To make the management interface available remotely, use the
Control statement in a Service section:
ListenHTTP
Address 192.0.2.1
Port 80
Service
Control
End
End
This configuration makes management interface accessible via
‘http://192.0.2.1/’. Due to obvious security
implications, you’d be better off protecting the Control
endpoint using HTTPS, ACLs and/or basic authorization. The example
below illustrates all these techniques:
ListenHTTPS
Address 192.0.2.1
Port 443
Cert "/etc/ssl/priv/example.pem"
Disable TLSv1
Service
Not BasicAuth "pound/htpasswd"
Rewrite response
SetHeader "WWW-Authenticate: Basic realm=\"Restricted access\""
End
Error 401
End
Service
ACL "secure"
Control
End
End
See Authentication, for a discussion of BasicAuth statement,
and see ACL for a discussion of access control lists (this
example assumes that the ACL ‘secure’ is defined elsewhere in the
configuration file).
If you wish to make management interface available under a special path, make sure the path prefix is stripped off, e.g.:
Service
URL -re "^/control(/.+)"
SetURL "$1"
Control
End
See Request and Response Modification, for details about
SetURL statement and request modification in general.