Difference between revisions of "Tech pages/XEP-0368"

Tech pages/XEP-0368 (view source)

201 bytes added , 08:16, 2 May 2023

→‎HAProxy: added a line to allow both 5222 and 5223 to be used, to pass compliance tests when SRV records are set like in example on this page

2

edits

@@ Line 98: / Line 98: @@
 == HAProxy ==
-Here is a relevant configuration snippet from HAProxy which has XMPP c2s, https, IMAP and TURN on port 443. Only some of the used backend examples are provided.
+Here is a relevant configuration snippet from HAProxy which has XMPP c2s (both STARTTLS and TLS version), https, IMAP and TURN on port 443. Only some of the used backend examples are provided.
 Note the send-proxy-v2 statement - it uses proxy protocol which must be enabled in XMPP client as in the sections below, or disabled in HAProxy by removing the statement.
@@ Line 108: / Line 108: @@
      tcp-request inspect-delay 1s
      tcp-request content accept if { req.ssl_hello_type 1 }
-     use_backend bk_jabber_c2s if { req.ssl_alpn xmpp }
+     use_backend bk_jabber_c2s if { payload(0,5) -m str "<?xml" }
+    use_backend bk_jabber_c2s_tls if { req.ssl_alpn xmpp-client }
      use_backend bk_turn if { req.ssl_alpn sturn.turn }
      use_backend bk_turn if { req.ssl_alpn sturn.nat-discovery }
@@ Line 116: / Line 117: @@
 backend bk_jabber_c2s
+    mode tcp
+    server jabber_c2s 192.168.1.1:5222 send-proxy-v2
+backend bk_jabber_c2s_tls
      mode tcp
      server jabber_c2s 192.168.1.1:5223 send-proxy-v2