[ejabberd] Enable File Transfer with proxy.eu.jabber.org Server

Peter Saint-Andre stpeter at stpeter.im
Wed Dec 23 18:21:11 MSK 2009


On 12/22/09 6:48 PM, Tharindu Madushanka wrote:

> {mod_proxy65, [{host, "proxy.eu.jabber.org <http://proxy.eu.jabber.org>"},
>                  {name, "File Transfer Proxy"},
>                  {ip, {208,68,163,220}},
>                  {port, 7777}]}

Why do you need to set this up in ejabberd? If a client connects to
proxy.eu.jabber.org that is fine (we run it as an open proxy) but
currently we allow a trusted component relationship only between
jabber.org and proxy.eu.jabber.org. All other servers can connect to the
proxy via a normal server-to-server connection, not a trusted component
connection.

Speaking of s2s, we will probably soon change the name of
proxy.eu.jabber.org because our certificate is for *.jabber.org and in
X.509 the wildcard character applies only to the leftmost domain label
(thus proxy-foo.jabber.org is fine but proxy.foo.jabber.org is not). If
any servers out there are doing strict certificate checking, encrypted
s2s will fail right now to proxy.eu.jabber.org. So don't hardcode that
domain name into your software! Instead, use XMPP service discovery or
DNS SRV lookups to find file transfer proxies. :)

Peter

-- 
Peter Saint-Andre
https://stpeter.im/


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6820 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20091223/be64207a/attachment-0001.bin>


More information about the ejabberd mailing list