changeset 78:3e8ddbc6c603

docker (prosody): add prosody.cfg.lua
author Goffi <goffi@goffi.org>
date Wed, 10 Feb 2016 18:00:28 +0100
parents 7b848d093c3a
children 694fd34ff0b3
files docker/prosody/prosody.cfg.lua
diffstat 1 files changed, 174 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docker/prosody/prosody.cfg.lua	Wed Feb 10 18:00:28 2016 +0100
@@ -0,0 +1,174 @@
+-- Prosody configuration for SàT Docker image
+
+---------- Server-wide settings ----------
+
+local domain = os.getenv("DOMAIN") or "libervia.int"
+admins = { "admin@"..(domain) }
+
+-- Enable use of libevent for better performance under high load
+-- For more information see: http://prosody.im/doc/libevent
+--use_libevent = true;
+
+-- Documentation on modules can be found at: http://prosody.im/doc/modules
+modules_enabled = {
+        -- used by SàT
+
+		-- SàT PubSub
+				"delegation";
+				"privilege";
+
+		-- Not mandatory but neat
+				"ipcheck";
+				"http_upload";
+
+        -- Generally required
+                "roster"; -- Allow users to have a roster. Recommended ;)
+                "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
+                "tls"; -- Add support for secure TLS on c2s/s2s connections
+                "dialback"; -- s2s dialback support
+                "disco"; -- Service discovery
+
+        -- Not essential, but recommended
+                "private"; -- Private XML storage (for room bookmarks, etc.)
+                "vcard"; -- Allow users to set vCards
+
+        -- These are commented by default as they have a performance impact
+                --"privacy"; -- Support privacy lists
+                --"compression"; -- Stream compression (Debian: requires lua-zlib module to work)
+
+        -- Nice to have
+                "version"; -- Replies to server version requests
+                "uptime"; -- Report how long server has been running
+                "time"; -- Let others know the time here on this server
+                "ping"; -- Replies to XMPP pings with pongs
+                -- "pep"; -- Enables users to publish their mood, activity, playing music and more
+                --"register"; -- Allow users to register on this server using a client and change passwords
+
+        -- Admin interfaces
+                "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
+                --"admin_telnet"; -- Opens telnet console interface on localhost port 5582
+
+        -- HTTP modules
+                --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
+                --"http_files"; -- Serve static files from a directory over HTTP
+
+        -- Other specific functionality
+                "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
+                --"groups"; -- Shared roster support
+                "announce"; -- Send announcement to all online users
+                --"welcome"; -- Welcome users who register accounts
+                --"watchregistrations"; -- Alert admins of registrations
+                --"motd"; -- Send a message to users when they log in
+                --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
+};
+
+-- to disable them then uncomment them here:
+modules_disabled = {
+        -- "offline"; -- Store offline messages
+        -- "c2s"; -- Handle client connections
+        -- "s2s"; -- Handle server-to-server connections
+};
+
+-- Disable account creation by default, for security
+-- For more information see http://prosody.im/doc/creating_accounts
+allow_registration = false;
+
+-- We keep foreground for Docker
+daemonize = false;
+
+-- Debian:
+--   Please, don't change this option since /var/run/prosody/
+--   is one of the few directories Prosody is allowed to write to
+--
+pidfile = "/var/run/prosody/prosody.pid";
+
+-- These are the SSL/TLS-related settings. If you don't want
+-- to use SSL/TLS, you may comment or remove this
+ssl = {
+        key = "/usr/share/sat/libervia.key";
+        certificate = "/usr/share/sat/libervia.crt";
+}
+
+c2s_require_encryption = true
+
+-- Force certificate authentication for server-to-server connections?
+-- This provides ideal security, but requires servers you communicate
+-- with to support encryption AND present valid, trusted certificates.
+-- NOTE: Your version of LuaSec must support certificate verification!
+-- For more information see http://prosody.im/doc/s2s#security
+
+s2s_secure_auth = false
+
+-- Many servers don't support encryption or have invalid or self-signed
+-- certificates. You can list domains here that will not be required to
+-- authenticate using certificates. They will be authenticated using DNS.
+
+--s2s_insecure_domains = { "gmail.com" }
+
+-- Even if you leave s2s_secure_auth disabled, you can still require valid
+-- certificates for some domains by specifying a list here.
+
+--s2s_secure_domains = { "jabber.org" }
+
+-- Select the authentication backend to use. The 'internal' providers
+-- use Prosody's configured data storage to store the authentication data.
+-- To allow Prosody to offer secure authentication mechanisms to clients, the
+-- default provider stores passwords in plaintext. If you do not trust your
+-- server please see http://prosody.im/doc/modules/mod_auth_internal_hashed
+-- for information about using the hashed backend.
+
+authentication = "internal_plain"
+
+component_interface="0.0.0.0"
+
+VirtualHost (domain)
+	privileged_entities = {
+		["pubsub."..domain] = {
+			roster = "get";
+            message = "outgoing";
+			-- presence = "roster";
+		},
+		-- ["louise@necton3.int"] = {
+		-- 	roster = "both";
+		--     message = "outgoing";
+		--     presence = "roster";
+		-- },
+	}
+
+	delegations = {
+		["urn:xmpp:mam:1"] = {
+			filtering = {"node"};
+			jid = "pubsub."..domain;
+		},
+		["http://jabber.org/protocol/pubsub"] = {
+			jid = "pubsub."..domain;
+		},
+	}
+
+------ Components ------
+
+---Set up a MUC (multi-user chat) room server on conference.example.com:
+Component ("chat."..domain) "muc"
+
+-- Set up a SOCKS5 bytestream proxy for server-proxied file transfers:
+Component ("proxy."..domain) "proxy65"
+
+-- 50 MiB limit for upload
+Component "upload.necton3.int" "http_upload"
+	http_upload_file_size_limit = 50 * 1024 * 1024
+
+Component ("pubsub."..domain)
+	component_secret = os.getenv("SAT_PUBSUB_SECRET")
+	modules_enabled = {"privilege", "delegation"}
+
+Component ("salut."..domain)
+	component_secret = os.getenv("SAT_SALUT_SECRET")
+
+------ Additional config files ------
+-- For organizational purposes you may prefer to add VirtualHost and
+-- Component definitions in their own config files. This line includes
+-- all config files in /etc/prosody/conf.d/
+
+-- conf.d is not used in this Docker image,
+-- but if needed just uncomment the next line
+-- Include "conf.d/*.cfg.lua"