Tech pages/XEP-0368

Here is a sample sslh.conf to support XEP-0368 among other things:

verbose: false; foreground: true; inetd: false; numeric: true; transparent: false; timeout: "2"; user: "nobody"; pidfile: "/run/sslh.pid";


 * 1) Note: I had to use IPs everywhere and not hostnames

listen: (   { host: "0.0.0.0"; port: "443"; }, );
 * 1) List of interfaces on which we should listen

protocols: (    { name: "tls";     host: "127.0.0.1"; port: "442";  alpn_protocols: [ "h2", "http/1.1" ]; },                # https/nginx most common case     { name: "tls";     host: "127.0.0.1"; port: "5223"; alpn_protocols: [ "xmpp-client" ]; },                   # check for xep-0368 xmpp tls     { name: "tls";     host: "127.0.0.1"; port: "442";  sni_hostnames: [ "www.example.org", "example.org" ]; }, # specific hostnames go to nginx     { name: "tls";     host: "127.0.0.1"; port: "994"; sni_hostnames: [ "imap.example.org" ]; },                # other hostnames go to dovecot     { name: "tls";     host: "127.0.0.1"; port: "442"; },                                                       # anything else TLS assume for nginx     { name: "ssh";     host: "127.0.0.1"; port: "22"; },                                                        # ssh goes to openssh     { name: "xmpp";    host: "127.0.0.1"; port: "5222"; },                                                      # xmpp goes to prosody { name: "timeout"; host: "127.0.0.1"; port: "442"; }                                                       # send everything unknown to nginx );
 * 1) in this example:
 * 2) 5223 is a prosody legacy_ssl_ports "direct-tls" port
 * 3) 442 is a nginx https port
 * 4) 22 is an ssh port
 * 5) 5222 is a prosody c2s_ports
 * 6) 994 is dovecot imaps port

on-timeout: "timeout"; # if timeout elapses (2 seconds here) go to nginx