comparison docker/prosody/prosody.cfg.lua @ 78:3e8ddbc6c603

docker (prosody): add prosody.cfg.lua
author Goffi <goffi@goffi.org>
date Wed, 10 Feb 2016 18:00:28 +0100
parents
children 694fd34ff0b3
comparison
equal deleted inserted replaced
77:7b848d093c3a 78:3e8ddbc6c603
1 -- Prosody configuration for SàT Docker image
2
3 ---------- Server-wide settings ----------
4
5 local domain = os.getenv("DOMAIN") or "libervia.int"
6 admins = { "admin@"..(domain) }
7
8 -- Enable use of libevent for better performance under high load
9 -- For more information see: http://prosody.im/doc/libevent
10 --use_libevent = true;
11
12 -- Documentation on modules can be found at: http://prosody.im/doc/modules
13 modules_enabled = {
14 -- used by SàT
15
16 -- SàT PubSub
17 "delegation";
18 "privilege";
19
20 -- Not mandatory but neat
21 "ipcheck";
22 "http_upload";
23
24 -- Generally required
25 "roster"; -- Allow users to have a roster. Recommended ;)
26 "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
27 "tls"; -- Add support for secure TLS on c2s/s2s connections
28 "dialback"; -- s2s dialback support
29 "disco"; -- Service discovery
30
31 -- Not essential, but recommended
32 "private"; -- Private XML storage (for room bookmarks, etc.)
33 "vcard"; -- Allow users to set vCards
34
35 -- These are commented by default as they have a performance impact
36 --"privacy"; -- Support privacy lists
37 --"compression"; -- Stream compression (Debian: requires lua-zlib module to work)
38
39 -- Nice to have
40 "version"; -- Replies to server version requests
41 "uptime"; -- Report how long server has been running
42 "time"; -- Let others know the time here on this server
43 "ping"; -- Replies to XMPP pings with pongs
44 -- "pep"; -- Enables users to publish their mood, activity, playing music and more
45 --"register"; -- Allow users to register on this server using a client and change passwords
46
47 -- Admin interfaces
48 "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
49 --"admin_telnet"; -- Opens telnet console interface on localhost port 5582
50
51 -- HTTP modules
52 --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
53 --"http_files"; -- Serve static files from a directory over HTTP
54
55 -- Other specific functionality
56 "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
57 --"groups"; -- Shared roster support
58 "announce"; -- Send announcement to all online users
59 --"welcome"; -- Welcome users who register accounts
60 --"watchregistrations"; -- Alert admins of registrations
61 --"motd"; -- Send a message to users when they log in
62 --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
63 };
64
65 -- to disable them then uncomment them here:
66 modules_disabled = {
67 -- "offline"; -- Store offline messages
68 -- "c2s"; -- Handle client connections
69 -- "s2s"; -- Handle server-to-server connections
70 };
71
72 -- Disable account creation by default, for security
73 -- For more information see http://prosody.im/doc/creating_accounts
74 allow_registration = false;
75
76 -- We keep foreground for Docker
77 daemonize = false;
78
79 -- Debian:
80 -- Please, don't change this option since /var/run/prosody/
81 -- is one of the few directories Prosody is allowed to write to
82 --
83 pidfile = "/var/run/prosody/prosody.pid";
84
85 -- These are the SSL/TLS-related settings. If you don't want
86 -- to use SSL/TLS, you may comment or remove this
87 ssl = {
88 key = "/usr/share/sat/libervia.key";
89 certificate = "/usr/share/sat/libervia.crt";
90 }
91
92 c2s_require_encryption = true
93
94 -- Force certificate authentication for server-to-server connections?
95 -- This provides ideal security, but requires servers you communicate
96 -- with to support encryption AND present valid, trusted certificates.
97 -- NOTE: Your version of LuaSec must support certificate verification!
98 -- For more information see http://prosody.im/doc/s2s#security
99
100 s2s_secure_auth = false
101
102 -- Many servers don't support encryption or have invalid or self-signed
103 -- certificates. You can list domains here that will not be required to
104 -- authenticate using certificates. They will be authenticated using DNS.
105
106 --s2s_insecure_domains = { "gmail.com" }
107
108 -- Even if you leave s2s_secure_auth disabled, you can still require valid
109 -- certificates for some domains by specifying a list here.
110
111 --s2s_secure_domains = { "jabber.org" }
112
113 -- Select the authentication backend to use. The 'internal' providers
114 -- use Prosody's configured data storage to store the authentication data.
115 -- To allow Prosody to offer secure authentication mechanisms to clients, the
116 -- default provider stores passwords in plaintext. If you do not trust your
117 -- server please see http://prosody.im/doc/modules/mod_auth_internal_hashed
118 -- for information about using the hashed backend.
119
120 authentication = "internal_plain"
121
122 component_interface="0.0.0.0"
123
124 VirtualHost (domain)
125 privileged_entities = {
126 ["pubsub."..domain] = {
127 roster = "get";
128 message = "outgoing";
129 -- presence = "roster";
130 },
131 -- ["louise@necton3.int"] = {
132 -- roster = "both";
133 -- message = "outgoing";
134 -- presence = "roster";
135 -- },
136 }
137
138 delegations = {
139 ["urn:xmpp:mam:1"] = {
140 filtering = {"node"};
141 jid = "pubsub."..domain;
142 },
143 ["http://jabber.org/protocol/pubsub"] = {
144 jid = "pubsub."..domain;
145 },
146 }
147
148 ------ Components ------
149
150 ---Set up a MUC (multi-user chat) room server on conference.example.com:
151 Component ("chat."..domain) "muc"
152
153 -- Set up a SOCKS5 bytestream proxy for server-proxied file transfers:
154 Component ("proxy."..domain) "proxy65"
155
156 -- 50 MiB limit for upload
157 Component "upload.necton3.int" "http_upload"
158 http_upload_file_size_limit = 50 * 1024 * 1024
159
160 Component ("pubsub."..domain)
161 component_secret = os.getenv("SAT_PUBSUB_SECRET")
162 modules_enabled = {"privilege", "delegation"}
163
164 Component ("salut."..domain)
165 component_secret = os.getenv("SAT_SALUT_SECRET")
166
167 ------ Additional config files ------
168 -- For organizational purposes you may prefer to add VirtualHost and
169 -- Component definitions in their own config files. This line includes
170 -- all config files in /etc/prosody/conf.d/
171
172 -- conf.d is not used in this Docker image,
173 -- but if needed just uncomment the next line
174 -- Include "conf.d/*.cfg.lua"