A simple example for using nginx as a TLS proxy in front of a binkp mailer. You
can add it to your nginx.conf. Don't put it inside the http block. Put it above or below the http block (if there is one):

stream {
server {
listen 24553 ssl;
ssl_certificate /etc/nginx/ssl/snakeoil.crt;
ssl_certificate_key /etc/nginx/ssl/snakeoil.key;
proxy_pass 127.0.0.1:24554;
}
}


This is an basic example for doing the same with alpn. It can be extended to serve https, h2 or xmpps on the same port.

stream {
map $ssl_preread_alpn_protocols $tls_proxy {
"binkp" 127.0.0.1:55000;
}

server {
listen 443;
ssl_preread on;
proxy_protocol on;
proxy_pass $tls_proxy;
}

server {
listen 127.0.0.1:55000 ssl proxy_protocol;
ssl_certificate /etc/nginx/ssl/snakeoil.crt;
ssl_certificate_key /etc/nginx/ssl/snakeoil.key;
proxy_pass 127.0.0.1:24554;
}
}

---
* Origin: (21:1/151)

On Tuesday, November 26th Oli said...

A simple example for using nginx as a TLS proxy in front of a binkp mailer. You can add it to your nginx.conf. Don't put it inside the http block. Put it above or below the http block (if there is one):

Hah, I should have read through all the messages before I responded. Yup, nginx, HAProxy, and and a number of others can do this on the same or other boxes/hardware & you can get some of this stuff now for "free". Get the ACME stuff configured right and everyone just has certs signed by Let's Encrypt and off you go.


--

NuSkooler
Xibalba BBS @ xibalba.l33t.codes / 44510(telnet) 44511(ssh)
ENiGMA 1/2 BBS WHQ | Phenom | 67 | iMPURE | ACiDic

--- ENiGMA 1/2 v0.0.11-beta (linux; x64; 12.13.1)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)

Hah, I should have read through all the messages before I responded. Yup, nginx, HAProxy, and and a number of others can do this on the same or other boxes/hardware & you can get some of this stuff now for "free".
Get the ACME stuff configured right and everyone just has certs signed
by Let's Encrypt and off you go.

I'm sorry, and I love LetsEncrypt, but even after all this time, whenever I
see ACME I can't help but envision Wiley E. Coyote.

--- Mystic BBS v1.12 A43 2019/03/02 (Linux/64)
* Origin: Vger.Cloud - NOMAD Internetwork (21:2/104)

Twas Tuesday, November 26th when tallship said...

I'm sorry, and I love LetsEncrypt, but even after all this time, whenever I see ACME I can't help but envision Wiley E. Coyote.

100% I'm a Let's Encrypt pusher, but Wile E. Coyote, Super Genius pops in my head every time =p



--

NuSkooler
Xibalba BBS @ xibalba.l33t.codes / 44510(telnet) 44511(ssh)
ENiGMA 1/2 BBS WHQ | Phenom | 67 | iMPURE | ACiDic

--- ENiGMA 1/2 v0.0.11-beta (linux; x64; 12.13.1)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)

On 11-27-19 09:19, NuSkooler wrote to tallship <=-

Twas Tuesday, November 26th when tallship said...

I'm sorry, and I love LetsEncrypt, but even after all this time, whenever I see ACME I can't help but envision Wiley E. Coyote.

100% I'm a Let's Encrypt pusher, but Wile E. Coyote, Super Genius pops
in my head every time =p

Hahaha, and yes I like Let's Encrypt too. Installed it on my main web server ages ago. Should set it up on SBBS as well, now that I'm running a current build. :)


... Copper wire was invented by two Ferengi fighting over a penny.
=== MultiMail/Win v0.51
--- SBBSecho 3.10-Linux
* Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)

On 27 Nov 2019, NuSkooler said the following...

Twas Tuesday, November 26th when tallship said...

I'm sorry, and I love LetsEncrypt, but even after all this time, when I see ACME I can't help but envision Wiley E. Coyote.

100% I'm a Let's Encrypt pusher, but Wile E. Coyote, Super Genius pops
in my head every time =p

Okay, so it's not just me then ;)

--- Mystic BBS v1.12 A43 2019/03/02 (Linux/64)
* Origin: Vger.Cloud - NOMAD Internetwork (21:2/104)

100% I'm a Let's Encrypt pusher, but Wile E. Coyote, Super Genius pop in my head every time =p

Okay, so it's not just me then ;)

I was thinking about putting the old "IMF" back up...but always dying when I saw those RR cartoons & the stuff the coyote went thru...am happy others see the same images I saw when I chose the name.

Phoobar

--- Mystic BBS v1.12 A43 2019/03/03 (Windows/32)
* Origin: ACME BBS-Suffering Succotah! (21:2/147)