diff --git a/README.md b/README.md index f038b03..116bb05 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,24 @@ We do plan to create a packaged Docker image soon. browser closes the websocket connection if prompted for client certs. +By default, You will need to ensure that these ports are open on your server: + +- 5222 (XMPP client to server connections) +- 5269 (XMPP server to server connections) +- 5280/5281 HTTP and WebSocket connection (5281 for SSL versions) + +You should also setup DNS SRV records: + +- `_xmpp-client._tcp.HOST 3600 IN SRV 0 10 5222 HOST` +- `_xmpp-server._tcp.HOST 3600 IN SRV 0 10 5269 HOST` + +If you use the `mod_http_altconnect` module, Otalk will be able to auto-discover the WebSocket connection +endpoint for your server, if you make https://HOST/.well-known/host-meta served by Prosody. + +One way to do this is to make Prosody act as your HTTP server. An example nginx config for doing that +is included. + + ## To use &yet authentication (optional) **NOTE:** This is intended for use by otalk.im as a default authentication diff --git a/nginx.cfg b/nginx.cfg new file mode 100644 index 0000000..b2d016d --- /dev/null +++ b/nginx.cfg @@ -0,0 +1,40 @@ +# This is a sample nginx site config that will +# make Prosody serve as the site's HTTP server. + +# Useful for server the .well-known/host-meta +# file, and eliminating the port in wss URLs. + +server { + listen 80; + server_name HOST; + + location / { + rewrite ^(.*) https://HOST$1 last; + } +} + +server { + listen 443 ssl; + server_name HOST; + ssl_certificate /path/to/cert; + ssl_certificate_key /path/to/key; + + root /var/www/HOST; + error_log /var/log/nginx/HOST_error.log; + access_log /var/log/nginx/HOST_access.log; + + location /xmpp-websocket { + proxy_pass https://localhost:5281; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + tcp_nodelay on; + } + location / { + proxy_pass https://localhost:5281; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + } +}