rra
7 years ago
1 changed files with 76 additions and 0 deletions
@ -0,0 +1,76 @@ |
|||||
|
-- a custom prosody config focused on high security and ease of use across (mobile) clients |
||||
|
-- provided to you by the homebrewserver.club |
||||
|
-- the original config file (prosody.cfg.lua.original) will have more information |
||||
|
|
||||
|
plugin_paths = { "/usr/src/prosody-modules" } -- non-standard plugin path so we can keep them up to date with mercurial |
||||
|
|
||||
|
modules_enabled = { |
||||
|
"roster"; -- Allow users to have a roster. Recommended ;) |
||||
|
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. |
||||
|
"tls"; -- Add support for secure TLS on c2s/s2s connections |
||||
|
"dialback"; -- s2s dialback support |
||||
|
"disco"; -- Service discovery |
||||
|
"posix"; -- POSIX functionality, sends server to background, enables syslog, etc. |
||||
|
"private"; -- Private XML storage (for room bookmarks, etc.) |
||||
|
"vcard"; -- Allow users to set vCards |
||||
|
"compression"; -- Stream compression (requires the lua-zlib package installed) |
||||
|
"version"; -- Replies to server version requests |
||||
|
"uptime"; -- Report how long server has been running |
||||
|
"time"; -- Let others know the time here on this server |
||||
|
"ping"; -- Replies to XMPP pings with pongs |
||||
|
"register"; --Allows clients to register an account on your server |
||||
|
"pep"; -- Enables users to publish their mood, activity, playing music and more |
||||
|
"carbons"; -- XEP-0280: Message Carbons, synchronize messages accross devices |
||||
|
"smacks"; -- XEP-0198: Stream Management, keep chatting even when the network drops for a few seconds |
||||
|
"mam"; -- XEP-0313: Message Archive Management, allows to retrieve chat history from server |
||||
|
"csi"; -- XEP-0352: Client State Indication |
||||
|
"http"; -- mod_http needed for XEP-363 |
||||
|
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands |
||||
|
"blocking"; -- XEP-0198 blocking of users |
||||
|
--"cloud_notify"; -- Support for XEP-0357 Push Notifications for compatibility with ChatSecure/iOS. |
||||
|
-- iOS typically end the connection when an app runs in the background and requires use of Apple's Push servers to wake up and receive a message. Enabling this module allows your server to do that for your contacts on iOS. |
||||
|
-- However we leave it commented out as it is another example of vertically integrated cloud platforms at odds with federation, with all the meta-data-based surveillance consequences that that might have. |
||||
|
}; |
||||
|
|
||||
|
allow_registration = false; -- Enable to allow people to register accounts on your server from their clients, for more information see http://prosody.im/doc/creating_accounts |
||||
|
|
||||
|
-- These are the SSL/TLS-related settings. |
||||
|
ssl = { |
||||
|
certificate = "/etc/prosody/certs/fullchain.pem"; |
||||
|
key = "/etc/prosody/certs/privkey.pem"; |
||||
|
} |
||||
|
|
||||
|
c2s_require_encryption = true -- Force clients to use encrypted connections |
||||
|
|
||||
|
-- Force certificate authentication for server-to-server connections? |
||||
|
-- This provides ideal security, but requires servers you communicate |
||||
|
-- with to support encryption AND present valid, trusted certificates. |
||||
|
-- NOTE: Your version of LuaSec must support certificate verification! |
||||
|
-- For more information see http://prosody.im/doc/s2s#security |
||||
|
|
||||
|
s2s_secure_auth = false |
||||
|
|
||||
|
pidfile = "/var/run/prosody/prosody.pid" |
||||
|
|
||||
|
authentication = "internal_hashed" |
||||
|
|
||||
|
storage = "sql" |
||||
|
|
||||
|
-- Make sure to change the password |
||||
|
sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "userPassword", host = "localhost" } |
||||
|
|
||||
|
log = { |
||||
|
info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging |
||||
|
error = "/var/log/prosody/prosody.err"; |
||||
|
"*syslog"; |
||||
|
} |
||||
|
|
||||
|
VirtualHost "placeholderdomain.org" |
||||
|
|
||||
|
-- Enable http_upload to allow image sharing across multiple devices and clients |
||||
|
Component "dump.placeholderdomain.org" "http_upload" |
||||
|
|
||||
|
---Set up a MUC (multi-user chat) room server on conference.example.com: |
||||
|
Component "muc.placeholderdomain.org" "muc" |
||||
|
|
||||
|
compression_level = 9 |
||||
Loading…
Reference in new issue