this post was submitted on 11 Sep 2023
4 points (70.0% liked)

Selfhosted

42834 readers
895 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
4
Running ejabberd behind a reverse proxy (discuss.tchncs.de)
submitted 1 year ago by adam@discuss.tchncs.de to c/selfhosted@lemmy.world
3 comments fedilink hide all child comments
 

Hi all,

As the title suggests, I'm trying to run an ejabberd (xmpp) server behind an nginx reverse proxy. The reason is, I want to be able to run the server on my raspberry pi at home, but have people connect to it through my VPS, which is running nginx. This would be nice because I don't need a static ip and I don't have to leak my ip address.

I have looked this up, but have not found an answer that works exactly for my use case.

My current nginx configuration looks like this:

stream {
	upstream xmppserver {
		server 10.8.0.3:5223;
	}

	upstream turnserver {
		server 10.8.0.3:3478;
	}

	map $ssl_preread_alpn_protocols $upstream {
		"xmpp-client" xmppserver;
		"stun.turn" turnserver;
		"stun.nat-discovery" turnserver;
	}

	server {
		listen 6969;
		proxy_pass $upstream;
		proxy_protocol on;
	}
}

And I have a DNS entry telling XMPP clients to contact my server at port 6969 (this was just for testing):

I would also need to figure out how to supply ejabberd with the correct certificates for the domain. Since it's running on a different computer than the reverse proxy, would I have to somehow copy the certificate over every time it has to be renewed?

Thank you for your help.

top 3 comments
sorted by: hot top controversial new old
[–] poVoq@slrpnk.net 1 points 1 year ago* (last edited 1 year ago)

I guess this is based on this guide? https://wiki.xmpp.org/web/Tech_pages/XEP-0368

But since you don't actually need to multi-plex HTTP with XMPP, why not just configure port forwarding like you would do in a local network (assuming your VPS is connected to your Rasberry via a Wireguard VPN or similar)?

For the certs you can request them again from your Rasberry easily if you use the DNS-01 method. That also allows you to get wildcard certs, which are very useful with the multiple subdomains you usually have for a XMPP service.

[–] Decronym@lemmy.decronym.xyz 1 points 1 year ago* (last edited 1 year ago) (1 children)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
DNS Domain Name Service/System
HTTP Hypertext Transfer Protocol, the Web
IP Internet Protocol
SSL Secure Sockets Layer, for transparent encryption
TLS Transport Layer Security, supersedes SSL
VPN Virtual Private Network
VPS Virtual Private Server (opposed to shared hosting)

6 acronyms in this thread; the most compressed thread commented on today has 8 acronyms.

[Thread #136 for this sub, first seen 13th Sep 2023, 15:05] [FAQ] [Full list] [Contact] [Source code]

[–] Craftkorb@feddit.de 1 points 1 year ago

Adding Wikipedia page links would make this bot much more useful for those that need this information 🤔