Better match with latest developpement (#24)
A few things that needed to be fixed (errors that you can see with `prosodyctl check` on prod) + better match with `prosody.cfg.lua.dist` example from trunk Co-authored-by: meaz <meaz@disroot.org> Co-authored-by: muppeth <muppeth@disroot.org> Reviewed-on: #24 Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
This commit is contained in:
parent
f0f9851a08
commit
848f5e474e
|
@ -8,7 +8,7 @@
|
||||||
Vagrant.configure("2") do |config|
|
Vagrant.configure("2") do |config|
|
||||||
#config.ssh.insert_key = false
|
#config.ssh.insert_key = false
|
||||||
config.vm.define "prosody" do |prosody|
|
config.vm.define "prosody" do |prosody|
|
||||||
prosody.vm.box = "generic/debian10"
|
prosody.vm.box = "generic/debian11"
|
||||||
prosody.vm.provider :libvirt do |libvirt|
|
prosody.vm.provider :libvirt do |libvirt|
|
||||||
libvirt.memory = 256
|
libvirt.memory = 256
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
## BOSH
|
## BOSH
|
||||||
prosody_bosh_enabled: 'true' # used in configure.yml
|
prosody_bosh_enabled: 'true' # used in configure.yml
|
||||||
prosody_bosh_ports: '5281, 5280 '
|
|
||||||
prosody_bosh_max_inactivity: '60'
|
prosody_bosh_max_inactivity: '60'
|
||||||
prosody_bosh_secure: 'true'
|
prosody_bosh_secure: 'true'
|
||||||
prosody_bosh_cross_domain: 'true'
|
|
||||||
prosody_ssl_key: '/path/to/key'
|
prosody_ssl_key: '/path/to/key'
|
||||||
prosody_ssl_cert: '/path/to/cert'
|
prosody_ssl_cert: '/path/to/cert'
|
||||||
|
|
|
@ -2,10 +2,25 @@
|
||||||
prosody_http_file_share_enabled: 'true'
|
prosody_http_file_share_enabled: 'true'
|
||||||
|
|
||||||
prosody_http_file_share_component: 'upload.example.org'
|
prosody_http_file_share_component: 'upload.example.org'
|
||||||
prosody_http_file_share_size_limit: "10*1024*1024"
|
prosody_http_file_share_options:
|
||||||
prosody_http_file_share_daily_quota: "100*1024*1024 -- 100 MiB per day per user"
|
- name: 'http_file_share_size_limit'
|
||||||
prosody_http_file_share_global_quota: "1024*1024*1024 -- 1 GiB total"
|
value: '10*1024*1024'
|
||||||
prosody_http_file_share_expires_after: "7 * 86400 -- 1 week"
|
description: '10MB file upload limit'
|
||||||
prosody_http_file_share_allowed_file_types: "{} -- Access control"
|
- name: 'http_file_share_daily_quota'
|
||||||
prosody_http_file_share_safe_file_types: '{"image/*","video/*","audio/*","text/plain"} -- Safe to show in-line in e.g. browsers'
|
value: '100*1024*1024'
|
||||||
prosody_http_file_share_access: "{} -- Access control"
|
description: '100 MiB per day per user'
|
||||||
|
- name: 'http_file_share_global_quota'
|
||||||
|
value: '1024*1024*1024'
|
||||||
|
description: '1 GiB total'
|
||||||
|
- name: 'http_file_share_expires_after'
|
||||||
|
value: '7 * 86400'
|
||||||
|
description: '1 week'
|
||||||
|
- name: 'http_file_share_allowed_file_types'
|
||||||
|
value: '{}'
|
||||||
|
description: 'Access control'
|
||||||
|
- name: 'http_file_share_safe_file_types'
|
||||||
|
value: '{"image/*","video/*","audio/*","text/plain"}'
|
||||||
|
description: 'Safe to show in-line in e.g. browsers'
|
||||||
|
