xmpp-proxy/xmpp-proxy.toml


# interfaces to listen for reverse proxy STARTTLS/Direct TLS/TLS WebSocket (wss) XMPP connections on, should be open to the internet
incoming_listen = [ "0.0.0.0:5222", "0.0.0.0:5269", "0.0.0.0:443" ]
# interfaces to listen for reverse proxy QUIC XMPP connections on, should be open to the internet
quic_listen = [ "0.0.0.0:443" ]
# interfaces to listen for outgoing proxy TCP XMPP connections on, should be localhost
outgoing_listen = [ "127.0.0.1:15270" ]

# these ports shouldn't do any TLS, but should assume any connection from xmpp-proxy is secure
# prosody module: https://modules.prosody.im/mod_secure_interfaces.html

# c2s port backend XMPP server listens on
c2s_target = "127.0.0.1:15222"

# s2s port backend XMPP server listens on
s2s_target = "127.0.0.1:15269"

# send PROXYv1 header to backend XMPP server
# https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
# prosody module: https://modules.prosody.im/mod_net_proxy.html
# ejabberd config: https://docs.ejabberd.im/admin/configuration/listen-options/#use-proxy-protocol
proxy = true

# limit incoming stanzas to this many bytes, default to ejabberd's default
# https://github.com/processone/ejabberd/blob/master/ejabberd.yml.example#L32
# xmpp-proxy will use this many bytes + 16k per connection
max_stanza_size_bytes = 262_144

# TLS key/certificate valid for all your XMPP domains, PEM format
# included systemd unit can only read files from /etc/xmpp-proxy/ so put them in there
tls_key = "/etc/xmpp-proxy/le.key"
tls_cert = "/etc/xmpp-proxy/fullchain.cer"

# configure logging, defaults are commented
# can also set env variables XMPP_PROXY_LOG_LEVEL and/or XMPP_PROXY_LOG_STYLE, but values in this file override them
# many options, trace is XML-console-level, refer to: https://docs.rs/env_logger/0.8.3/env_logger/#enabling-logging
#log_level = "info"
# for development/debugging:
#log_level = "info,xmpp_proxy=trace"

# one of auto, always, never, refer to: https://docs.rs/env_logger/0.8.3/env_logger/#disabling-colors
#log_style = "never"
Initial commit 2021-04-12 23:40:44 -04:00
Multiplex WebSocket on the same sockets as STARTTLS and Direct TLS 2022-02-11 00:55:36 -05:00			`# interfaces to listen for reverse proxy STARTTLS/Direct TLS/TLS WebSocket (wss) XMPP connections on, should be open to the internet`
			`incoming_listen = [ "0.0.0.0:5222", "0.0.0.0:5269", "0.0.0.0:443" ]`
Document new QUIC and outgoing support 2021-05-12 00:51:53 -04:00			`# interfaces to listen for reverse proxy QUIC XMPP connections on, should be open to the internet`
Major re-factor, add XMPP-over-QUIC and outgoing forward support 2021-04-27 02:02:02 -04:00			`quic_listen = [ "0.0.0.0:443" ]`
Document new QUIC and outgoing support 2021-05-12 00:51:53 -04:00			`# interfaces to listen for outgoing proxy TCP XMPP connections on, should be localhost`
			`outgoing_listen = [ "127.0.0.1:15270" ]`
Initial commit 2021-04-12 23:40:44 -04:00
			`# these ports shouldn't do any TLS, but should assume any connection from xmpp-proxy is secure`
			`# prosody module: https://modules.prosody.im/mod_secure_interfaces.html`

			`# c2s port backend XMPP server listens on`
			`c2s_target = "127.0.0.1:15222"`

			`# s2s port backend XMPP server listens on`
			`s2s_target = "127.0.0.1:15269"`

			`# send PROXYv1 header to backend XMPP server`
			`# https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt`
			`# prosody module: https://modules.prosody.im/mod_net_proxy.html`
			`# ejabberd config: https://docs.ejabberd.im/admin/configuration/listen-options/#use-proxy-protocol`
			`proxy = true`

			`# limit incoming stanzas to this many bytes, default to ejabberd's default`
			`# https://github.com/processone/ejabberd/blob/master/ejabberd.yml.example#L32`
			`# xmpp-proxy will use this many bytes + 16k per connection`
			`max_stanza_size_bytes = 262_144`

			`# TLS key/certificate valid for all your XMPP domains, PEM format`
			`# included systemd unit can only read files from /etc/xmpp-proxy/ so put them in there`
			`tls_key = "/etc/xmpp-proxy/le.key"`
			`tls_cert = "/etc/xmpp-proxy/fullchain.cer"`
Migrate logging to rust log with optional env_logger feature 2021-06-08 00:14:22 -04:00
			`# configure logging, defaults are commented`
			`# can also set env variables XMPP_PROXY_LOG_LEVEL and/or XMPP_PROXY_LOG_STYLE, but values in this file override them`
			`# many options, trace is XML-console-level, refer to: https://docs.rs/env_logger/0.8.3/env_logger/#enabling-logging`
			`#log_level = "info"`
much improved logging 2021-07-24 01:53:00 -04:00			`# for development/debugging:`
			`#log_level = "info,xmpp_proxy=trace"`

Migrate logging to rust log with optional env_logger feature 2021-06-08 00:14:22 -04:00			`# one of auto, always, never, refer to: https://docs.rs/env_logger/0.8.3/env_logger/#disabling-colors`
			`#log_style = "never"`