mod_http_bind through https

Hello, I'm setting up a webclient for ejabberd and I have some doubts about https.
I have noticed that if I access http://myserver.com:5280/http_bind I get the message that http_bind is running correctly and blahblahblah, but if I access https://myserver.com:5280/http_bind I get an error, which means that https is not enabled in mod_http_bind. Please correct me in case I'm not saying something correct:

1- The user enters the chat website through https.
2- He puts his login, which is encrypted and sent to Apache.
3- Apache sees that there is a proxy request for that resource, so he redirects it to the port 5280.
4- Since the request is now http, the information goes unencrypted. However, this is not that important because we don't have to communicate with other server (in case Apache and ejabberd are in the same machine).
5- ejabberd receives the information in plain text and does whatever it has to do with it.

In case things are happening like I said, is this a big security risk? Is there anyway to set up mod_http_bind to work in https?

xcu wrote: Is there anyway to

xcu wrote:

Is there anyway to set up mod_http_bind to work in https?

Add the options tls and certfile to your HTTP listener, for example:

{listen, [
  {5280, ejabberd_http, [
                         {certfile, "/etc/ejabberd/example.com.pem"}, tls,
                         ...
                         http_bind
                        ]},
  ...
]}.

Hi I had similar issue and i

Hi

I had similar issue and i followed what you said here. but i didn't worked but i am able to see the admin page in https.

Can you please tell me what changes i have to do to work it in https?

Syndicate content