• nginx TLS proxy

    From Oli@21:1/151 to All on Tue Nov 26 19:22:16 2019
    A simple example for using nginx as a TLS proxy in front of a binkp mailer. You
    can add it to your nginx.conf. Don't put it inside the http block. Put it above or below the http block (if there is one):

    stream {
    server {
    listen 24553 ssl;
    ssl_certificate /etc/nginx/ssl/snakeoil.crt;
    ssl_certificate_key /etc/nginx/ssl/snakeoil.key;
    proxy_pass 127.0.0.1:24554;
    }
    }


    This is an basic example for doing the same with alpn. It can be extended to serve https, h2 or xmpps on the same port.

    stream {
    map $ssl_preread_alpn_protocols $tls_proxy {
    "binkp" 127.0.0.1:55000;
    }

    server {
    listen 443;
    ssl_preread on;
    proxy_protocol on;
    proxy_pass $tls_proxy;
    }

    server {
    listen 127.0.0.1:55000 ssl proxy_protocol;
    ssl_certificate /etc/nginx/ssl/snakeoil.crt;
    ssl_certificate_key /etc/nginx/ssl/snakeoil.key;
    proxy_pass 127.0.0.1:24554;
    }
    }

    ---
    * Origin: (21:1/151)
  • From NuSkooler@21:1/121 to Oli on Tue Nov 26 19:16:23 2019

    On Tuesday, November 26th Oli said...
    A simple example for using nginx as a TLS proxy in front of a binkp mailer. You can add it to your nginx.conf. Don't put it inside the http block. Put it above or below the http block (if there is one):

    Hah, I should have read through all the messages before I responded. Yup, nginx, HAProxy, and and a number of others can do this on the same or other boxes/hardware & you can get some of this stuff now for "free". Get the ACME stuff configured right and everyone just has certs signed by Let's Encrypt and off you go.


    --
    NuSkooler
    Xibalba BBS @ xibalba.l33t.codes / 44510(telnet) 44511(ssh)
    ENiGMA 1/2 BBS WHQ | Phenom | 67 | iMPURE | ACiDic
    --- ENiGMA 1/2 v0.0.11-beta (linux; x64; 12.13.1)
    * Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)
  • From tallship@21:2/104 to NuSkooler on Tue Nov 26 19:13:31 2019
    Hah, I should have read through all the messages before I responded. Yup, nginx, HAProxy, and and a number of others can do this on the same or other boxes/hardware & you can get some of this stuff now for "free".
    Get the ACME stuff configured right and everyone just has certs signed
    by Let's Encrypt and off you go.


    I'm sorry, and I love LetsEncrypt, but even after all this time, whenever I
    see ACME I can't help but envision Wiley E. Coyote.

    --- Mystic BBS v1.12 A43 2019/03/02 (Linux/64)
    * Origin: Vger.Cloud - NOMAD Internetwork (21:2/104)
  • From NuSkooler@21:1/121 to tallship on Wed Nov 27 09:19:56 2019

    Twas Tuesday, November 26th when tallship said...
    I'm sorry, and I love LetsEncrypt, but even after all this time, whenever I see ACME I can't help but envision Wiley E. Coyote.

    100% I'm a Let's Encrypt pusher, but Wile E. Coyote, Super Genius pops in my head every time =p



    --
    NuSkooler
    Xibalba BBS @ xibalba.l33t.codes / 44510(telnet) 44511(ssh)
    ENiGMA 1/2 BBS WHQ | Phenom | 67 | iMPURE | ACiDic
    --- ENiGMA 1/2 v0.0.11-beta (linux; x64; 12.13.1)
    * Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)
  • From Vk3jed@21:1/109 to NuSkooler on Thu Nov 28 11:23:00 2019
    On 11-27-19 09:19, NuSkooler wrote to tallship <=-


    Twas Tuesday, November 26th when tallship said...
    I'm sorry, and I love LetsEncrypt, but even after all this time, whenever I see ACME I can't help but envision Wiley E. Coyote.

    100% I'm a Let's Encrypt pusher, but Wile E. Coyote, Super Genius pops
    in my head every time =p

    Hahaha, and yes I like Let's Encrypt too. Installed it on my main web server ages ago. Should set it up on SBBS as well, now that I'm running a current build. :)


    ... Copper wire was invented by two Ferengi fighting over a penny.
    === MultiMail/Win v0.51
    --- SBBSecho 3.10-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)
  • From tallship@21:2/104 to NuSkooler on Sat Dec 7 23:18:53 2019
    On 27 Nov 2019, NuSkooler said the following...

    Twas Tuesday, November 26th when tallship said...
    I'm sorry, and I love LetsEncrypt, but even after all this time, when I see ACME I can't help but envision Wiley E. Coyote.

    100% I'm a Let's Encrypt pusher, but Wile E. Coyote, Super Genius pops
    in my head every time =p


    Okay, so it's not just me then ;)

    --- Mystic BBS v1.12 A43 2019/03/02 (Linux/64)
    * Origin: Vger.Cloud - NOMAD Internetwork (21:2/104)
  • From Phoobar@21:2/147 to tallship on Mon Dec 9 17:09:21 2019
    100% I'm a Let's Encrypt pusher, but Wile E. Coyote, Super Genius pop in my head every time =p
    Okay, so it's not just me then ;)

    I was thinking about putting the old "IMF" back up...but always dying when I saw those RR cartoons & the stuff the coyote went thru...am happy others see the same images I saw when I chose the name.

    Phoobar

    --- Mystic BBS v1.12 A43 2019/03/03 (Windows/32)
    * Origin: ACME BBS-Suffering Succotah! (21:2/147)