diff options
| author | Jonas Schnelli <jonas.schnelli@include7.ch> | 2015-09-04 14:38:38 +0200 |
|---|---|---|
| committer | Jonas Schnelli <jonas.schnelli@include7.ch> | 2015-09-04 15:39:49 +0200 |
| commit | d6a92dd0ea42ec64f15b81843b4db62c7b186bdb (patch) | |
| tree | 7c2aff7c11584019538d15a6b028105ecc242ac2 | |
| parent | 9aa90994ee85e549ddbe23a6f03e33d0edcd57b2 (diff) | |
[release notes] mention apache reverse proxy to re-enable SSL
| -rw-r--r-- | doc/release-notes.md | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/doc/release-notes.md b/doc/release-notes.md index 2fc601d435..293fc87979 100644 --- a/doc/release-notes.md +++ b/doc/release-notes.md @@ -27,6 +27,36 @@ Then, to tunnel a SSL connection on 28332 to a RPC server bound on localhost on It can also be set up system-wide in inetd style. +Another way to re-attain SSL would be to setup a httpd reverse proxy. This solution +would allow the use of different authentication, loadbalancing, on-thy-fly compressing and +caching. A sample config for apache2 could look like: + + Listen 443 + + NameVirtualHost *:443 + <VirtualHost *:443> + + SSLEngine On + SSLCertificateFile /etc/apache2/ssl/server.crt + SSLCertificateKeyFile /etc/apache2/ssl/server.key + + <Location /bitcoinrpc> + ProxyPass http://127.0.0.1:8332/ + ProxyPassReverse http://127.0.0.1:8332/ + # optional enable digest auth + # AuthType Digest + # ... + + # optional bypass bitcoind rpc basic auth + # RequestHeader set Authorization "Basic <hash>" + # get the <hash> from the shell with: base64 <<< bitcoinrpc:<password> + </Location> + + # Or, balance the load: + # ProxyPass / balancer://balancer_cluster_name + + </VirtualHost> + Random-cookie RPC authentication --------------------------------- |