- name: 'http_file_share_access'
|
||||||
|
value: '{}'
|
||||||
|
description: 'Access control'
|
||||||
|
|
|
@ -8,13 +8,12 @@ prosody_contact_info: "'support@example.org'"
|
||||||
prosody_abuse_info: "'abuse@example.org'"
|
prosody_abuse_info: "'abuse@example.org'"
|
||||||
prosody_core_modules_path: "/usr/lib/prosody/modules/"
|
prosody_core_modules_path: "/usr/lib/prosody/modules/"
|
||||||
prosody_community_modules_path: "/usr/lib/prosody-modules"
|
prosody_community_modules_path: "/usr/lib/prosody-modules"
|
||||||
prosody_custom_script_path: '/etc/prosody/custom_scripts'
|
prosody_installer_plugin_path: '/etc/prosody/custom_scripts'
|
||||||
prosody_statistics: ''
|
prosody_statistics: ''
|
||||||
prosody_direct_tls_ports: 5223
|
prosody_direct_tls_ports: 5223
|
||||||
prosody_c2s_direct_tls_ports: 5223
|
prosody_c2s_direct_tls_ports: 5223
|
||||||
prosody_s2s_direct_tls_ports: 5269
|
prosody_s2s_direct_tls_ports: 5269
|
||||||
|
|
||||||
|
|
||||||
firewall_module_enabled: 'true'
|
firewall_module_enabled: 'true'
|
||||||
|
|
||||||
## Firewall: list here what you want to block
|
## Firewall: list here what you want to block
|
||||||
|
@ -42,6 +41,16 @@ prosody_storage: 'internal'
|
||||||
prosody_network_backend: "epoll"
|
prosody_network_backend: "epoll"
|
||||||
prosody_http_host: "example.org"
|
prosody_http_host: "example.org"
|
||||||
prosody_http_external_url: "https://example.org"
|
prosody_http_external_url: "https://example.org"
|
||||||
|
prosody_http_interfaces: '*'
|
||||||
|
prosody_http_ports: '5281, 5280 '
|
||||||
|
prosody_http_paths:
|
||||||
|
- name: 'files'
|
||||||
|
path: '/files/'
|
||||||
|
- name: 'bosh'
|
||||||
|
path: '/http-bind'
|
||||||
|
- name: 'file_share'
|
||||||
|
path: '/upload'
|
||||||
|
prosody_archive_expires_after: '1w'
|
||||||
|
|
||||||
#If using sql storage
|
#If using sql storage
|
||||||
prosody_sql_driver: 'SQLite3' # postgresql sqlite3 or mysql
|
prosody_sql_driver: 'SQLite3' # postgresql sqlite3 or mysql
|
||||||
|
|
|
@ -111,6 +111,10 @@ prosody_modules:
|
||||||
description: 'Allows administration via an XMPP client that supports ad-hoc commands'
|
description: 'Allows administration via an XMPP client that supports ad-hoc commands'
|
||||||
module_enabled: 'true'
|
module_enabled: 'true'
|
||||||
|
|
||||||
|
- name: 'admin_shell'
|
||||||
|
description: 'Allows administration via command shell'
|
||||||
|
module_enabled: 'true'
|
||||||
|
|
||||||
- name: 'bosh'
|
- name: 'bosh'
|
||||||
description: 'Enable BOSH clients'
|
description: 'Enable BOSH clients'
|
||||||
module_enabled: 'true'
|
module_enabled: 'true'
|
||||||
|
@ -120,7 +124,6 @@ prosody_modules:
|
||||||
module_enabled: 'true'
|
module_enabled: 'true'
|
||||||
extra_options:
|
extra_options:
|
||||||
- 'consider_websocket_secure = true'
|
- 'consider_websocket_secure = true'
|
||||||
- 'cross_domain_websocket = true'
|
|
||||||
|
|
||||||
- name: 'posix'
|
- name: 'posix'
|
||||||
description: 'POSIX functionality, sends server to background, enables syslog, etc.'
|
description: 'POSIX functionality, sends server to background, enables syslog, etc.'
