33
edits
Difference between revisions of "Tech pages/XEP-0368"
Jump to navigation
Jump to search
no edit summary
(Add summary and section about nginx) |
|||
| Line 2: | Line 2: | ||
Port 443 is commonly allowed by firewalls. To run multiple services on one port a proxy is needed to split the traffic between HTTP server and the XMPP server. | Port 443 is commonly allowed by firewalls. To run multiple services on one port a proxy is needed to split the traffic between HTTP server and the XMPP server. | ||
Note that this will not hide XMPP traffic from sufficiently intelligent firewalls as | Note that this will not hide XMPP traffic from sufficiently intelligent firewalls as ALPN value is still sent unencrypted. | ||
This page presents configuration hints for several popular proxies. | This page presents configuration hints for several popular proxies. | ||
| Line 10: | Line 10: | ||
== nginx == | == nginx == | ||
Nginx since version 1.13.10 has additional variable (<code>$ssl_preread_alpn_protocols</code>) available when using | Nginx since version 1.13.10 has additional variable (<code>$ssl_preread_alpn_protocols</code>) available when using [https://nginx.org/en/docs/stream/ngx_stream_ssl_preread_module.html ngx_stream_ssl_preread] module (this module must be included when compiling nginx). | ||
The configuration below routes traffic with | The configuration below routes traffic with ALPN xmpp-client to server xmppserver and the rest (including HTTPS) to httpserver. | ||
<nowiki> | <nowiki> | ||
| Line 83: | Line 83: | ||
on-timeout: "timeout"; # if timeout elapses (2 seconds here) go to https | on-timeout: "timeout"; # if timeout elapses (2 seconds here) go to https | ||
</nowiki> | </nowiki> | ||
Another (incorrectly named) example can be found at the [https://wiki.debian.org/InstallingProsody#XMPP_over_HTTPS Debian Wiki] | Another (incorrectly named) example can be found at the [https://wiki.debian.org/InstallingProsody#XMPP_over_HTTPS Debian Wiki] | ||