Difference between revisions of "Tech pages/XEP-0368"

Jump to navigation Jump to search

Tech pages/XEP-0368 (view source)

Revision as of 14:18, 27 March 2018

1,614 bytes added ,  14:18, 27 March 2018
Add summary and section about nginx
(Add summary and section about nginx)
Line 1: Line 1:
[https://xmpp.org/extensions/xep-0368.html XEP-0368] can be used to provide encrypted XMPP service as well as HTTPS on the same port by utilizing [https://en.wikipedia.org/wiki/Application-Layer_Protocol_Negotiation ALPN TLS extension].
Port 443 is commonly allowed by firewalls. To run multiple services on one port a proxy is needed to split the traffic between HTTP server and the XMPP server.
Note that this will not hide XMPP traffic from sufficiently intelligent firewalls as APLN value is still sent unencrypted.
This page presents configuration hints for several popular proxies.
__TOC__
== nginx ==
Nginx since version 1.13.10 has additional variable (<code>$ssl_preread_alpn_protocols</code>) available when using <code>ngx_stream_ssl_preread</code> module (this module must be included when compiling nginx).
The configuration below routes traffic with APLN xmpp-client to server xmppserver and the rest (including HTTPS) to httpserver.
<nowiki>
stream {
    upstream httpserver {
        server httpserver:8181;
    }
    upstream xmppserver {
        server xmppserver:5223;
    }
    map $ssl_preread_alpn_protocols $upstream {
        default httpserver;
        "xmpp-client" xmppserver;
    }
    server {
        listen 443;
        ssl_preread on;
        proxy_pass $upstream;
    }
}</nowiki>
Nginx will route only TLS traffic in this configuration so this configuration will work only with direct TLS (<code>_xmpps-client</code> SRV record). Connections that start unencrypted and then request encryption (STARTTLS, <code>_xmpp-client</code> record) will not work.
== sslh ==
Here is a sample sslh.conf (Using at least [http://www.rutschle.net/tech/sslh/README.html sslh] 1.18) to support [https://xmpp.org/extensions/xep-0368.html XEP-0368] among other things:
Here is a sample sslh.conf (Using at least [http://www.rutschle.net/tech/sslh/README.html sslh] 1.18) to support [https://xmpp.org/extensions/xep-0368.html XEP-0368] among other things:


Wiktor
3

edits

Retrieved from "https://wiki.xmpp.org/web/Special:MobileDiff/10072"

Navigation menu