|
|
@@ -0,0 +1,56 @@
|
|
|
+# This file contains an example configuration of the nginx HTTP server.
|
|
|
+# nginx is configured as a reverse proxy for Kea RESTful API. It enables
|
|
|
+# HTTPS for Kea to provide secure comunication and client side
|
|
|
+# certificate verification to allow only authorized clients to
|
|
|
+# access the Kea RESTful API.
|
|
|
+
|
|
|
+events {
|
|
|
+}
|
|
|
+
|
|
|
+# Minimal HTTPS server configuration for Kea.
|
|
|
+#
|
|
|
+# Note: in order to generate self signed certificates the following
|
|
|
+# command can be used.
|
|
|
+#
|
|
|
+# Client certificate and key:
|
|
|
+# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout \
|
|
|
+# kea-client.key -out kea-client.crt
|
|
|
+#
|
|
|
+# Server certificate and key:
|
|
|
+# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout \
|
|
|
+# kea-rest.key -out key-rest.crt
|
|
|
+#
|
|
|
+# Then start the HTTPS server:
|
|
|
+# nginx -c /path/to/kea-nginx.conf start
|
|
|
+#
|
|
|
+# In order to test the configuration with curl:
|
|
|
+# curl -k --key ./kea-client.key --cert ./kea-client.crt -X POST \
|
|
|
+# -H Content-Type:application/json -d '{ "command": "list-commands" }' \
|
|
|
+# https://kea.example.org/kea
|
|
|
+#
|
|
|
+http {
|
|
|
+ # HTTPS server
|
|
|
+ #
|
|
|
+ server {
|
|
|
+ # Use default HTTPS default port.
|
|
|
+ listen 443 ssl;
|
|
|
+ # Set server name.
|
|
|
+ server_name kea.example.org;
|
|
|
+
|
|
|
+ # Server certificate and key.
|
|
|
+ ssl_certificate kea-rest.crt;
|
|
|
+ ssl_certificate_key kea-rest.key;
|
|
|
+
|
|
|
+ # Client certificate which must be sent by the client to be
|
|
|
+ # authorized.
|
|
|
+ ssl_client_certificate kea-client.crt;
|
|
|
+ # Enable verification of the client certificate.
|
|
|
+ ssl_verify_client on;
|
|
|
+
|
|
|
+ # For URLs such as https://kea.example.org/kea, forward the
|
|
|
+ # requests to http://127.0.0.1:8080.
|
|
|
+ location /kea {
|
|
|
+ proxy_pass http://127.0.0.1:8080;
|
|
|
+ }
|
|
|
+ }
|
|
|
+}
|
Marcin Siodelski