-- a custom prosody 0.10 config focused on high security and ease of use across (mobile) clients -- provided to you by the homebrewserver.club -- the original config file (prosody.cfg.lua.original) will have more information plugin_paths = { "/usr/src/prosody-modules" } -- non-standard plugin path so we can keep them up to date with mercurial modules_enabled = { "roster"; -- Allow users to have a roster. Recommended ;) "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. "tls"; -- Add support for secure TLS on c2s/s2s connections "dialback"; -- s2s dialback support "disco"; -- Service discovery "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. "private"; -- Private XML storage (for room bookmarks, etc.) "vcard"; -- Allow users to set vCards "version"; -- Replies to server version requests "uptime"; -- Report how long server has been running "time"; -- Let others know the time here on this server "ping"; -- Replies to XMPP pings with pongs "register"; --Allows clients to register an account on your server "pep"; -- Enables users to publish their mood, activity, playing music and more "carbons"; -- XEP-0280: Message Carbons, synchronize messages accross devices "smacks"; -- XEP-0198: Stream Management, keep chatting even when the network drops for a few seconds "mam"; -- XEP-0313: Message Archive Management, allows to retrieve chat history from server "csi"; -- XEP-0352: Client State Indication "http"; -- mod_http needed for XEP-363 "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands "blocklist"; -- XEP-0191 blocking of users --"cloud_notify"; -- Support for XEP-0357 Push Notifications for compatibility with ChatSecure/iOS. -- iOS typically end the connection when an app runs in the background and requires use of Apple's Push servers to wake up and receive a message. Enabling this module allows your server to do that for your contacts on iOS. -- However we leave it commented out as it is another example of vertically integrated cloud platforms at odds with federation, with all the meta-data-based surveillance consequences that that might have. "omemo_all_access"; -- Allow for OMEMO E2E between contacts that haven't added each other "pep_vcard_avatar"; -- use XEP-0153: vCard-Based Avatars to see the avatars of clients that use XEP-0084: User Avatar and vice versa. }; allow_registration = false; -- Enable to allow people to register accounts on your server from their clients, for more information see http://prosody.im/doc/creating_accounts -- These are the SSL/TLS-related settings. ssl = { certificate = "/etc/prosody/certs/fullchain.pem"; key = "/etc/prosody/certs/privkey.pem"; } c2s_require_encryption = true -- Force clients to use encrypted connections -- Force certificate authentication for server-to-server connections? -- This provides ideal security, but requires servers you communicate -- with to support encryption AND present valid, trusted certificates. -- NOTE: Your version of LuaSec must support certificate verification! -- For more information see http://prosody.im/doc/s2s#security s2s_secure_auth = false pidfile = "/var/run/prosody/prosody.pid" authentication = "internal_hashed" storage = "sql" -- Make sure to change the password sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "userPassword", host = "localhost" } log = { info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging error = "/var/log/prosody/prosody.err"; "*syslog"; } VirtualHost "placeholderdomain.org" -- Enable http_upload to allow image sharing across multiple devices and clients Component "dump.placeholderdomain.org" "http_upload" ---Set up a MUC (multi-user chat) room server on conference.example.com: Component "muc.placeholderdomain.org" "muc"