121
edits
Difference between revisions of "Tech pages/XEP-0368"
Jump to navigation
Jump to search
Add transparent proxying nginx -> ejabberd
(add note about coturn settings) |
Vanitasvitae (talk | contribs) (Add transparent proxying nginx -> ejabberd) |
||
| Line 95: | Line 95: | ||
Another (incorrectly named) example can be found at the [https://wiki.debian.org/InstallingProsody#XMPP_over_HTTPS Debian Wiki] | Another (incorrectly named) example can be found at the [https://wiki.debian.org/InstallingProsody#XMPP_over_HTTPS Debian Wiki] | ||
== Transparent Proxying == | |||
If your XMPP server and protocol multiplexer are supporting the proxy protocol, you should consider enabling it. | |||
That way your XMPP server will see the real IPs of clients that connect to it. | |||
=== Nginx === | |||
To enable the proxy protocol in nginx, modify your configuration as follows: | |||
<nowiki> | |||
stream { | |||
... | |||
server { | |||
listen 443; | |||
ssl_preread on; | |||
proxy_pass $upstream; | |||
proxy_protocol: on; <-- add this line | |||
} | |||
} | |||
</nowiki> | |||
=== ejabberd === | |||
In case of ejabberd, you want to add an additional handler that accepts the proxy protocol: | |||
<nowiki> | |||
listen: | |||
... | |||
- | |||
port: 5225 | |||
use_proxy_protocol: true <-- Important! | |||
ip: "::" | |||
module: ejabberd_c2s | |||
max_stanza_size: 262144 | |||
shaper: c2s_shaper | |||
access: c2s | |||
tls: true | |||
protocol_options: 'TLS_OPTIONS' | |||
... | |||
</nowiki> | |||
Note that you should only connect to this handler via the proxy protocol, as other connections will be refused. | |||
Now ejabberd will display the real IPs of users that connect to your server via multiplexing over port 443. | |||
== DNS setup == | == DNS setup == | ||