XMPP Service Operators - 2024-06-06

  1. Kris

    Falls noch wer Beispiele kennt

  2. Kris

    In case someone knows additional examples.

  3. badmuff

    I'm experiencing an issue with SSLH and NGINX on port 443 where my IPv6 connection does not receive a certificate. The IPv4 connection works correctly, but IPv6 fails to obtain the SSL certificate. An A record and AAAA record are set correctly, and ping6 to the server is successful. However, when running openssl s_client -connect [2a01:4f8:c17:f7d5::1]:443 -6, it hangs at rblock. Any Idea?

  4. badmuff

    config: https://paste.debian.net/1319373/

  5. Menel

    Hm. You only want to do sslh on ipv4? Then maybe specify your ipv4 directly there, not the hostname. (just a guess if that's what's binding to it otherwise)

  6. badmuff

    perhaps to conufusing my description, i need the cert on both ipv4 and ipv6.

  7. Menel

    `lsof -i -P -n | grep LISTEN` Will show sslh correctly listening on your public ipv4 and 6?

  8. Menel

    > { name: "timeout"; host: "localhost"; port: "443";} Timeout to port 443 not better 5443?

  9. badmuff

    https://paste.debian.net/1319381/

  10. badmuff

    i will check with timeout.

  11. badmuff

    lsof output: https://paste.debian.net/1319383/

  12. Menel

    Hm. So far so good.

  13. Menel

    You said certs don't work too? What happens on using curl port 80 to your acme challenge path?

  14. badmuff

    that is coming if sslab is checking cert on ipv6, got more to investigate. https://paste.debian.net/1319385/

  15. Menel

    Yes I see no AAAA records for nginxsslh.uuxo.net

  16. badmuff

    certs working - problem is the mobile access via ipv6 - all ipv4 connections get served well, but if you are coming over ipv6 (esp. mobile network) it got no tls/ssl cert presented.

  17. badmuff

    but if dig uuxo.net

  18. badmuff

    but if you dig uuxo.net

  19. badmuff

    it might be the solution, menel.

  20. badmuff

    i will check.

  21. Menel

    Why would I need to dig uuxo.net? Your sslh is only listening on nginxsslh.uuxo.net

  22. badmuff

    perhaps a logic problem from my site.

  23. Menel

    Yes uuxo.net has a record , but that subdomain needs one too, as it is setup currently

  24. badmuff

    thanks a lot.

  25. Menel

    I don't know why to be honest. Since you specified uuxo.net in sslh but thats what your lsof sais

  26. Menel

    I prefer putting ips in sslh ., you know what you get 🙂

  27. badmuff

    yes, i agree 100%

  28. badmuff

    or listen ::

  29. MattJ

    edhelas, movim.eu cert expired?

  30. edhelas

    Will check that thanks