[sslh] SSLH for XMPP related services
devteam
devteam at alpeinsoft.ch
Fri Nov 3 13:04:26 UTC 2017
Hi, All!
What about turnserver and sslh? Have ideas?
On 11/02/2017 09:16 PM, Nk wrote:
> Very interesting thanks!
>
> A few questions:
>
> 1] I’m doing all of my config in /etc/default/sslh, is it possible to
> add the required config there without the need for a separate file?
>
> This is the current config:
>
> RUN=yes
>
>
> DAEMON=/usr/sbin/sslh
>
>
> DAEMON_OPTS="--user sslh -p <public_IPv4>:443 -p <public_IPv6>:443
> --ssh 127.0.0.1:22 --ssl 127.0.0.1:443 --xmpp 127.0.0.1:5222 --pidfile
> /var/run/sslh/sslh.pid”
>
>
> 2] I see that ejabberd will implement 0368 in v17.09 [the repo I use
> still provides v17.08], but I can’t find any documentation on how to
> enable it on v17.09 anyway.
>
>
> 3] Does this mean that basically ejabberd will listen on 5223 and
> clients like conversations [if configured to use 5223 without SSLH]
> would automatically know to use such port for all connections, even,
> for instance, HTTP upload [that currently uses port 5444]? If so how
> does conversations know to route all traffic on 5223?
>
>
> 4] If point 3 is true and SSLH comes into play, how does SSLH
> distinguish between SSL traffic destined for ejabberd and that
> destined for nginx? And how does conversations know that behind port
> 443 actually then sends traffic to an "all-inclusive" port like 5223?
>
>
> 5] How do I set the default behaviour between ejabberd and nginx HTTPS
> traffic?
>
>
> Thanks so much!
>
>
>
> Nk
>
>
> On 2 Nov 2017, 17:46 +0100, moparisthebest <admin at moparisthebest.com>,
> wrote:
>> Hi,
>>
>> Interesting project. sslh 1.18+ already has everything you need for this
>> built-in, you can get a fairly good idea from here:
>>
>> https://wiki.debian.org/InstallingProsody#XMPP_over_HTTPS
>>
>> Basically multiplex xep-368 TLS to XMPP TLS port with ALPN, you can
>> multiplex startls xmpp with the built-in xmpp probe, you can multiplex
>> https with 'alpn_protocols: [ "h2", "http/1.1" ];' and/or SNI, and pick
>> a default (I default to https, you could default to xmpps).
>>
>> Thanks,
>> moparisthebest
>>
>> On 11/02/2017 12:12 PM, Nk wrote:
>>> Hi all
>>>
>>> First off thanks so much for this amazing piece of software.
>>>
>>> I’m currently using the XMPP function for an XMPP server automation
>>> project called aenigma [https://github.com/openspace42/aenigma].
>>>
>>> I know anything can be probed using a regex, but I’d like to know if
>>> anyone has already had experience with feeding XMPP HTTP uploads and
>>> other services running on ports other than 5222 to SSLH.
>>>
>>> Either way, do I need to recompile it to add a probe?
>>>
>>> What’s the best way to do this?
>>>
>>> And lastly, is there a way to automatically select “standalone” during
>>> installation in a non-interactive fashion?
>>>
>>> Thanks so much!
>>>
>>>
>>> Nk
>>>
>>>
>>>
>>> _______________________________________________
>>> sslh mailing list
>>> sslh at rutschle.net
>>> http://rutschle.net/cgi-bin/mailman/listinfo/sslh
>>>
>>
>> _______________________________________________
>> sslh mailing list
>> sslh at rutschle.net
>> http://rutschle.net/cgi-bin/mailman/listinfo/sslh
>
>
> _______________________________________________
> sslh mailing list
> sslh at rutschle.net
> http://rutschle.net/cgi-bin/mailman/listinfo/sslh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rutschle.net/pipermail/sslh/attachments/20171103/91a6806d/attachment.html>
More information about the sslh
mailing list