From: Marcin Siodelski Date: Mon, 29 May 2017 18:29:38 +0000 (+0200) Subject: [5302] Added sample nginx configuration for Kea reverse proxy. X-Git-Tag: trac5286_base~2^2~3 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c17161e9e887e50c618eae6cc9fd985ff78a1f82;p=thirdparty%2Fkea.git [5302] Added sample nginx configuration for Kea reverse proxy. --- diff --git a/doc/Makefile.am b/doc/Makefile.am index 3858b9a5c9..8d5388de01 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -11,6 +11,7 @@ EXTRA_DIST += devel/unit-tests.dox nobase_dist_doc_DATA = examples/agent/simple.json nobase_dist_doc_DATA += examples/ddns/sample1.json nobase_dist_doc_DATA += examples/ddns/template.json +nobase_dist_doc_DATA += examples/https/nginx/kea-nginx.conf nobase_dist_doc_DATA += examples/kea4/advanced.json nobase_dist_doc_DATA += examples/kea4/backends.json nobase_dist_doc_DATA += examples/kea4/cassandra.json diff --git a/doc/examples/https/nginx/kea-nginx.conf b/doc/examples/https/nginx/kea-nginx.conf new file mode 100644 index 0000000000..3d4088dea1 --- /dev/null +++ b/doc/examples/https/nginx/kea-nginx.conf @@ -0,0 +1,56 @@ +# This file contains an example configuration of the nginx HTTP server. +# nginx is configured as a reverse proxy for Kea RESTful API. It enables +# HTTPS for Kea to provide secure comunication and client side +# certificate verification to allow only authorized clients to +# access the Kea RESTful API. + +events { +} + +# Minimal HTTPS server configuration for Kea. +# +# Note: in order to generate self signed certificates the following +# command can be used. +# +# Client certificate and key: +# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout \ +# kea-client.key -out kea-client.crt +# +# Server certificate and key: +# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout \ +# kea-rest.key -out key-rest.crt +# +# Then start the HTTPS server: +# nginx -c /path/to/kea-nginx.conf start +# +# In order to test the configuration with curl: +# curl -k --key ./kea-client.key --cert ./kea-client.crt -X POST \ +# -H Content-Type:application/json -d '{ "command": "list-commands" }' \ +# https://kea.example.org/kea +# +http { + # HTTPS server + # + server { + # Use default HTTPS default port. + listen 443 ssl; + # Set server name. + server_name kea.example.org; + + # Server certificate and key. + ssl_certificate kea-rest.crt; + ssl_certificate_key kea-rest.key; + + # Client certificate which must be sent by the client to be + # authorized. + ssl_client_certificate kea-client.crt; + # Enable verification of the client certificate. + ssl_verify_client on; + + # For URLs such as https://kea.example.org/kea, forward the + # requests to http://127.0.0.1:8080. + location /kea { + proxy_pass http://127.0.0.1:8080; + } + } +}