Mercurial > sat_docs

view docker/prosody/prosody.cfg.lua @ 134:4549cf265131

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
flatpak: install D-Bus .service on each frontend: work around lack of dependency handling in Flatpak by installing D-Bus .service on each frontend. This works because all backend is included in the runtime, but we have to add backend permissions to all frontend, and set --own-name=org.salutatoi.SAT. Furthermore, if one frontend is removed, the symbolic link is removed and the backend will not be launched automatically anymore, even if other frontends are still there. The benefict of this method is that backend has not to be installed manually to use a frontend.
author Goffi <goffi@goffi.org>
date Sun, 15 Jul 2018 16:56:55 +0200
parents 349cbfea2596
children
line wrap: on
line source

-- Prosody configuration for SàT Docker image

---------- Server-wide settings ----------

-- we use environment variable to get the domain
local domain = os.getenv("DOMAIN") or "libervia.int"
-- default admin is admin@DOMAIN
admins = { "admin@"..(domain) }

-- Enable use of libevent for better performance under high load
-- For more information see: http://prosody.im/doc/libevent
--use_libevent = true;

-- Documentation on modules can be found at: http://prosody.im/doc/modules
modules_enabled = {
		-- used by SàT

		-- SàT PubSub
				"delegation";
				"privilege";

		-- Not mandatory but neat
				"ipcheck";
				"http_upload";

		-- Generally required
				"roster"; -- Allow users to have a roster. Recommended ;)
				"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
				"tls"; -- Add support for secure TLS on c2s/s2s connections
				"dialback"; -- s2s dialback support
				"disco"; -- Service discovery

		-- Not essential, but recommended
				"private"; -- Private XML storage (for room bookmarks, etc.)
				"vcard"; -- Allow users to set vCards

		-- These are commented by default as they have a performance impact
				--"privacy"; -- Support privacy lists
				--"compression"; -- Stream compression (Debian: requires lua-zlib module to work)

		-- Nice to have
				"version"; -- Replies to server version requests
				"uptime"; -- Report how long server has been running
				"time"; -- Let others know the time here on this server
				"ping"; -- Replies to XMPP pings with pongs
				-- "pep"; -- Enables users to publish their mood, activity, playing music and more
				-- we don't want to allow self registering, this is managed by a SàT plugin
				--"register"; -- Allow users to register on this server using a client and change passwords

		-- Admin interfaces
				"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
				--"admin_telnet"; -- Opens telnet console interface on localhost port 5582

		-- HTTP modules
				--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
				--"http_files"; -- Serve static files from a directory over HTTP

		-- Other specific functionality
				"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
				--"groups"; -- Shared roster support
				-- announce is usefull on a Libervia instance
				"announce"; -- Send announcement to all online users
				--"welcome"; -- Welcome users who register accounts
				--"watchregistrations"; -- Alert admins of registrations
				--"motd"; -- Send a message to users when they log in
				--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
};

-- to disable them then uncomment them here:
modules_disabled = {
		-- "offline"; -- Store offline messages
		-- "c2s"; -- Handle client connections
		-- "s2s"; -- Handle server-to-server connections
};

-- Disable account creation by default, for security
-- For more information see http://prosody.im/doc/creating_accounts
allow_registration = false;

-- We keep foreground for Docker
daemonize = false;

-- Debian:
--   Please, don't change this option since /var/run/prosody/
--   is one of the few directories Prosody is allowed to write to
--
pidfile = "/var/run/prosody/prosody.pid";

-- We want to use the certificat in /usr/share/sat
ssl = {
		key = "/usr/share/sat/certificates/libervia.key";
		certificate = "/usr/share/sat/certificates/libervia.crt";
}

c2s_require_encryption = true

-- Force certificate authentication for server-to-server connections?
-- This provides ideal security, but requires servers you communicate
-- with to support encryption AND present valid, trusted certificates.
-- NOTE: Your version of LuaSec must support certificate verification!
-- For more information see http://prosody.im/doc/s2s#security

s2s_secure_auth = false

-- Many servers don't support encryption or have invalid or self-signed
-- certificates. You can list domains here that will not be required to
-- authenticate using certificates. They will be authenticated using DNS.

--s2s_insecure_domains = { "gmail.com" }

-- Even if you leave s2s_secure_auth disabled, you can still require valid
-- certificates for some domains by specifying a list here.

--s2s_secure_domains = { "jabber.org" }

-- Select the authentication backend to use. The 'internal' providers
-- use Prosody's configured data storage to store the authentication data.
-- To allow Prosody to offer secure authentication mechanisms to clients, the
-- default provider stores passwords in plaintext. If you do not trust your
-- server please see http://prosody.im/doc/modules/mod_auth_internal_hashed
-- for information about using the hashed backend.

authentication = "internal_plain"

-- we listen to the world for components (but we do *NOT*
-- expose the port! It's just for linked containers)
component_interface="0.0.0.0"

log = {
	-- Log to files and console (change 'info' to 'debug' for debug logs):
	info = "/var/log/prosody/prosody.log";
	error = "/var/log/prosody/prosody.err";
	info = "*console"; -- Log to the console, so "docker logs" will show them
}

VirtualHost (domain)
	privileged_entities = {
		["pubsub."..domain] = {
			roster = "get";
			message = "outgoing";
		},
	}

	delegations = {
		["urn:xmpp:mam:1"] = {
			filtering = {"node"};
			jid = "pubsub."..domain;
		},
		["http://jabber.org/protocol/pubsub"] = {
			jid = "pubsub."..domain;
		},
	}

------ Components ------

---Set up a MUC (multi-user chat) room server on conference.example.com:
Component ("chat."..domain) "muc"

-- Set up a SOCKS5 bytestream proxy for server-proxied file transfers:
Component ("proxy."..domain) "proxy65"

-- 50 MiB limit for upload
Component ("upload."..domain) "http_upload"
	http_upload_file_size_limit = 50 * 1024 * 1024

Component ("pubsub."..domain)
	component_secret = os.getenv("SAT_PUBSUB_SECRET")
	modules_enabled = {"privilege", "delegation"}

Component ("salut."..domain)
	component_secret = os.getenv("SAT_SALUT_SECRET")

------ Additional config files ------
-- For organizational purposes you may prefer to add VirtualHost and
-- Component definitions in their own config files. This line includes
-- all config files in /etc/prosody/conf.d/

-- conf.d is not used in this Docker image,
-- but if needed just uncomment the next line
-- Include "conf.d/*.cfg.lua"