|
||||||
|
@ -128,18 +131,7 @@ prosody_modules:
|
||||||
|
|
||||||
- name: 'limits'
|
- name: 'limits'
|
||||||
description: 'Enable bandwidth limiting for XMPP connections.'
|
description: 'Enable bandwidth limiting for XMPP connections.'
|
||||||
module_enabled: 'false'
|
module_enabled: 'true'
|
||||||
extra_options:
|
|
||||||
- 'limits = {'
|
|
||||||
- 'c2s = {'
|
|
||||||
- 'rate = "10kb/s";'
|
|
||||||
- 'burst = "2s";'
|
|
||||||
- '};'
|
|
||||||
- 's2sin = {'
|
|
||||||
- 'rate = "30kb/s";'
|
|
||||||
- 'burst = "2s";'
|
|
||||||
- '};'
|
|
||||||
- '}'
|
|
||||||
|
|
||||||
- name: 'groups'
|
- name: 'groups'
|
||||||
description: 'Shared roster support.'
|
description: 'Shared roster support.'
|
||||||
|
@ -181,7 +173,6 @@ prosody_modules:
|
||||||
module_enabled: 'true'
|
module_enabled: 'true'
|
||||||
extra_options:
|
extra_options:
|
||||||
- 'max_archive_query_results = 50;'
|
- 'max_archive_query_results = 50;'
|
||||||
- 'archive_expires_after = "6m"; -- six months'
|
|
||||||
- 'default_archive_policy = true; -- default'
|
- 'default_archive_policy = true; -- default'
|
||||||
- 'archive_cleanup_interval = 3600*24 -- how often it checks if there are messages older than archive_expires_after. In seconds.'
|
- 'archive_cleanup_interval = 3600*24 -- how often it checks if there are messages older than archive_expires_after. In seconds.'
|
||||||
|
|
||||||
|
@ -239,20 +230,19 @@ prosody_modules:
|
||||||
- 'support = { "mailto:{{ prosody_contact_info }}", "xmpp:{{ prosody_contact_info }}" };'
|
- 'support = { "mailto:{{ prosody_contact_info }}", "xmpp:{{ prosody_contact_info }}" };'
|
||||||
- '};'
|
- '};'
|
||||||
|
|
||||||
- name: 'turncredentials'
|
- name: 'turn_external'
|
||||||
description: 'Setup turnserver for viop'
|
description: 'Audio/video call relay (STUN/TURN)'
|
||||||
module_enabled: 'false'
|
module_enabled: 'false'
|
||||||
extra_options:
|
extra_options:
|
||||||
- 'turncredentials_secret = mysecret'
|
- 'turn_external_host = mysecret'
|
||||||
- 'turncredentials_host = turn.example.com'
|
- 'turn_external_host = turn.example.com'
|
||||||
- 'turncredentials_port = 3478'
|
- 'turn_external_port = 3478'
|
||||||
- 'turncredentials_ttl = 86400;'
|
|
||||||
|
|
||||||
- name: 'firewall'
|
- name: 'firewall'
|
||||||
description: 'Can efficiently block, bounce, drop, forward, copy, redirect stanzas and more.'
|
description: 'Can efficiently block, bounce, drop, forward, copy, redirect stanzas and more.'
