Mercurial > sat_docs
annotate docker/prosody/prosody.cfg.lua @ 142:2602c690806b
flatpak (sat_wrapper): don't use packages from $HOME in PYTHONPATH to avoid conflicts:
before this change, packages from ~/.local/lib/python2.7/site-packages when included, and
this could conflict with the ones from Flatpak, resulting in unwanted side effects (e.g.
OMEMO not available).
author | Goffi <goffi@goffi.org> |
---|---|
date | Sun, 23 Jun 2019 19:45:37 +0200 |
parents | 349cbfea2596 |
children |
rev | line source |
---|---|
78 | 1 -- Prosody configuration for SàT Docker image |
2 | |
3 ---------- Server-wide settings ---------- | |
4 | |
79
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
5 -- we use environment variable to get the domain |
78 | 6 local domain = os.getenv("DOMAIN") or "libervia.int" |
79
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
7 -- default admin is admin@DOMAIN |
78 | 8 admins = { "admin@"..(domain) } |
9 | |
10 -- Enable use of libevent for better performance under high load | |
11 -- For more information see: http://prosody.im/doc/libevent | |
12 --use_libevent = true; | |
13 | |
14 -- Documentation on modules can be found at: http://prosody.im/doc/modules | |
15 modules_enabled = { | |
79
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
16 -- used by SàT |
78 | 17 |
18 -- SàT PubSub | |
19 "delegation"; | |
20 "privilege"; | |
21 | |
22 -- Not mandatory but neat | |
23 "ipcheck"; | |
24 "http_upload"; | |
25 | |
79
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
26 -- Generally required |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
27 "roster"; -- Allow users to have a roster. Recommended ;) |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
28 "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
29 "tls"; -- Add support for secure TLS on c2s/s2s connections |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
30 "dialback"; -- s2s dialback support |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
31 "disco"; -- Service discovery |
78 | 32 |
79
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
33 -- Not essential, but recommended |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
34 "private"; -- Private XML storage (for room bookmarks, etc.) |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
35 "vcard"; -- Allow users to set vCards |
78 | 36 |
79
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
37 -- These are commented by default as they have a performance impact |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
38 --"privacy"; -- Support privacy lists |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
39 --"compression"; -- Stream compression (Debian: requires lua-zlib module to work) |
78 | 40 |
79
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
41 -- Nice to have |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
42 "version"; -- Replies to server version requests |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
43 "uptime"; -- Report how long server has been running |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
44 "time"; -- Let others know the time here on this server |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
45 "ping"; -- Replies to XMPP pings with pongs |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
46 -- "pep"; -- Enables users to publish their mood, activity, playing music and more |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
47 -- we don't want to allow self registering, this is managed by a SàT plugin |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
48 --"register"; -- Allow users to register on this server using a client and change passwords |
78 | 49 |
79
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
50 -- Admin interfaces |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
51 "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
52 --"admin_telnet"; -- Opens telnet console interface on localhost port 5582 |
78 | 53 |
79
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
54 -- HTTP modules |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
55 --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
56 --"http_files"; -- Serve static files from a directory over HTTP |
78 | 57 |
79
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
58 -- Other specific functionality |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
59 "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
60 --"groups"; -- Shared roster support |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
61 -- announce is usefull on a Libervia instance |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
62 "announce"; -- Send announcement to all online users |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
63 --"welcome"; -- Welcome users who register accounts |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
64 --"watchregistrations"; -- Alert admins of registrations |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
65 --"motd"; -- Send a message to users when they log in |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
66 --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. |
78 | 67 }; |
68 | |
69 -- to disable them then uncomment them here: | |
70 modules_disabled = { | |
79
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
71 -- "offline"; -- Store offline messages |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
72 -- "c2s"; -- Handle client connections |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
73 -- "s2s"; -- Handle server-to-server connections |
78 | 74 }; |
75 | |
76 -- Disable account creation by default, for security | |
