moparisthebest
e07513a04a
All checks were successful
moparisthebest/xmpp-proxy/pipeline/head This commit looks good
33 lines
1.5 KiB
TOML
33 lines
1.5 KiB
TOML
|
|
# interfaces to listen for reverse proxy STARTTLS/Direct TLS XMPP connections on, should be open to the internet
|
|
incoming_listen = [ "0.0.0.0:5222", "0.0.0.0:5269" ]
|
|
# interfaces to listen for reverse proxy QUIC XMPP connections on, should be open to the internet
|
|
quic_listen = [ "0.0.0.0:443" ]
|
|
# interfaces to listen for outgoing proxy TCP XMPP connections on, should be localhost
|
|
outgoing_listen = [ "127.0.0.1:15270" ]
|
|
|
|
# these ports shouldn't do any TLS, but should assume any connection from xmpp-proxy is secure
|
|
# prosody module: https://modules.prosody.im/mod_secure_interfaces.html
|
|
|
|
# c2s port backend XMPP server listens on
|
|
c2s_target = "127.0.0.1:15222"
|
|
|
|
# s2s port backend XMPP server listens on
|
|
s2s_target = "127.0.0.1:15269"
|
|
|
|
# send PROXYv1 header to backend XMPP server
|
|
# https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
|
|
# prosody module: https://modules.prosody.im/mod_net_proxy.html
|
|
# ejabberd config: https://docs.ejabberd.im/admin/configuration/listen-options/#use-proxy-protocol
|
|
proxy = true
|
|
|
|
# limit incoming stanzas to this many bytes, default to ejabberd's default
|
|
# https://github.com/processone/ejabberd/blob/master/ejabberd.yml.example#L32
|
|
# xmpp-proxy will use this many bytes + 16k per connection
|
|
max_stanza_size_bytes = 262_144
|
|
|
|
# TLS key/certificate valid for all your XMPP domains, PEM format
|
|
# included systemd unit can only read files from /etc/xmpp-proxy/ so put them in there
|
|
tls_key = "/etc/xmpp-proxy/le.key"
|
|
tls_cert = "/etc/xmpp-proxy/fullchain.cer"
|