|
||||||
module_enabled: '{{ firewall_module_enabled }}'
|
module_enabled: '{{ firewall_module_enabled }}'
|
||||||
extra_options:
|
extra_options:
|
||||||
- 'firewall_scripts = { "{{ prosody_community_modules_path }}/mod_firewall/scripts/spam-blocking.pfw", "{{ prosody_custom_script_path }}/servers_blocklist.pfw", "{{ prosody_custom_script_path }}/users_blocklist.pfw", "{{ prosody_custom_script_path }}/invite_from_muc.pfw" }'
|
- 'firewall_scripts = { "{{ prosody_community_modules_path }}/mod_firewall/scripts/spam-blocking.pfw", "{{ prosody_installer_plugin_path }}/servers_blocklist.pfw", "{{ prosody_installer_plugin_path }}/users_blocklist.pfw", "{{ prosody_installer_plugin_path }}/invite_from_muc.pfw" }'
|
||||||
# spam-blocking.pfw is the default Prosody one, needed by the two following
|
# spam-blocking.pfw is the default Prosody one, needed by the two following
|
||||||
|
|
||||||
- name: 'http_altconnect'
|
- name: 'http_altconnect'
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
- name: '[Firewall] - Make sure that script directory exists'
|
- name: '[Firewall] - Make sure that script directory exists'
|
||||||
file:
|
file:
|
||||||
path: "{{ prosody_custom_script_path }}"
|
path: "{{ prosody_installer_plugin_path }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: root
|
owner: root
|
||||||
group: prosody
|
group: prosody
|
||||||
|
@ -11,7 +11,7 @@
|
||||||
- name: '[Firewall] - Deploy Firewall scripts'
|
- name: '[Firewall] - Deploy Firewall scripts'
|
||||||
template:
|
template:
|
||||||
src: "etc/prosody/custom_scripts/{{ item }}.j2"
|
src: "etc/prosody/custom_scripts/{{ item }}.j2"
|
||||||
dest: "{{ prosody_custom_script_path }}/{{ item }}"
|
dest: "{{ prosody_installer_plugin_path }}/{{ item }}"
|
||||||
owner: root
|
owner: root
|
||||||
group: prosody
|
group: prosody
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
@ -24,7 +24,7 @@
|
||||||
- name: '[Firewall] - Deploy Firewall lists'
|
- name: '[Firewall] - Deploy Firewall lists'
|
||||||
template:
|
template:
|
||||||
src: "etc/prosody/custom_scripts/{{ item }}.j2"
|
src: "etc/prosody/custom_scripts/{{ item }}.j2"
|
||||||
dest: "{{ prosody_custom_script_path }}/{{ item }}"
|
dest: "{{ prosody_installer_plugin_path }}/{{ item }}"
|
||||||
owner: root
|
owner: root
|
||||||
group: prosody
|
group: prosody
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
|
|
@ -1,10 +1,8 @@
|
||||||
-- {{ ansible_managed }}
|
-- {{ ansible_managed }}
|
||||||
|
|
||||||
--BOSH setting
|
--BOSH setting
|
||||||
bosh_ports = { {{ prosody_bosh_ports }} }
|
|
||||||
bosh_max_inactivity = {{ prosody_bosh_max_inactivity }}
|
bosh_max_inactivity = {{ prosody_bosh_max_inactivity }}
|
||||||
consider_bosh_secure = {{ prosody_bosh_secure }} -- Use if proxying HTTPS->HTTP on the server side
|
consider_bosh_secure = {{ prosody_bosh_secure }} -- Use if proxying HTTPS->HTTP on the server side
|
||||||
cross_domain_bosh = {{ prosody_bosh_cross_domain }} -- Allow access from scripts on any site with no proxy (requires a modern browser)
|
|
||||||
|
|
||||||
ssl = {
|
ssl = {
|
||||||
key = "{{ prosody_ssl_key }}";
|
key = "{{ prosody_ssl_key }}";
|
||||||
|
|
|
@ -1,5 +1,10 @@
|
||||||
-- {{ ansible_managed }}
|
-- {{ ansible_managed }}
|
||||||
|
|
||||||
|
------ Components ------
|
||||||
|
-- You can specify components to add hosts that provide special services,
|
||||||
|
-- like multi-user conferences, and transports.
