On 2014-07-05 18:35, Matthew Wild wrote: > Hi, > > On 5 July 2014 00:26, Hugo Osvaldo Barrera <h...@barrera.io> wrote: > > Hi, > > > > I'm trying to set bosh without success. > > Thanks for the details. One key bit of info missing: what version of > Prosody are you using? >
prosody-0.9.4, on OpenBSD-current > > bosh_ports = { 5280 } > > Probably best to drop this line. 5280 is the default, and bosh_ports > has been removed from 0.9+. > Thanks. The docs need updating, apparently. :) > > When testing this locally: > > > > # curl -I localhost:5280/http-bind > > HTTP/1.1 404 Not Found > > Connection: Keep-Alive > > Content-Length: 369 > > Date: Fri, 04 Jul 2014 23:06:25 GMT > > # curl localhost:5280/http-bind > > <html><body> > > <p>It works! Now point your BOSH client to this URL to connect to > > Prosody.</p> > > <p>For more information see <a > > href="http://prosody.im/doc/setting_up_bosh">Prosody: Setting up > > BOSH</a>.</p> > > </body></html> > > # curl xmpp.barrera.io/http-bind > > <!DOCTYPE html> > > <html> > > <head><meta > > charset="utf-8"><style>body{margin-top:14%;text-align:center;background-color:#F8F8F8;font-family:sans-serif;}h1{font-size:xx-large;}p{font-size:x-large;}p+p > > { font-size: large; font-family: courier }</style> > > </head> > > <body><h1>404 Not Found</h1><p>Whatever you were looking for is not here. > > It's behind you.</p><p>Unknown host: xmpp.barrera.io</p> > > </body> > > > > My nginx config is LITERALLY a copy-paste from > > https://prosody.im/doc/setting_up_bosh > > > > Looking at pidgin's log, it gets the same 404 message I via curl > > xmpp.barrera.io/http-bind. > > I've also tried setting xmpp.barrera.io. > > Sounds like you're using Prosody 0.9. Prosody 0.8 totally ignored the > HTTP host, which simplified setup but led to some unintuitive > behaviour and limitations. In Prosody 0.9 you need to make sure to > tell Prosody about what HTTP host you will be using (if it isn't the > same as an XMPP host in your config). > Oh, yes, that explains what my issue is, thanks! > I'm going to guess that your XMPP host is "barrera.io", and Prosody is > running at "xmpp.barrera.io". This is a common setup, and the fix is > easy. Under your "barrera.io" host in Prosody's config, just tell it > what HTTP host to expect: > > VirtualHost "barrera.io" > ...options here.... > http_host = "xmpp.barrera.io" -- HTTP requests will be addressed to here > Yup, that got rid of the issue of me requiring the Host header. I simple deleted the line from nginx entirely. (No need for proxy_set_header at all). > > After looking at the error a bit, I tried some guessing and changed and > > changed nginx to: > > > > location / { > > proxy_pass http://localhost:5280/http-bind; > > proxy_set_header Host "localhost"; > > proxy_buffering off; > > tcp_nodelay on; > > } > > > > (notice the change in Host). Why did I need this? Has anyone else had > > similar experiences? > > This worked because you probably have "localhost" as a VirtualHost in > your config. This would also have worked (and be more correct): > > proxy_set_header Host "barrera.io"; > > If you prefer you can do this *instead* of setting http_host in > Prosody's config. The only advantage to configuring it in Prosody is > that you can then easily serve multiple HTTP hosts (which may or may > not be useful to you). > > > After this change, curl http://xmpp.barrera.io/ works as expected. Pidgin > > manages to connect but with absolutely no encryption. If I enable HTTPS, > > it fails. If I require encryption on the client or server side (or both), > > it fails too. > > https://xmpp.barrera.io/ seems to work for me (in my browser), so I > don't know what the problem might be here. Check Pidgin's debug logs > perhaps (Help->Debug). > Pidgin "just fails": [...] (20:24:41) proxy: Connected to xmpp.barrera.io:443. (20:24:43) nss: subject=E=postmas...@barrera.io,CN=xmpp.barrera.io,C=AR,OID.2.5.4.13=x9oY27d7F92897MS issuer=CN=StartCom Class 1 Primary Intermediate Server CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL (20:24:43) nss: subject=CN=StartCom Class 1 Primary Intermediate Server CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL issuer=CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL (20:24:43) nss: subject=CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL issuer=CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL (20:24:43) certificate/x509/tls_cached: Starting verify for xmpp.barrera.io (20:24:43) certificate/x509/tls_cached: Checking for cached cert... (20:24:43) certificate/x509/tls_cached: ...Found cached cert (20:24:43) nss/x509: Loading certificate from /home/hugo/.purple/certificates/x509/tls_peers/xmpp.barrera.io (20:24:43) certificate/x509/tls_cached: Peer cert matched cached (20:24:43) nss/x509: Exporting certificate to /home/hugo/.purple/certificates/x509/tls_peers/xmpp.barrera.io (20:24:43) util: Writing file /home/hugo/.purple/certificates/x509/tls_peers/xmpp.barrera.io (20:24:43) certificate: Successfully verified certificate for xmpp.barrera.io (20:24:43) connection: Connection error on 0x139b110 (reason: 0 description: Lost connection with server: Input/output error) (20:24:43) nss: Handshake failed (-5938) (20:24:43) jabber: BOSH server closed the connection (0x1bcd310) (20:24:43) account: Disconnecting account h...@barrera.io/hyperion (0x12cafb0) (20:24:43) connection: Disconnecting connection 0x139b110 (20:24:43) connection: Destroying connection 0x139b110 Does this look like a client issue? On the server side, the ONLY thing logged by both nginx and prosody is: # tail -f /var/log/nginx/error.log 2014/07/07 23:20:01 [alert] 1818#0: worker process 32138 exited on signal 11 2014/07/07 23:20:02 [alert] 1818#0: worker process 28105 exited on signal 11 2014/07/07 23:20:42 [alert] 1818#0: worker process 19225 exited on signal 11 2014/07/07 23:20:43 [alert] 1818#0: worker process 18334 exited on signal 11 2014/07/07 23:21:03 [alert] 1818#0: worker process 31438 exited on signal 11 2014/07/07 23:21:05 [alert] 1818#0: worker process 8974 exited on signal 11 2014/07/07 23:21:23 [alert] 1818#0: worker process 31071 exited on signal 11 2014/07/07 23:21:24 [alert] 1818#0: worker process 12919 exited on signal 11 2014/07/07 23:21:36 [alert] 1818#0: worker process 7470 exited on signal 11 2014/07/07 23:21:37 [alert] 1818#0: worker process 4447 exited on signal 11 (just once per attempt, of course). Connecting with HTTP (instead of HTTPS), results in a different errors: "You require encryption, but it is not available on this server." I get this error regardless of the value for consider_bosh_secure. If I disable encryption on pidgin (just as a test, because HTTP+plain-text is an awful idea), that *does* work. > Regards, > Matthew > Thanks, -- Hugo Osvaldo Barrera A: Because we read from top to bottom, left to right. Q: Why should I start my reply below the quoted text?
pgp39k2IzzS5C.pgp
Description: PGP signature