Tech pages/XEP-0368
Revision as of 15:23, 7 November 2017 by Moparisthebest (talk | contribs)
Here is a sample sslh.conf (Using at least sslh 1.18) to support XEP-0368 among other things:
verbose: false; foreground: true; inetd: false; numeric: true; transparent: false; timeout: "2"; user: "nobody"; pidfile: "/run/sslh.pid"; # Note: I had to use IPs everywhere and not hostnames # List of interfaces on which we should listen listen: ( { host: "0.0.0.0"; port: "443"; }, ); # in this example: # 5223 is a prosody legacy_ssl_ports "direct-tls" port # 442 is a nginx https port # 22 is an ssh port # 5222 is a prosody c2s_ports # 994 is dovecot imaps port protocols: ( { name: "tls"; host: "127.0.0.1"; port: "442"; alpn_protocols: [ "h2", "http/1.1" ]; }, # https/nginx most common case { name: "tls"; host: "127.0.0.1"; port: "5223"; alpn_protocols: [ "xmpp-client" ]; }, # check for XEP-0368 xmpp tls { name: "tls"; host: "127.0.0.1"; port: "442"; sni_hostnames: [ "www.example.org", "example.org" ]; }, # specific hostnames go to nginx { name: "tls"; host: "127.0.0.1"; port: "994"; sni_hostnames: [ "imap.example.org" ]; }, # other hostnames go to dovecot { name: "tls"; host: "127.0.0.1"; port: "442"; }, # anything else TLS assume for nginx { name: "ssh"; host: "127.0.0.1"; port: "22"; }, # ssh goes to openssh { name: "xmpp"; host: "127.0.0.1"; port: "5222"; }, # xmpp goes to prosody { name: "timeout"; host: "127.0.0.1"; port: "442"; } # send everything unknown to nginx ); on-timeout: "timeout"; # if timeout elapses (2 seconds here) go to nginx
Another (incorrectly named) example can be found at the Debian Wiki