mirror of
https://gitlab.isc.org/isc-projects/kea
synced 2025-08-29 04:57:52 +00:00
47 lines
1.3 KiB
Plaintext
47 lines
1.3 KiB
Plaintext
; This file contains an example stunnel TLS client configuration which
|
|
; enables secure transport for Kea RESTful API. An access to
|
|
; the service is protected by client's and server's certificate
|
|
; verification mechanism (as known as mutual authentication).
|
|
;
|
|
; Note that the setup below (and reused nginx or httpd2 setups)
|
|
; are provided as an example for testing purposes only. Always
|
|
; consider best known security measures to protect your production
|
|
; environment.
|
|
;
|
|
; Transport marked with ==> (vs -->) is secured against passive
|
|
; (i.e. eavesdropping) and active (i.e. man-in-the-middle) attacks
|
|
;
|
|
; kea-shell -- 127.0.0.1 port 8080 -->
|
|
; stunnel == 127.0.0.1 port 443 ==>
|
|
; nginx -- 127.0.0.1 port 8000 -->
|
|
; kea-agent
|
|
;
|
|
; stunnel configuration starts here.
|
|
|
|
; in the case you would like to follow what happens
|
|
;; foreground = yes
|
|
;; debug = 7
|
|
|
|
; kea service
|
|
[kea]
|
|
; client (vs server) mode
|
|
client = yes
|
|
|
|
; accept requests from the kea-shell tool
|
|
accept = 127.0.0.1:8080
|
|
|
|
; forward requests to the https peer
|
|
connect = 127.0.0.1:443
|
|
|
|
; client certificate
|
|
cert = kea-client.crt
|
|
|
|
; client private key
|
|
key = kea-client.key
|
|
|
|
; check server certificate
|
|
verifyPeer = yes
|
|
|
|
; server certificate
|
|
CAfile = kea-proxy.crt
|