Tech pages/XEP-0368

From XMPP WIKI
Revision as of 15:23, 7 November 2017 by Moparisthebest (talk | contribs)
Jump to navigation Jump to search

Here is a sample sslh.conf (Using at least sslh 1.18) to support XEP-0368 among other things:

verbose: false;
foreground: true;
inetd: false;
numeric: true;
transparent: false;
timeout: "2";
user: "nobody";
pidfile: "/run/sslh.pid";

# Note: I had to use IPs everywhere and not hostnames

# List of interfaces on which we should listen
listen:
(
    { host: "0.0.0.0"; port: "443"; },
);

# in this example:
# 5223 is a prosody legacy_ssl_ports "direct-tls" port
# 442 is a nginx https port
# 22 is an ssh port
# 5222 is a prosody c2s_ports
# 994 is dovecot imaps port
 
protocols:
(
     { name: "tls";     host: "127.0.0.1"; port: "442";  alpn_protocols: [ "h2", "http/1.1" ]; },                 # https/nginx most common case
     { name: "tls";     host: "127.0.0.1"; port: "5223"; alpn_protocols: [ "xmpp-client" ]; },                    # check for XEP-0368 xmpp tls
     { name: "tls";     host: "127.0.0.1"; port: "442";  sni_hostnames:  [ "www.example.org", "example.org" ]; }, # specific hostnames go to nginx
     { name: "tls";     host: "127.0.0.1"; port: "994";  sni_hostnames:  [ "imap.example.org" ]; },               # other hostnames go to dovecot
     { name: "tls";     host: "127.0.0.1"; port: "442"; },                                                        # anything else TLS assume for nginx
     { name: "ssh";     host: "127.0.0.1"; port: "22"; },                                                         # ssh goes to openssh
     { name: "xmpp";    host: "127.0.0.1"; port: "5222"; },                                                       # xmpp goes to prosody
     { name: "timeout"; host: "127.0.0.1"; port: "442"; }                                                         # send everything unknown to nginx
);

on-timeout: "timeout"; # if timeout elapses (2 seconds here) go to nginx

Another (incorrectly named) example can be found at the Debian Wiki