35
edits
Line 20: | Line 20: | ||
# in this example: | # in this example: | ||
# 5223 is a | # 5223 is a "direct-tls" xmpp port (prosody legacy_ssl_ports, ejabberd listen with tls: true) | ||
# 442 is a | # 442 is a https port (nginx, apache, etc) | ||
# 22 is an ssh port | # 22 is an ssh port (openssh) | ||
# 5222 is a prosody c2s_ports | # 5222 is a regular/plain/starttls xmpp port (prosody c2s_ports, ejabberd listen with starttls: true) | ||
# 994 is dovecot | # 994 is "direct-tls" imap port, imaps (dovecot etc) | ||
protocols: | protocols: | ||
( | ( | ||
{ name: "tls"; host: "127.0.0.1"; port: "442"; alpn_protocols: [ "h2", "http/1.1" ]; }, # https | { name: "tls"; host: "127.0.0.1"; port: "442"; alpn_protocols: [ "h2", "http/1.1" ]; }, # https most common case | ||
{ name: "tls"; host: "127.0.0.1"; port: "5223"; alpn_protocols: [ "xmpp-client" ]; }, # check for XEP-0368 xmpp tls (this needs to be above SNI check below because XEP-0368 would send example.org in SNI) | { name: "tls"; host: "127.0.0.1"; port: "5223"; alpn_protocols: [ "xmpp-client" ]; }, # check for XEP-0368 xmpp tls (this needs to be above SNI check below because XEP-0368 would send example.org in SNI) | ||
{ name: "tls"; host: "127.0.0.1"; port: "442"; sni_hostnames: [ "www.example.org", "example.org" ]; }, # specific hostnames go to | { name: "tls"; host: "127.0.0.1"; port: "442"; sni_hostnames: [ "www.example.org", "example.org" ]; }, # specific hostnames go to https | ||
{ name: "tls"; host: "127.0.0.1"; port: "994"; sni_hostnames: [ "imap.example.org" ]; }, # other hostnames go to | { name: "tls"; host: "127.0.0.1"; port: "994"; sni_hostnames: [ "imap.example.org" ]; }, # other hostnames go to imaps | ||
{ name: "tls"; host: "127.0.0.1"; port: "442"; }, # anything else TLS assume for | { name: "tls"; host: "127.0.0.1"; port: "442"; }, # anything else TLS assume for https | ||
{ name: "ssh"; host: "127.0.0.1"; port: "22"; }, # ssh goes to | { name: "ssh"; host: "127.0.0.1"; port: "22"; }, # ssh goes to ssh | ||
{ name: "xmpp"; host: "127.0.0.1"; port: "5222"; }, # xmpp goes to | { name: "xmpp"; host: "127.0.0.1"; port: "5222"; }, # xmpp goes to regular xmpp port | ||
{ name: "timeout"; host: "127.0.0.1"; port: "442"; } # send everything unknown to | { name: "timeout"; host: "127.0.0.1"; port: "442"; } # send everything unknown to https | ||
); | ); | ||
on-timeout: "timeout"; # if timeout elapses (2 seconds here) go to | on-timeout: "timeout"; # if timeout elapses (2 seconds here) go to https | ||
</nowiki> | </nowiki> | ||
edits