Commit c17161e9 authored by Marcin Siodelski's avatar Marcin Siodelski

[5302] Added sample nginx configuration for Kea reverse proxy.

parent 460a3e2e
......@@ -11,6 +11,7 @@ EXTRA_DIST += devel/unit-tests.dox
nobase_dist_doc_DATA = examples/agent/simple.json
nobase_dist_doc_DATA += examples/ddns/sample1.json
nobase_dist_doc_DATA += examples/ddns/template.json
nobase_dist_doc_DATA += examples/https/nginx/kea-nginx.conf
nobase_dist_doc_DATA += examples/kea4/advanced.json
nobase_dist_doc_DATA += examples/kea4/backends.json
nobase_dist_doc_DATA += examples/kea4/cassandra.json
......
# This file contains an example configuration of the nginx HTTP server.
# nginx is configured as a reverse proxy for Kea RESTful API. It enables
# HTTPS for Kea to provide secure comunication and client side
# certificate verification to allow only authorized clients to
# access the Kea RESTful API.
events {
}
# Minimal HTTPS server configuration for Kea.
#
# Note: in order to generate self signed certificates the following
# command can be used.
#
# Client certificate and key:
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout \
# kea-client.key -out kea-client.crt
#
# Server certificate and key:
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout \
# kea-rest.key -out key-rest.crt
#
# Then start the HTTPS server:
# nginx -c /path/to/kea-nginx.conf start
#
# In order to test the configuration with curl:
# curl -k --key ./kea-client.key --cert ./kea-client.crt -X POST \
# -H Content-Type:application/json -d '{ "command": "list-commands" }' \
# https://kea.example.org/kea
#
http {
# HTTPS server
#
server {
# Use default HTTPS default port.
listen 443 ssl;
# Set server name.
server_name kea.example.org;
# Server certificate and key.
ssl_certificate kea-rest.crt;
ssl_certificate_key kea-rest.key;
# Client certificate which must be sent by the client to be
# authorized.
ssl_client_certificate kea-client.crt;
# Enable verification of the client certificate.
ssl_verify_client on;
# For URLs such as https://kea.example.org/kea, forward the
# requests to http://127.0.0.1:8080.
location /kea {
proxy_pass http://127.0.0.1:8080;
}
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment