Difference between revisions of "Tech pages/XEP-0368"

Jump to navigation Jump to search

Tech pages/XEP-0368 (view source)

Revision as of 19:04, 22 April 2023

1,087 bytes added ,  19:04, 22 April 2023
Added haproxy example
(Prosody legacy_ssl_ports is deprecated (from the beginning?), replaced by c2s_direct_tls_ports in recent versions)
(Added haproxy example)
Line 95: Line 95:


Another (incorrectly named) example can be found at the [https://wiki.debian.org/InstallingProsody#XMPP_over_HTTPS Debian Wiki]
Another (incorrectly named) example can be found at the [https://wiki.debian.org/InstallingProsody#XMPP_over_HTTPS Debian Wiki]
== HAProxy ==
Here is a relevant configuration snippet from HAProxy which has XMPP c2s, https, IMAP and TURN on port 443. Only some of the used backend examples are provided.
Note the send-proxy-v2 statement - it uses proxy protocol which must be enabled in XMPP client as in the sections below, or disabled in HAProxy by removing the statement.
<nowiki>
frontend ft_https
    bind :443
    mode tcp
    tcp-request inspect-delay 1s
    tcp-request content accept if { req.ssl_hello_type 1 }
    use_backend bk_jabber_c2s if { req.ssl_alpn xmpp }
    use_backend bk_turn if { req.ssl_alpn sturn.turn }
    use_backend bk_turn if { req.ssl_alpn sturn.nat-discovery }
    use_backend bk_imaps if { req.ssl_sni -i imap.example.com }
    use_backend bk_https_cdn if { req.ssl_sni -i cdn.example.com }
    default_backend bk_https
backend bk_jabber_c2s
    mode tcp
    server jabber_c2s 192.168.1.1:5223 send-proxy-v2
backend bk_turn
    mode tcp
    server turn 192.168.1.1:3477 send-proxy-v2
backend bk_https
    mode tcp
    server https 192.168.1.1:443 send-proxy-v2
</nowiki>


== Transparent Proxying ==
== Transparent Proxying ==
Plantroon
2

edits

Retrieved from "https://wiki.xmpp.org/web/Special:MobileDiff/14628"

Navigation menu