77 -- For more information see http://prosody.im/doc/creating_accounts | |
78 allow_registration = false; | |
79 | |
80 -- We keep foreground for Docker | |
81 daemonize = false; | |
82 | |
83 -- Debian: | |
84 -- Please, don't change this option since /var/run/prosody/ | |
85 -- is one of the few directories Prosody is allowed to write to | |
86 -- | |
87 pidfile = "/var/run/prosody/prosody.pid"; | |
88 | |
79
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
89 -- We want to use the certificat in /usr/share/sat |
78 | 90 ssl = { |
81
697d7234d2ed
docker (prosody): updated path for certificates
Goffi <goffi@goffi.org>
parents:
79
diff
changeset
|
91 key = "/usr/share/sat/certificates/libervia.key"; |
697d7234d2ed
docker (prosody): updated path for certificates
Goffi <goffi@goffi.org>
parents:
79
diff
changeset
|
92 certificate = "/usr/share/sat/certificates/libervia.crt"; |
78 | 93 } |
94 | |
95 c2s_require_encryption = true | |
96 | |
97 -- Force certificate authentication for server-to-server connections? | |
98 -- This provides ideal security, but requires servers you communicate | |
99 -- with to support encryption AND present valid, trusted certificates. | |
100 -- NOTE: Your version of LuaSec must support certificate verification! | |
101 -- For more information see http://prosody.im/doc/s2s#security | |
102 | |
103 s2s_secure_auth = false | |
104 | |
105 -- Many servers don't support encryption or have invalid or self-signed | |
106 -- certificates. You can list domains here that will not be required to | |
107 -- authenticate using certificates. They will be authenticated using DNS. | |
108 | |
109 --s2s_insecure_domains = { "gmail.com" } | |
110 | |
111 -- Even if you leave s2s_secure_auth disabled, you can still require valid | |
112 -- certificates for some domains by specifying a list here. | |
113 | |
114 --s2s_secure_domains = { "jabber.org" } | |
115 | |
116 -- Select the authentication backend to use. The 'internal' providers | |
117 -- use Prosody's configured data storage to store the authentication data. | |
118 -- To allow Prosody to offer secure authentication mechanisms to clients, the | |
119 -- default provider stores passwords in plaintext. If you do not trust your | |
120 -- server please see http://prosody.im/doc/modules/mod_auth_internal_hashed | |
121 -- for information about using the hashed backend. | |
122 | |
123 authentication = "internal_plain" | |
124 | |
79
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
125 -- we listen to the world for components (but we do *NOT* |
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
126 -- expose the port! It's just for linked containers) |
78 | 127 component_interface="0.0.0.0" |
128 | |
98
349cbfea2596
docker (prosody): restored logs in /var/log + info logs to console
Goffi <goffi@goffi.org>
parents:
82
diff
changeset
|
129 log = { |
349cbfea2596
docker (prosody): restored logs in /var/log + info logs to console
Goffi <goffi@goffi.org>
parents:
82
diff
changeset
|
130 -- Log to files and console (change 'info' to 'debug' for debug logs): |
349cbfea2596
docker (prosody): restored logs in /var/log + info logs to console
Goffi <goffi@goffi.org>
parents:
82
diff
changeset
|
131 info = "/var/log/prosody/prosody.log"; |
349cbfea2596
docker (prosody): restored logs in /var/log + info logs to console
Goffi <goffi@goffi.org>
parents:
82
diff
changeset
|
132 error = "/var/log/prosody/prosody.err"; |
349cbfea2596
docker (prosody): restored logs in /var/log + info logs to console
Goffi <goffi@goffi.org>
parents:
82
diff
changeset
|
133 info = "*console"; -- Log to the console, so "docker logs" will show them |
349cbfea2596
docker (prosody): restored logs in /var/log + info logs to console
Goffi <goffi@goffi.org>
parents:
82
diff
changeset
|
134 } |
79
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
135 |
78 | 136 VirtualHost (domain) |
137 privileged_entities = { | |
138 ["pubsub."..domain] = { | |
139 roster = "get"; | |
79
694fd34ff0b3
docker (prosody): added some comments to prosody.cfg.lua
Goffi <goffi@goffi.org>
parents:
78
diff
changeset
|
140 message = "outgoing"; |
78 | 141 }, |
142 } | |
143 | |
144 delegations = { | |
145 ["urn:xmpp:mam:1"] = { | |
146 filtering = {"node"}; | |
147 jid = "pubsub."..domain; | |
148 }, | |
149 ["http://jabber.org/protocol/pubsub"] = { | |
150 jid = "pubsub."..domain; | |
151 }, | |
152 } | |
153 | |
154 ------ Components ------ | |
155 | |
156 ---Set up a MUC (multi-user chat) room server on conference.example.com: | |
157 Component ("chat."..domain) "muc" | |
158 | |
159 -- Set up a SOCKS5 bytestream proxy for server-proxied file transfers: | |
160 Component ("proxy."..domain) "proxy65" | |
161 | |
162 -- 50 MiB limit for upload | |
82
5824dee4ea2b
docker (prosody): fixed htt_upload domain + removed bad copy/paste lines
Goffi <goffi@goffi.org>
parents:
81
diff
changeset
|
163 Component ("upload."..domain) "http_upload" |
78 | 164 http_upload_file_size_limit = 50 * 1024 * 1024 |
165 | |
166 Component ("pubsub."..domain) | |
167 component_secret = os.getenv("SAT_PUBSUB_SECRET") | |
168 modules_enabled = {"privilege", "delegation"} | |
169 | |
170 Component ("salut."..domain) | |
171 component_secret = os.getenv("SAT_SALUT_SECRET") | |
172 | |
173 ------ Additional config files ------ | |
174 -- For organizational purposes you may prefer to add VirtualHost and | |
175 -- Component definitions in their own config files. This line includes | |
176 -- all config files in /etc/prosody/conf.d/ | |
177 | |
178 -- conf.d is not used in this Docker image, | |
179 -- but if needed just uncomment the next line | |
180 -- Include "conf.d/*.cfg.lua" |