From ff47866920e7c51a824f6e98c40d8fd4ca380940 Mon Sep 17 00:00:00 2001 From: Christof Rabensteiner Date: Fri, 4 Oct 2019 14:25:59 +0200 Subject: Update readme.md - Put SSL client auth guide into separate file. - Add download link to apps.egiz.gv.at/releases. - Put note that cluster mode is not ready. --- docs/howto-ssl-client-auth-with-apache.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 docs/howto-ssl-client-auth-with-apache.md (limited to 'docs') diff --git a/docs/howto-ssl-client-auth-with-apache.md b/docs/howto-ssl-client-auth-with-apache.md new file mode 100644 index 0000000..44999f7 --- /dev/null +++ b/docs/howto-ssl-client-auth-with-apache.md @@ -0,0 +1,26 @@ + ZS - How To Set Up SSL inc. Client Authentication with Apache 2 + +Some integration tests require SSL protection of the service endpoint with SSL Client Authentication. +Here's a quick guide how to set up an Apache 2 service on localhost as a SSL terminating reverse proxy to the zusemsg endpoint that runs on . + +1. Install Apache 2. +1. Ensure that mod-proxy is installed and enabled. +1. In `default-ssl.conf` add the following lines to proxy requests from `https://localhost/zusemsg` to `http://localhost:8081`: + + ProxyRequests off + ProxyPass /zusemsg/ http://localhost:8081/ + ProxyPassReverse /zusemsg/ http://localhost:8081/ + + Order allow,deny + allow from all + + +1. Use certificate and key provided in this repository for the TLS connection and add the following directives to `default-ssl.conf`: + + SSLCertificateFile /server.localhost.cert.pem + SSLCertificateKeyFile /server.localhost.key.pem + SSLCertificateChainFile /ca-chain.cert.pem + +1. Trust the client certificate with the following directive in `default-ssl-conf`: + + SSLCACertificateFile /trusted-cas-bundle.pem -- cgit v1.2.3