Add more notes.

damencho · Oct 25, 2013 · bb60b15 · bb60b15
1 parent 72cd87b
commit bb60b15
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -46,6 +46,24 @@ We do plan to create a packaged Docker image soon.
    browser closes the websocket connection if prompted for client certs.
 
 
+By default, You will need to ensure that these ports are open on your server:
+
+- 5222 (XMPP client to server connections)
+- 5269 (XMPP server to server connections)
+- 5280/5281 HTTP and WebSocket connection (5281 for SSL versions)
+
+You should also setup DNS SRV records:
+
+- `_xmpp-client._tcp.HOST 3600 IN SRV 0 10 5222 HOST`
+- `_xmpp-server._tcp.HOST 3600 IN SRV 0 10 5269 HOST`
+
+If you use the `mod_http_altconnect` module, Otalk will be able to auto-discover the WebSocket connection
+endpoint for your server, if you make https://HOST/.well-known/host-meta served by Prosody.
+
+One way to do this is to make Prosody act as your HTTP server. An example nginx config for doing that
+is included.
+
+
 ## To use &yet authentication (optional)
 
 **NOTE:** This is intended for use by otalk.im as a default authentication

diff --git a/nginx.cfg b/nginx.cfg
@@ -0,0 +1,40 @@
+# This is a sample nginx site config that will
+# make Prosody serve as the site's HTTP server.
+
+# Useful for server the .well-known/host-meta
+# file, and eliminating the port in wss URLs.
+
+server {
+    listen 80;
+    server_name HOST;
+
+    location / {
+        rewrite ^(.*) https://HOST$1 last;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name HOST;
+    ssl_certificate /path/to/cert;
+    ssl_certificate_key /path/to/key;
+
+    root /var/www/HOST;
+    error_log /var/log/nginx/HOST_error.log;
+    access_log /var/log/nginx/HOST_access.log;
+
+    location /xmpp-websocket {
+        proxy_pass https://localhost:5281;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        tcp_nodelay on;
+    }
+    location / {
+        proxy_pass https://localhost:5281;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr; 
+    }
+}