I use converse.js for as XMPP webclient. Therefore I need a bosh server that handles the bidirectional communication. As such a server acts node-xmpp-bosh. Since my site is SSL/TLS encrypted and it's only available through https, it's only allowed to connect to the bosh server by encrypted communication. Unfortunately node-xmpp-bosh doesn't support SSL/TLS.
Can I circumvent this, by forwarding the traffic somehow? Or am I lost and need to search another bosh server?
Some hours later...again happy :)
The solution to my problem is to proxy the traffic to the bosh server. To do this on Apache I use now (or at least at the moment) this VirtualHost config:
<VirtualHost *:443>
ServerName bosh.domain.tld
ServerAlias www.bosh.domain.tld
ServerAdmin admin@domain.tld
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:5280/http-bind/
ProxyPassReverse / http://127.0.0.1:5280/http-bind/
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/domain.tld/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.tld/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/domain.tld/chain.pem
SSLVerifyClient None
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
Header always set Strict-Transport-Security "max-age=15768000"
</VirtualHost>