nginx.conf:
The Mystic BBS can be configured to listen on multiple ports with the BINKP server. That means what could be done is to setup several BINKP server listening on localhost. E.g. 24554, 24555, 24556, 24557, 24558. Then You can have 5 concurrent connections from the proxy server. The nginx can load-balance and this is how it could be done:
That's about it. Correct me if I'm wrong.
than one node concurrently. The ip address is not forwarded through the proxy and You basically connect from localhost. That means when You
The Mystic BBS can be configured to listen on multiple ports with
the BINKP server. That means what could be done is to setup several
BINKP server listening on localhost. E.g. 24554, 24555, 24556,
24557, 24558. Then You can have 5 concurrent connections from the
proxy server. The nginx can load-balance and this is how it could
be done:
In my case I am using binkd. nginx is listening on port 24553 and if the tls handshake is successful it passes the connection to my running binkd
on the standard port.
That's not what I would call the right way to do it.
That's not what I would call the right way to do it.It's also not the wrong way to do it and it has some advantages (and a few disadvantages). I'm doing this with https and xmpps as
well, even if the servers support TLS by themselves.
Hello Al,
nginx.conf:
From that setup where You use nginx for the stream proxy of ssl binkps I would have a small comment. That's the trouble when You connect with more than one node concurrently. The ip address is not forwarded through the proxy and You basically connect from localhost. That means when You
connect with more than one node You got the Duplicate I.P. message. I'm uncertain if this cannot be configured otherwise. But there a solution on how to connect with more than one node at once.
The Mystic BBS can be configured to listen on multiple ports with the
BINKP server. That means what could be done is to setup several BINKP server listening on localhost. E.g. 24554, 24555, 24556, 24557, 24558.
Then You can have 5 concurrent connections from the proxy server. The
nginx can load-balance and this is how it could be done:
TLS support in binkd would be nice, but for incoming connections I would still use nginx or haproxy for TLS termination.
--- ENiGMA 1/2 v0.0.11-beta (linux; x64; 12.13.1)NuSkooler
Xibalba BBS @ xibalba.l33t.codes / 44510(telnet) 44511(ssh)
ENiGMA 1/2 BBS WHQ | Phenom | 67 | iMPURE | ACiDic
On Saturday, April 11th Oli muttered...
TLS support in binkd would be nice, but for incoming connections I
would still use nginx or haproxy for TLS termination.
+1 for TLS termination. nginx/HAProxy/Caddy/etc. are all heavily peer reviewed in terms of security. Various BBS packages are not. I had to enable some older cipher suites and lessen security just to allow some paritcular BBS terminals to connect to my b
..just kind of jumping in
here. What did the "binkps" proto end up looking like? Just bink proxied over TLS?
I'd like to get this set up (I'll be TLS terminating with Caddy
personally)
What did the "binkps" proto end up looking like? Just bink
proxied over TLS? I'd like to get this set up (I'll be TLS terminating with Caddy personally)
Can you put localhost in a whitelist of some sort?
here. What did the "binkps" proto end up looking like? Just bink proxied over TLS? I'd like to get this set up (I'll be TLS terminating with Caddy personally)
Sysop: | Shaun Ewing |
---|---|
Location: | Blue Mountains, Australia |
Users: | 192 |
Nodes: | 16 (0 / 16) |
Uptime: | 247:24:31 |
Calls: | 128 |
Files: | 187,812 |
Messages: | 318,618 |