kea/doc/examples/https/nginx/kea-nginx.conf

# This file contains an example configuration of the nginx HTTP server.
# nginx is configured as a reverse proxy for Kea RESTful API. It enables
# HTTPS for Kea to provide secure comunication and client side
# certificate verification to allow only authorized clients to
# access the Kea RESTful API.

events {
}

# Minimal HTTPS server configuration for Kea.
#
# Note: in order to generate self signed certificates the following
# command can be used.
#
# Client certificate and key:
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout \
#     kea-client.key -out kea-client.crt
#
# Server certificate and key:
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout \
#     kea-rest.key -out key-rest.crt
#
# Then start the HTTPS server:
# nginx -c /path/to/kea-nginx.conf start
#
# In order to test the configuration with curl:
# curl -k --key ./kea-client.key --cert ./kea-client.crt -X POST \
#      -H Content-Type:application/json -d '{ "command": "list-commands" }' \
#      https://kea.example.org/kea
#
http {
    # HTTPS server
    #
    server {
        # Use default HTTPS default port.
        listen       443 ssl;
        # Set server name.
        server_name  kea.example.org;

        # Server certificate and key.
        ssl_certificate        kea-rest.crt;
        ssl_certificate_key    kea-rest.key;

        # Client certificate which must be sent by the client to be
        # authorized.
        ssl_client_certificate kea-client.crt;
        # Enable verification of the client certificate.
        ssl_verify_client      on;

        # For URLs such as https://kea.example.org/kea, forward the
        # requests to http://127.0.0.1:8080.
        location /kea {
            proxy_pass http://127.0.0.1:8080;
        }
    }
}