Welcome! Log In Create A New Profile

Advanced

Re: Routing based on ALPN

Vladimir Homutov
February 19, 2018 06:46AM
On Mon, Feb 19, 2018 at 12:02:06PM +0100, Wiktor Kwapisiewicz via nginx wrote:
> Hello,
>
> I'm looking for a way to route traffic on port 443 based on ALPN value
> without SSL termination.
>
> ssl_preread_module [1] does something similar but the only exposed
> variable ($ssl_preread_server_name) is for SNI, not ALPN.
>
> A bit of context. I'd like to use nginx to host regular HTTPS server on port
> 443 but if the ALPN value is 'xmpp-client' transparently proxy the traffic
> to my local Jabber server. This feature [2] is already supported by several
> XMPP clients.
>
> Is there a way to access and save ALPN value to a variable?

Hello,

currently this is not possible; as you correctly noted, ssl_preread
module only processes SNI extension.
To achieve what you want, ssl_preread module needs to be extended to process
ALPN extension as well and export results as a variable, that could be
used to make routing decision.


_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Routing based on ALPN

Wiktor Kwapisiewicz via nginx February 19, 2018 06:04AM

Re: Routing based on ALPN

Vladimir Homutov February 19, 2018 06:46AM

Re: Routing based on ALPN

Konstantin Pavlov February 19, 2018 08:16AM

Re: Routing based on ALPN

Wiktor Kwapisiewicz via nginx February 25, 2018 02:18PM

Re: Routing based on ALPN

Vladimir Homutov March 06, 2018 09:46AM

Re: Routing based on ALPN

Wiktor Kwapisiewicz via nginx March 07, 2018 06:40AM

Re: Routing based on ALPN

Maxim Konovalov March 07, 2018 06:48AM

Re: Routing based on ALPN

Roman Arutyunyan March 13, 2018 08:10AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 275
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready