Difference between revisions of "Tech pages/XEP-0368"

Jump to navigation Jump to search
159 bytes added ,  22:13, 8 January 2018
no edit summary
Line 20: Line 20:


# in this example:
# in this example:
# 5223 is a prosody legacy_ssl_ports "direct-tls" port
# 5223 is a "direct-tls" xmpp port (prosody legacy_ssl_ports, ejabberd listen with tls: true)
# 442 is a nginx https port
# 442 is a https port (nginx, apache, etc)
# 22 is an ssh port
# 22 is an ssh port (openssh)
# 5222 is a prosody c2s_ports
# 5222 is a regular/plain/starttls xmpp port (prosody c2s_ports, ejabberd listen with starttls: true)
# 994 is dovecot imaps port
# 994 is "direct-tls" imap port, imaps (dovecot etc)
   
   
protocols:
protocols:
(
(
     { name: "tls";    host: "127.0.0.1"; port: "442";  alpn_protocols: [ "h2", "http/1.1" ]; },                # https/nginx most common case
     { name: "tls";    host: "127.0.0.1"; port: "442";  alpn_protocols: [ "h2", "http/1.1" ]; },                # https most common case
     { name: "tls";    host: "127.0.0.1"; port: "5223"; alpn_protocols: [ "xmpp-client" ]; },                    # check for XEP-0368 xmpp tls (this needs to be above SNI check below because XEP-0368 would send example.org in SNI)
     { name: "tls";    host: "127.0.0.1"; port: "5223"; alpn_protocols: [ "xmpp-client" ]; },                    # check for XEP-0368 xmpp tls (this needs to be above SNI check below because XEP-0368 would send example.org in SNI)
     { name: "tls";    host: "127.0.0.1"; port: "442";  sni_hostnames:  [ "www.example.org", "example.org" ]; }, # specific hostnames go to nginx
     { name: "tls";    host: "127.0.0.1"; port: "442";  sni_hostnames:  [ "www.example.org", "example.org" ]; }, # specific hostnames go to https
     { name: "tls";    host: "127.0.0.1"; port: "994";  sni_hostnames:  [ "imap.example.org" ]; },              # other hostnames go to dovecot
     { name: "tls";    host: "127.0.0.1"; port: "994";  sni_hostnames:  [ "imap.example.org" ]; },              # other hostnames go to imaps
     { name: "tls";    host: "127.0.0.1"; port: "442"; },                                                        # anything else TLS assume for nginx
     { name: "tls";    host: "127.0.0.1"; port: "442"; },                                                        # anything else TLS assume for https
     { name: "ssh";    host: "127.0.0.1"; port: "22"; },                                                        # ssh goes to openssh
     { name: "ssh";    host: "127.0.0.1"; port: "22"; },                                                        # ssh goes to ssh
     { name: "xmpp";    host: "127.0.0.1"; port: "5222"; },                                                      # xmpp goes to prosody
     { name: "xmpp";    host: "127.0.0.1"; port: "5222"; },                                                      # xmpp goes to regular xmpp port
     { name: "timeout"; host: "127.0.0.1"; port: "442"; }                                                        # send everything unknown to nginx
     { name: "timeout"; host: "127.0.0.1"; port: "442"; }                                                        # send everything unknown to https
);
);


on-timeout: "timeout"; # if timeout elapses (2 seconds here) go to nginx
on-timeout: "timeout"; # if timeout elapses (2 seconds here) go to https
</nowiki>
</nowiki>


Navigation menu