1; This file contains an example stunnel TLS client configuration which 2; enables secure transport for Kea RESTful API. An access to 3; the service is protected by client's and server's certificate 4; verification mechanism (as known as mutual authentication). 5; 6; Note that the setup below (and reused nginx or httpd2 setups) 7; are provided as an example for testing purposes only. Always 8; consider best known security measures to protect your production 9; environment. 10; 11; Transport marked with ==> (vs -->) is secured against passive 12; (i.e. eavesdropping) and active (i.e. man-in-the-middle) attacks 13; 14; kea-shell -- 127.0.0.1 port 8888 --> 15; stunnel == 127.0.0.1 port 443 ==> 16; nginx -- 127.0.0.1 port 8000 --> 17; kea-agent 18; 19; stunnel configuration starts here. 20 21; in the case you would like to follow what happens 22;; foreground = yes 23;; debug = 7 24 25; kea service 26[kea] 27 ; client (vs server) mode 28 client = yes 29 30 ; accept requests from the kea-shell tool 31 accept = 127.0.0.1:8888 32 33 ; forward requests to the https peer 34 connect = 127.0.0.1:443 35 36 ; client certificate 37 cert = kea-client.crt 38 39 ; client private key 40 key = kea-client.key 41 42 ; check server certificate 43 verifyPeer = yes 44 45 ; server certificate 46 CAfile = kea-proxy.crt 47