|
||||||
|
-- For more information on components, see https://prosody.im/doc/components
|
||||||
|
|
||||||
Component "{{ item.name }}"
|
Component "{{ item.name }}"
|
||||||
component_secret = "{{ item.secret }}"
|
component_secret = "{{ item.secret }}"
|
||||||
|
|
||||||
|
|
|
@ -3,10 +3,6 @@
|
||||||
-- Component config for http_file_share
|
-- Component config for http_file_share
|
||||||
Component "{{ prosody_http_file_share_component }}" "http_file_share"
|
Component "{{ prosody_http_file_share_component }}" "http_file_share"
|
||||||
|
|
||||||
http_file_share_size_limit = {{ prosody_http_file_share_size_limit }}
|
{% for item in prosody_http_file_share_options %}
|
||||||
http_file_share_daily_quota = {{ prosody_http_file_share_daily_quota }}
|
{{ item.name }} = {{ item.value }} -- {{ item.description }}
|
||||||
http_file_share_global_quota = {{ prosody_http_file_share_global_quota }}
|
{% endfor %}
|
||||||
http_file_share_expires_after = {{ prosody_http_file_share_expires_after }}
|
|
||||||
http_file_share_allowed_file_types = {{ prosody_http_file_share_allowed_file_types }}
|
|
||||||
http_file_share_safe_file_types = {{ prosody_http_file_share_safe_file_types }}
|
|
||||||
http_file_share_access = {{ prosody_http_file_share_access }}
|
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
# rules will be checked against the blocklist.txt file
|
# rules will be checked against the blocklist.txt file
|
||||||
# Check mod_firewall/scripts/spam-blocking.pfw
|
# Check mod_firewall/scripts/spam-blocking.pfw
|
||||||
|
|
||||||
%LIST blocklist: file:{{ prosody_custom_script_path }}/servers_blocklist.txt
|
%LIST blocklist: file:{{ prosody_installer_plugin_path }}/servers_blocklist.txt
|
||||||
|
|
||||||
::user/spam_handle_unknown_custom
|
::user/spam_handle_unknown_custom
|
||||||
|
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
# rules will be checked against the blocklist.txt file
|
# rules will be checked against the blocklist.txt file
|
||||||
# Check mod_firewall/scripts/spam-blocking.pfw
|
# Check mod_firewall/scripts/spam-blocking.pfw
|
||||||
|
|
||||||
%LIST blocklist: file:{{ prosody_custom_script_path }}/users_blocklist.txt
|
%LIST blocklist: file:{{ prosody_installer_plugin_path }}/users_blocklist.txt
|
||||||
|
|
||||||
::user/spam_handle_unknown_custom
|
::user/spam_handle_unknown_custom
|
||||||
|
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
-- Prosody Example Configuration File
|
-- Prosody Example Configuration File
|
||||||
--
|
--
|
||||||
-- Information on configuring Prosody can be found on our
|
-- Information on configuring Prosody can be found on our
|
||||||
-- website at http://prosody.im/doc/configure
|
-- website at https://prosody.im/doc/configure
|
||||||
--
|
--
|
||||||
-- Tip: You can check that the syntax of this file is correct
|
-- Tip: You can check that the syntax of this file is correct
|
||||||
-- when you have finished by running this command:
|
-- when you have finished by running this command:
|
||||||
|
@ -21,7 +21,7 @@
|
||||||
|
|
||||||
-- This is a (by default, empty) list of accounts that are admins
|
-- This is a (by default, empty) list of accounts that are admins
|
||||||
-- for the server. Note that you must create the accounts separately
|
-- for the server. Note that you must create the accounts separately
|
||||||
-- (see http://prosody.im/doc/creating_accounts for info)
|
-- (see https://prosody.im/doc/creating_accounts for info)
|
||||||
-- Example: admins = { "user1@example.com", "user2@example.net" }
|
-- Example: admins = { "user1@example.com", "user2@example.net" }
|
||||||
admins = { {{ prosody_admins }} }
|
admins = { {{ prosody_admins }} }
|
||||||
|
|
||||||
|
@ -35,24 +35,34 @@ contact_info = { {{ prosody_contact_info }} }
|
||||||
|
|
||||||
http_host = "{{ prosody_http_host }}"
|
http_host = "{{ prosody_http_host }}"
|
||||||
http_external_url = "{{ prosody_http_external_url }}"
|
