Difference between revisions of "Tech pages/XEP-0368"
Jump to navigation
Jump to search
(Prosody legacy_ssl_ports is deprecated (from the beginning?), replaced by c2s_direct_tls_ports in recent versions) |
(Added haproxy example) |
||
| Line 95: | Line 95: | ||
Another (incorrectly named) example can be found at the [https://wiki.debian.org/InstallingProsody#XMPP_over_HTTPS Debian Wiki] | Another (incorrectly named) example can be found at the [https://wiki.debian.org/InstallingProsody#XMPP_over_HTTPS Debian Wiki] | ||
== HAProxy == | |||
Here is a relevant configuration snippet from HAProxy which has XMPP c2s, https, IMAP and TURN on port 443. Only some of the used backend examples are provided. | |||
Note the send-proxy-v2 statement - it uses proxy protocol which must be enabled in XMPP client as in the sections below, or disabled in HAProxy by removing the statement. | |||
<nowiki> | |||
frontend ft_https | |||
bind :443 | |||
mode tcp | |||
tcp-request inspect-delay 1s | |||
tcp-request content accept if { req.ssl_hello_type 1 } | |||
use_backend bk_jabber_c2s if { req.ssl_alpn xmpp } | |||
use_backend bk_turn if { req.ssl_alpn sturn.turn } | |||
use_backend bk_turn if { req.ssl_alpn sturn.nat-discovery } | |||
use_backend bk_imaps if { req.ssl_sni -i imap.example.com } | |||
use_backend bk_https_cdn if { req.ssl_sni -i cdn.example.com } | |||
default_backend bk_https | |||
backend bk_jabber_c2s | |||
mode tcp | |||
server jabber_c2s 192.168.1.1:5223 send-proxy-v2 | |||
backend bk_turn | |||
mode tcp | |||
server turn 192.168.1.1:3477 send-proxy-v2 | |||
backend bk_https | |||
mode tcp | |||
server https 192.168.1.1:443 send-proxy-v2 | |||
</nowiki> | |||
== Transparent Proxying == | == Transparent Proxying == | ||