XMPP reverse proxy and outgoing proxy https://github.com/moparisthebest/xmpp-proxy
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Travis Burtrum 6f95db72ac Update Cargo.lock versions 2 years ago
.ci Initial commit 2 years ago
src Fix ejabberd s2s 2 years ago
systemd Initial commit 2 years ago
.gitignore Initial commit 2 years ago
.rustfmt.toml Initial commit 2 years ago
Cargo.lock Update Cargo.lock versions 2 years ago
Cargo.toml Initial commit 2 years ago
LICENSE.md Initial commit 2 years ago
README.md Initial commit 2 years ago
xmpp-proxy.toml Initial commit 2 years ago



Build Status

xmpp-proxy is a reverse proxy for XMPP servers, providing STARTTLS and TLS over plain-text XMPP connections and limiting stanza sizes without an XML parser.

xmpp-proxy will listen on any number of interfaces/ports and accept any STARTTLS or Direct TLS c2s or s2s connections, terminate TLS, and connect them to a real XMPP server, limiting stanza sizes as configured.



  • mkdir /etc/xmpp-proxy/ && cp xmpp-proxy.toml /etc/xmpp-proxy/
  • edit /etc/xmpp-proxy/xmpp-proxy.toml as needed, file is annotated clearly with comments
  • put your TLS key/cert in /etc/xmpp-proxy/, if your key has "RSA PRIVATE KEY" in it, change that to "PRIVATE KEY": sed -i 's/RSA PRIVATE KEY/PRIVATE KEY/' /etc/xmpp-proxy/le.key
  • Example systemd unit is provided in xmpp-proxy.service and locks it down with bare minimum permissions. Need to set the permissions correctly: chown -Rv 'systemd-network:' /etc/xmpp-proxy/
  • start xmpp-proxy: Usage: xmpp-proxy [/path/to/xmpp-proxy.toml (default /etc/xmpp-proxy/xmpp-proxy.toml]

How do I adapt my running Prosody config to use this instead?

Add these to modules_enabled:


Until prosody-modules is updated, use my patched version of mod_secure_interfaces.lua which also works for s2s.

Add this config:

-- trust connections coming from these IPs
secure_interfaces = { "", "::1" }

-- handle PROXY protocol on these ports
proxy_port_mappings = {
    [15222] = "c2s",
    [15269] = "s2s"

-- don't listen on any normal c2s/s2s ports (xmpp-proxy listens on these now)
-- you might need to comment these out further down in your config file if you set them
c2s_ports = {}
legacy_ssl_ports = {}
-- you MUST have at least one s2s_ports defined if you want outgoing S2S to work, don't ask.. 
s2s_ports = {15269}

Copy prosody's TLS key to /etc/xmpp-proxy/le.key and TLS cert to /etc/xmpp-proxy/fullchain.cer, and use the provided xmpp-proxy.toml configuration as-is.


GNU/AGPLv3 - Check LICENSE.md for details