setting up bosh with prosody https
Set up NGINX with ssl and prosody
-- /etc/nginx/sites-available/a_host
server { listen 443 default ssl; server_name a_host; ssl_certificate /etc/nginx/certs/a_host.crt; ssl_certificate_key /etc/nginx/certs/a_host.key; access_log /var/log/nginx/a_host.access.log; error_log /var/log/nginx/a_host.error.log; rewrite_log on; root /var/www/a_host; index index.html index.htm; add_header Access-Control-Allow-Origin https://hearth.at; # Static files. # Set expire headers, Turn off access log location ~* \favicon.ico$ { access_log off; expires 1d; add_header Cache-Control public; } # Deny access to .htaccess files, # git & svn repositories, etc location ~ /(\.ht|\.git|\.svn) { deny all; } location /http-bind/ { proxy_pass http://localhost:5280/http-bind/; proxy_buffering off; tcp_nodelay on; } }
Create SSL CERT for both Prosody and NGINX
cd /etc/nginx/certs # set key with passphrase openssl genrsa -aes256 -out server.key.pass 2048 # use passphrase openssl req -new -key server.key.pass -out server.csr # remove password openssl rsa -in server.key.pass -out server.key # create signed certificate openssl x509 -req -days 999 -in server.csr -signkey server.key -out server.crt
appending the following to my existing prosody setup
-- /etc/prosody/conf.d/a_host.cfg.lua
modules_enabled = { "bosh" } bosh_ports = { { port = 5280; path = "http-bind"; ssl = { key = "/etc/nginx/certs/a_host.key"; certificate = "/etc/nginx/certs/a_host.crt"; } } }
Restart all of the services
service prosody stop && service prosody start service nginx stop && service nginx start
Test via curl prosody bosh
-- curl http://localhost:5280/http-bind/
<html><body>You really don't look like a BOSH client to me... what do you want?</body></html>
Test via SSL connection to NGINX that the proxy is operatinng
-- openssl s_client -connect a_host:443
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 512 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 5F984EB9743520EE91DCFBAFC426FD0E748628AE2F2723D4DC8B03C95DFE2D4E Session-ID-ctx: Master-Key: 8F07FEB5207F75386F293891BF9545CA38BC4937E3F773764D927F58BBCB40D2F533702FEE441B604779971E88BC11D7 Key-Arg : None Start Time: 1334080565 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) ---
enter HTTP PROTOCOL commands - followed by newline
GET /http-bind/ HTTP/1.1 HOST: ahost
HTTP/1.1 200 OK Server: nginx/0.7.65 Date: Tue, 10 Apr 2012 17:57:01 GMT Connection: keep-alive Content-Length: 93 Access-Control-Allow-Origin: https://a_host <html><body>You really don't look like a BOSH client to me... what do you want?</body></html>