aboutsummaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/howto-ssl-client-auth-with-apache.md26
1 files changed, 26 insertions, 0 deletions
diff --git a/docs/howto-ssl-client-auth-with-apache.md b/docs/howto-ssl-client-auth-with-apache.md
new file mode 100644
index 0000000..44999f7
--- /dev/null
+++ b/docs/howto-ssl-client-auth-with-apache.md
@@ -0,0 +1,26 @@
+ ZS - How To Set Up SSL inc. Client Authentication with Apache 2
+
+Some integration tests require SSL protection of the service endpoint with SSL Client Authentication.
+Here's a quick guide how to set up an Apache 2 service on localhost as a SSL terminating reverse proxy to the zusemsg endpoint that runs on <http://localhost:8081/>.
+
+1. Install Apache 2.
+1. Ensure that mod-proxy is installed and enabled.
+1. In `default-ssl.conf` add the following lines to proxy requests from `https://localhost/zusemsg` to `http://localhost:8081`:
+
+ ProxyRequests off
+ ProxyPass /zusemsg/ http://localhost:8081/
+ ProxyPassReverse /zusemsg/ http://localhost:8081/
+ <Proxy *>
+ Order allow,deny
+ allow from all
+ </Proxy>
+
+1. Use certificate and key provided in this repository for the TLS connection and add the following directives to `default-ssl.conf`:
+
+ SSLCertificateFile <path/to/repo/ssl/server>/server.localhost.cert.pem
+ SSLCertificateKeyFile <path/to/repo/ssl/server>/server.localhost.key.pem
+ SSLCertificateChainFile <path/to/repo/ssl/server>/ca-chain.cert.pem
+
+1. Trust the client certificate with the following directive in `default-ssl-conf`:
+
+ SSLCACertificateFile <path/to/repo/ssl>/trusted-cas-bundle.pem
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-22 00:13:00 +0000