http_external_url = "{{ prosody_http_external_url }}"
|
||||||
|
http_ports = "{{ prosody_http_ports }}"
|
||||||
|
http_interfaces = { "{{ prosody_http_interfaces }}" }
|
||||||
|
http_paths = {
|
||||||
|
{% for item in prosody_http_paths %}
|
||||||
|
{{ item.name }} = "{{ item.path }}";
|
||||||
|
{% endfor %}
|
||||||
|
}
|
||||||
|
|
||||||
|
-- See https://prosody.im/doc/configure
|
||||||
c2s_direct_tls_ports = { {{ prosody_c2s_direct_tls_ports }} }
|
c2s_direct_tls_ports = { {{ prosody_c2s_direct_tls_ports }} }
|
||||||
s2s_direct_tls_ports = { {{ prosody_s2s_direct_tls_ports }} }
|
s2s_direct_tls_ports = { {{ prosody_s2s_direct_tls_ports }} }
|
||||||
|
|
||||||
-- Enable use of libevent for better performance under high load
|
-- Enable use of libevent for better performance under high load
|
||||||
-- For more information see: http://prosody.im/doc/libevent
|
-- For more information see: https://prosody.im/doc/libevent
|
||||||
network_backend = "{{ prosody_network_backend }}"
|
network_backend = "{{ prosody_network_backend }}"
|
||||||
|
|
||||||
-- Prosody will always look in its source directory for modules, but
|
-- These paths are searched in the order specified, and before the default path
|
||||||
-- this option allows you to specify additional locations where Prosody
|
|
||||||
-- will look for modules first. For community modules, see https://modules.prosody.im/
|
|
||||||
plugin_paths = { "{{ prosody_core_modules_path }}","{{ prosody_community_modules_path }}" }
|
plugin_paths = { "{{ prosody_core_modules_path }}","{{ prosody_community_modules_path }}" }
|
||||||
|
|
||||||
-- Single directory for custom prosody plugins and/or Lua libraries installation
|
-- Prosody Plugin Installer
|
||||||
-- This path takes priority over plugin_paths, when prosody is searching for modules
|
-- CHeck https://prosody.im/doc/plugin_installer
|
||||||
installer_plugin_path = "{{ prosody_custom_script_path }}"
|
-- By default plugins are installed into a directory custom_plugins under the data path. It can be customized by setting
|
||||||
|
plugin_server = "https://modules.prosody.im/rocks/"
|
||||||
|
installer_plugin_path = "{{ prosody_installer_plugin_path }}"
|
||||||
|
-- This path MUST be readable by the user Prosody runs as, and should be writable for prosodyctl install to work.
|
||||||
|
-- The installer path does not need to be added to plugin_paths.
|
||||||
|
|
||||||
-- This is the list of modules Prosody will load on startup.
|
-- This is the list of modules Prosody will load on startup.
|
||||||
-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
|
|
||||||
-- Documentation for bundled modules can be found at: https://prosody.im/doc/modules
|
-- Documentation for bundled modules can be found at: https://prosody.im/doc/modules
|
||||||
modules_enabled = {
|
modules_enabled = {
|
||||||
|
|
||||||
|
@ -61,7 +71,7 @@ modules_enabled = {
|
||||||
"{{ item.name }}"; -- {{ item.description }}
|
"{{ item.name }}"; -- {{ item.description }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
};
|
}
|
||||||
|
|
||||||
-- These modules are auto-loaded, but should you want
|
-- These modules are auto-loaded, but should you want
|
||||||
-- to disable them then uncomment them here:
|
-- to disable them then uncomment them here:
|
||||||
|
@ -75,9 +85,22 @@ modules_disabled = {
|
||||||
};
|
};
|
||||||
|
|
||||||
-- Disable account creation by default, for security
|
-- Disable account creation by default, for security
|
||||||
-- For more information see http://prosody.im/doc/creating_accounts
|
-- For more information see https://prosody.im/doc/creating_accounts
|
||||||
allow_registration = {{ prosody_allow_registration }};
|
allow_registration = {{ prosody_allow_registration }};
|
||||||
|
|
||||||
|
-- Rate limits
|
||||||
|
-- Enable rate limits for incoming client and server connections. These help
|
||||||
|
-- protect from excessive resource consumption and denial-of-service attacks.
