any got successful with ssl termination and haproxy 1.7?
frontend ejabberd
bind *:4000 ssl crt /etc/haproxy/certs/my-domain.com.pem
mode tcp
timeout client 3h
option tcplog
option clitcpka
default_backend ejabberd
backend ejabberd
mode tcp
timeout server 60m
option redispatch
option srvtcpka
option independent-streams
balance leastconn
default-server inter 5s rise 3 fall 3 on-marked-down shutdown-sessions
server ejabberd localhost:5222 check slowstart 120s
it works fine without ssl crt. My smack client gives me a No response received within reply timeout. Timeout was 5000ms (~5s). While waiting for establishing TLS, also tried without tls on ejabberd conf
Config on ejabberd c2s is:
define_macro:
'CERTFILE': "/home/ubuntu/ejabberd-17.09/conf/server.pem"
## 'CIPHERS': "ECDH:DH:!3DES:!aNULL:!eNULL:!MEDIUM@STRENGTH"
'TLSOPTS':
## - "no_sslv2"
- "no_sslv3"
## - "no_tlsv1"
## - "no_tlsv1_1"
## - "cipher_server_preference"
## - "no_compression"
## 'DHFILE': "/path/to/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 2048
##
## listen: The ports ejabberd will listen on, which service each is handled
## by and what options to start it with.
##
listen:
-
port: 5222
## ip: "::"
module: ejabberd_c2s
## starttls: true
certfile: 'CERTFILE'
protocol_options: 'TLSOPTS'
## dhfile: 'DHFILE'
## ciphers: 'CIPHERS'
##
## To enforce TLS encryption for client connections,
## use this instead of the "starttls" option:
##
starttls_required: true
##
## Stream compression
##
## zlib: true
##
max_stanza_size: 65536
shaper: c2s_shaper
access: c2s
