Tech pages/XEP-0368
Revision as of 15:16, 7 November 2017 by Moparisthebest (talk | contribs) (Created page with "Here is a sample sslh.conf to support XEP-0368 among other things: <nowiki> verbose: false; foreground: true; inetd: false; numeric: true; transparent: false; timeout: "2";...")
Here is a sample sslh.conf to support XEP-0368 among other things:
verbose: false;
foreground: true;
inetd: false;
numeric: true;
transparent: false;
timeout: "2";
user: "nobody";
pidfile: "/run/sslh.pid";
# Note: I had to use IPs everywhere and not hostnames
# List of interfaces on which we should listen
listen:
(
{ host: "0.0.0.0"; port: "443"; },
);
# in this example:
# 5223 is a prosody legacy_ssl_ports "direct-tls" port
# 442 is a nginx https port
# 22 is an ssh port
# 5222 is a prosody c2s_ports
# 994 is dovecot imaps port
protocols:
(
{ name: "tls"; host: "127.0.0.1"; port: "442"; alpn_protocols: [ "h2", "http/1.1" ]; }, # https/nginx most common case
{ name: "tls"; host: "127.0.0.1"; port: "5223"; alpn_protocols: [ "xmpp-client" ]; }, # check for xep-0368 xmpp tls
{ name: "tls"; host: "127.0.0.1"; port: "442"; sni_hostnames: [ "www.example.org", "example.org" ]; }, # specific hostnames go to nginx
{ name: "tls"; host: "127.0.0.1"; port: "994"; sni_hostnames: [ "imap.example.org" ]; }, # other hostnames go to dovecot
{ name: "tls"; host: "127.0.0.1"; port: "442"; }, # anything else TLS assume for nginx
{ name: "ssh"; host: "127.0.0.1"; port: "22"; }, # ssh goes to openssh
{ name: "xmpp"; host: "127.0.0.1"; port: "5222"; }, # xmpp goes to prosody
{ name: "timeout"; host: "127.0.0.1"; port: "442"; } # send everything unknown to nginx
);
on-timeout: "timeout"; # if timeout elapses (2 seconds here) go to nginx