|
||||||
|
|
||||||
|
limits = {
|
||||||
|
c2s = {
|
||||||
|
rate = "10kb/s";
|
||||||
|
};
|
||||||
|
s2sin = {
|
||||||
|
rate = "30kb/s";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
-- Debian:
|
-- Debian:
|
||||||
-- Please, don't change this option since /var/run/prosody/
|
-- Please, don't change this option since /var/run/prosody/
|
||||||
-- is one of the few directories Prosody is allowed to write to
|
-- is one of the few directories Prosody is allowed to write to
|
||||||
|
@ -89,6 +112,7 @@ pidfile = "/var/run/prosody/prosody.pid";
|
||||||
|
|
||||||
c2s_require_encryption = {{ prosody_c2s_encryption }}
|
c2s_require_encryption = {{ prosody_c2s_encryption }}
|
||||||
|
|
||||||
|
-- See https://prosody.im/doc/modules/mod_c2s
|
||||||
c2s_stanza_size_limit = {{ prosody_c2s_stanza_size_limit }} -- 256 * 1024 -- 256kb
|
c2s_stanza_size_limit = {{ prosody_c2s_stanza_size_limit }} -- 256 * 1024 -- 256kb
|
||||||
|
|
||||||
-- Force servers to use encrypted connections? This option will
|
-- Force servers to use encrypted connections? This option will
|
||||||
|
@ -96,33 +120,35 @@ c2s_stanza_size_limit = {{ prosody_c2s_stanza_size_limit }} -- 256 * 1024 -- 256
|
||||||
|
|
||||||
s2s_require_encryption = {{ prosody_s2s_encryption }}
|
s2s_require_encryption = {{ prosody_s2s_encryption }}
|
||||||
|
|
||||||
-- Force certificate authentication for server-to-server connections?
|
-- Server-to-server authentication
|
||||||
|
-- Require valid certificates for server-to-server connections?
|
||||||
|
-- If false, other methods such as dialback (DNS) may be used instead.
|
||||||
|
|
||||||
s2s_secure_auth = {{ prosody_s2s_auth }}
|
s2s_secure_auth = {{ prosody_s2s_auth }}
|
||||||
|
|
||||||
-- Some servers have invalid or self-signed certificates. You can list
|
-- Some servers have invalid or self-signed certificates. You can list
|
||||||
-- remote domains here that will not be required to authenticate using
|
-- remote domains here that will not be required to authenticate using
|
||||||
-- certificates. They will be authenticated using DNS instead, even
|
-- certificates. They will be authenticated using other methods instead,
|
||||||
-- when s2s_secure_auth is enabled.
|
-- even when s2s_secure_auth is enabled.
|
||||||
{% if prosody_insecure_domains is defined %}
|
{% if prosody_insecure_domains is defined %}
|
||||||
s2s_insecure_domains = { "{{ prosody_insecure_domains }}" }
|
s2s_insecure_domains = { "{{ prosody_insecure_domains }}" }
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
-- Even if you leave s2s_secure_auth disabled, you can still require valid
|
-- Even if you disable s2s_secure_auth, you can still require valid
|
||||||
-- certificates for some domains by specifying a list here.
|
-- certificates for some domains by specifying a list here.
