peer
- connect = 127.0.0.1:8443
+ connect = 127.0.0.1:443
; client certificate
cert = kea-client.crt
projects / thirdparty / kea.git / commitdiff
