Mercurial > prosody-modules

view mod_isolate_host/README.markdown @ 5907:d194d1012fd3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Updating dox for mod_rest. Ideas expressed / clarified: 1) Making clear that mod_rest isn't to be installed under VirtualHosts AND as a component. 2) Understanding some of the implications of this choice: A) Changes to user authentication B) How it affects subdomains 3) More consistent use of domain names for clarity. 4) Using different heading sizes to show scope of section. Essentially, I added all the tidbits I had to clarify in getting this to work in my own example.
author Ben Smith <bens@effortlessis.com>
date Mon, 13 May 2024 13:25:13 -0700
parents 8de50be756e5
children
line wrap: on
line source

---
labels:
- 'Stage-Beta'
summary: Prevent communication between hosts
...

Introduction
============

In some environments it is desirable to isolate one or more hosts, and
prevent communication with external, or even other internal domains.

Loading mod\_isolate\_host on a host will prevent all communication with
JIDs outside of the current domain, though it is possible to configure
exceptions.

**Note:** if you just want to prevent communication with external
domains, this is possible without a plugin. See [Prosody: Disabling
s2s](http://prosody.im/doc/s2s#disabling) for more information.

This module was sponsored by [Exa Networks](http://exa-networks.co.uk/).

Configuration
=============

To isolate all hosts by default, add the module to your global
modules\_enabled:

``` {.lua}
modules_enabled = {
  ...
    "isolate_host";
  ...
}
```

Alternatively you can isolate a single host by putting a
modules\_enabled line under the VirtualHost directive:

``` {.lua}
VirtualHost "example.com"
modules_enabled = { "isolate_host" }
```

After enabling the module, you can add further options to add exceptions
for the isolation:

  Option                     Description
  -------------------------- -----------------------------------------------------------------------------------------
  isolate\_except\_domains   A list of domains to allow communication with.
  isolate\_except\_users     A list of user JIDs allowed to bypass the isolation and communicate with other domains.

**Note:** Admins of hosts are always allowed to communicate with other
domains

Compatibility
=============

  ----- -------
  0.9   Works
  ----- -------