|
||||||
|
|
||||||
--s2s_secure_domains = { "{{ prosody_secure_domains }}" }
|
--s2s_secure_domains = { "{{ prosody_secure_domains }}" }
|
||||||
|
|
||||||
|
-- See https://prosody.im/doc/s2s
|
||||||
s2s_stanza_size_limit = {{ prosody_s2s_stanza_size_limit }} -- 512 * 1000 -- 512kb
|
s2s_stanza_size_limit = {{ prosody_s2s_stanza_size_limit }} -- 512 * 1000 -- 512kb
|
||||||
|
|
||||||
|
-- Storage
|
||||||
-- Select the storage backend to use. By default Prosody uses flat files
|
-- Select the storage backend to use. By default Prosody uses flat files
|
||||||
-- in its configured data directory, but it also supports more backends
|
-- in its configured data directory, but it also supports more backends
|
||||||
-- through modules. An "sql" backend is included by default, but requires
|
-- through modules. An "sql" backend is included by default, but requires
|
||||||
-- additional dependencies. See http://prosody.im/doc/storage for more info.
|
-- additional dependencies. See https://prosody.im/doc/storage for more info.
|
||||||
|
|
||||||
--storage = "sql" -- Default is "internal" (Debian: "sql" requires one of the
|
--storage = "sql" -- Default is "internal"
|
||||||
-- lua-dbi-sqlite3, lua-dbi-mysql or lua-dbi-postgresql packages to work)
|
|
||||||
|
|
||||||
storage = "{{ prosody_storage }}"
|
storage = "{{ prosody_storage }}"
|
||||||
{% if prosody_storage == 'sql' %}
|
{% if prosody_storage == 'sql' %}
|
||||||
|
@ -138,13 +164,21 @@ sql = { driver = "{{ prosody_sql_driver }}", database = "{{ prosody_sql_database
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
-- Archiving configuration
|
||||||
|
-- If mod_mam is enabled, Prosody will store a copy of every message. This
|
||||||
|
-- is used to synchronize conversations between multiple clients, even if
|
||||||
|
-- they are offline. This setting controls how long Prosody will keep
|
||||||
|
-- messages in the archive before removing them.
|
||||||
|
|
||||||
|
archive_expires_after = "{{ prosody_archive_expires_after }}" -- Remove archived messages after X weeks or months
|
||||||
|
|
||||||
-- You can also configure messages to be stored in-memory only. For more
|
-- You can also configure messages to be stored in-memory only. For more
|
||||||
-- archiving options, see https://prosody.im/doc/modules/mod_mam
|
-- archiving options, see https://prosody.im/doc/modules/mod_mam
|
||||||
|
|
||||||
-- Logging configuration
|
-- Logging configuration
|
||||||
-- For advanced logging see http://prosody.im/doc/logging
|
-- For advanced logging see https://prosody.im/doc/logging
|
||||||
log = {
|
log = {
|
||||||
-- Log files (change 'info' to 'debug' for debug logs):
|
-- Log files:
|
||||||
{{ prosody_loglevel }} = "{{ prosody_log_path }}"; -- Change 'info' to 'debug' for verbose logging
|
{{ prosody_loglevel }} = "{{ prosody_log_path }}"; -- Change 'info' to 'debug' for verbose logging
|
||||||
error = "{{ prosody_err_log }}";
|
error = "{{ prosody_err_log }}";
|
||||||
-- "*syslog"; -- Uncomment this for logging to syslog
|
-- "*syslog"; -- Uncomment this for logging to syslog
|
||||||
|
@ -169,9 +203,6 @@ statistics = "{{ prosody_statistics }}"
|
||||||
-- Location of directory to find certificates in (relative to main config file):
|
-- Location of directory to find certificates in (relative to main config file):
|
||||||
certificates = "{{ prosody_certificates }}"
|
certificates = "{{ prosody_certificates }}"
|
||||||
|
|
||||||
-- HTTPS currently only supports a single certificate, specify it here:
|
|
||||||
--https_certificate = "certs/localhost.crt"
|
|
||||||
|
|
||||||
{% if prosody_component_interface is defined %}
|
{% if prosody_component_interface is defined %}
|
||||||
{% for item in prosody_component_interface %}
|
{% for item in prosody_component_interface %}
|
||||||
-- Prosody external component ports
|
-- Prosody external component ports
|
||||||
|
|
Loading…
Reference in New Issue