[5302] Added sample nginx configuration for Kea reverse proxy.

author Marcin Siodelski <marcin@isc.org>

Mon, 29 May 2017 18:29:38 +0000 (20:29 +0200)

committer Marcin Siodelski <marcin@isc.org>

Mon, 29 May 2017 18:29:38 +0000 (20:29 +0200)
author Marcin Siodelski <marcin@isc.org>
Mon, 29 May 2017 18:29:38 +0000 (20:29 +0200)
committer Marcin Siodelski <marcin@isc.org>
Mon, 29 May 2017 18:29:38 +0000 (20:29 +0200)
diff --git a/doc/Makefile.am b/doc/Makefile.am

index 3858b9a5c98352d3cc1dd7bbedcca1de571f05d0..8d5388de016d89e8cef1595ae788ea9f6859f6d6 100644 (file)
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -11,6 +11,7 @@ EXTRA_DIST += devel/unit-tests.dox
  nobase_dist_doc_DATA  = examples/agent/simple.json
  nobase_dist_doc_DATA += examples/ddns/sample1.json
  nobase_dist_doc_DATA += examples/ddns/template.json
+nobase_dist_doc_DATA += examples/https/nginx/kea-nginx.conf
  nobase_dist_doc_DATA += examples/kea4/advanced.json
  nobase_dist_doc_DATA += examples/kea4/backends.json
  nobase_dist_doc_DATA += examples/kea4/cassandra.json
diff --git a/doc/examples/https/nginx/kea-nginx.conf b/doc/examples/https/nginx/kea-nginx.conf

new file mode 100644 (file)

index 0000000..3d4088d
--- /dev/null
+++ b/doc/examples/https/nginx/kea-nginx.conf
@@ -0,0 +1,56 @@
+# This file contains an example configuration of the nginx HTTP server.
+# nginx is configured as a reverse proxy for Kea RESTful API. It enables
+# HTTPS for Kea to provide secure comunication and client side
+# certificate verification to allow only authorized clients to
+# access the Kea RESTful API.
+
+events {
+}
+
+# Minimal HTTPS server configuration for Kea.
+#
+# Note: in order to generate self signed certificates the following
+# command can be used.
+#
+# Client certificate and key:
+# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout \
+#     kea-client.key -out kea-client.crt
+#
+# Server certificate and key:
+# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout \
+#     kea-rest.key -out key-rest.crt
+#
+# Then start the HTTPS server:
+# nginx -c /path/to/kea-nginx.conf start
+#
+# In order to test the configuration with curl:
+# curl -k --key ./kea-client.key --cert ./kea-client.crt -X POST \
+#      -H Content-Type:application/json -d '{ "command": "list-commands" }' \
+#      https://kea.example.org/kea
+#
+http {
+    # HTTPS server
+    #
+    server {
+        # Use default HTTPS default port.
+        listen       443 ssl;
+        # Set server name.
+        server_name  kea.example.org;
+
+        # Server certificate and key.
+        ssl_certificate        kea-rest.crt;
+        ssl_certificate_key    kea-rest.key;
+
+        # Client certificate which must be sent by the client to be
+        # authorized.
+        ssl_client_certificate kea-client.crt;
+        # Enable verification of the client certificate.
+        ssl_verify_client      on;
+
+        # For URLs such as https://kea.example.org/kea, forward the
+        # requests to http://127.0.0.1:8080.
+        location /kea {
+            proxy_pass http://127.0.0.1:8080;
+        }
+    }
+}
author	Marcin Siodelski <marcin@isc.org>
	Mon, 29 May 2017 18:29:38 +0000 (20:29 +0200)
committer	Marcin Siodelski <marcin@isc.org>
	Mon, 29 May 2017 18:29:38 +0000 (20:29 +0200)
doc/Makefile.am		patch \| blob \| blame \| history
doc/examples/https/nginx/kea-nginx.conf	[new file with mode: 0644]	patch \| blob