|
@@ -0,0 +1,175 @@
|
|
1
|
+-- Prosody XMPP Server Configuration
|
|
2
|
+--
|
|
3
|
+-- Information on configuring Prosody can be found on our
|
|
4
|
+-- website at http://prosody.im/doc/configure
|
|
5
|
+--
|
|
6
|
+-- Tip: You can check that the syntax of this file is correct
|
|
7
|
+-- when you have finished by running: luac -p prosody.cfg.lua
|
|
8
|
+-- If there are any errors, it will let you know what and where
|
|
9
|
+-- they are, otherwise it will keep quiet.
|
|
10
|
+--
|
|
11
|
+-- Good luck, and happy Jabbering!
|
|
12
|
+
|
|
13
|
+
|
|
14
|
+---------- Server-wide settings ----------
|
|
15
|
+-- Settings in this section apply to the whole server and are the default settings
|
|
16
|
+-- for any virtual hosts
|
|
17
|
+
|
|
18
|
+-- This is a (by default, empty) list of accounts that are admins
|
|
19
|
+-- for the server. Note that you must create the accounts separately
|
|
20
|
+-- (see http://prosody.im/doc/creating_accounts for info)
|
|
21
|
+-- Example: admins = { "user1@example.com", "user2@example.net" }
|
|
22
|
+admins = { "{{ prosody_admin }}" }
|
|
23
|
+
|
|
24
|
+-- Enable use of libevent for better performance under high load
|
|
25
|
+-- For more information see: http://prosody.im/doc/libevent
|
|
26
|
+--use_libevent = true;
|
|
27
|
+
|
|
28
|
+-- This is the list of modules Prosody will load on startup.
|
|
29
|
+-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
|
|
30
|
+-- Documentation on modules can be found at: http://prosody.im/doc/modules
|
|
31
|
+modules_enabled = {
|
|
32
|
+
|
|
33
|
+ -- Generally required
|
|
34
|
+ "roster"; -- Allow users to have a roster. Recommended ;)
|
|
35
|
+ "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
|
|
36
|
+ "tls"; -- Add support for secure TLS on c2s/s2s connections
|
|
37
|
+ "dialback"; -- s2s dialback support
|
|
38
|
+ "disco"; -- Service discovery
|
|
39
|
+ "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
|
|
40
|
+
|
|
41
|
+ -- Not essential, but recommended
|
|
42
|
+ "private"; -- Private XML storage (for room bookmarks, etc.)
|
|
43
|
+ "vcard"; -- Allow users to set vCards
|
|
44
|
+
|
|
45
|
+ -- These are commented by default as they have a performance impact
|
|
46
|
+ "privacy"; -- Support privacy lists
|
|
47
|
+ --"compression"; -- Stream compression (requires the lua-zlib package installed)
|
|
48
|
+
|
|
49
|
+ -- Nice to have
|
|
50
|
+ "version"; -- Replies to server version requests
|
|
51
|
+ "uptime"; -- Report how long server has been running
|
|
52
|
+ "time"; -- Let others know the time here on this server
|
|
53
|
+ "ping"; -- Replies to XMPP pings with pongs
|
|
54
|
+ -- "pep"; -- Enables users to publish their mood, activity, playing music and more
|
|
55
|
+ "register"; -- Allow users to register on this server using a client and change passwords
|
|
56
|
+
|
|
57
|
+ -- Admin interfaces
|
|
58
|
+ "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
|
|
59
|
+ --"admin_telnet"; -- Opens telnet console interface on localhost port 5582
|
|
60
|
+
|
|
61
|
+ -- HTTP modules
|
|
62
|
+ --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
|
|
63
|
+ --"http_files"; -- Serve static files from a directory over HTTP
|
|
64
|
+
|
|
65
|
+ -- Other specific functionality
|
|
66
|
+ --"groups"; -- Shared roster support
|
|
67
|
+ --"announce"; -- Send announcement to all online users
|
|
68
|
+ --"welcome"; -- Welcome users who register accounts
|
|
69
|
+ --"watchregistrations"; -- Alert admins of registrations
|
|
70
|
+ --"motd"; -- Send a message to users when they log in
|
|
71
|
+ --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
|
|
72
|
+};
|
|
73
|
+
|
|
74
|
+-- These modules are auto-loaded, but should you want
|
|
75
|
+-- to disable them then uncomment them here:
|
|
76
|
+modules_disabled = {
|
|
77
|
+ -- "offline"; -- Store offline messages
|
|
78
|
+ -- "c2s"; -- Handle client connections
|
|
79
|
+ -- "s2s"; -- Handle server-to-server connections
|
|
80
|
+};
|
|
81
|
+
|
|
82
|
+-- Disable account creation by default, for security
|
|
83
|
+-- For more information see http://prosody.im/doc/creating_accounts
|
|
84
|
+allow_registration = false;
|
|
85
|
+
|
|
86
|
+-- These are the SSL/TLS-related settings. If you don't want
|
|
87
|
+-- to use SSL/TLS, you may comment or remove this
|
|
88
|
+ssl = {
|
|
89
|
+ key = "/etc/ssl/private/wildcard_private_prosody.key";
|
|
90
|
+ certificate = "/etc/ssl/certs/wildcard_public_cert_prosody.crt";
|
|
91
|
+}
|
|
92
|
+
|
|
93
|
+-- Force clients to use encrypted connections? This option will
|
|
94
|
+-- prevent clients from authenticating unless they are using encryption.
|
|
95
|
+
|
|
96
|
+c2s_require_encryption = true
|
|
97
|
+
|
|
98
|
+-- Force certificate authentication for server-to-server connections?
|
|
99
|
+-- This provides ideal security, but requires servers you communicate
|
|
100
|
+-- with to support encryption AND present valid, trusted certificates.
|
|
101
|
+-- NOTE: Your version of LuaSec must support certificate verification!
|
|
102
|
+-- For more information see http://prosody.im/doc/s2s#security
|
|
103
|
+
|
|
104
|
+s2s_secure_auth = false
|
|
105
|
+
|
|
106
|
+-- Many servers don't support encryption or have invalid or self-signed
|
|
107
|
+-- certificates. You can list domains here that will not be required to
|
|
108
|
+-- authenticate using certificates. They will be authenticated using DNS.
|
|
109
|
+
|
|
110
|
+--s2s_insecure_domains = { "gmail.com" }
|
|
111
|
+
|
|
112
|
+-- Even if you leave s2s_secure_auth disabled, you can still require valid
|
|
113
|
+-- certificates for some domains by specifying a list here.
|
|
114
|
+
|
|
115
|
+--s2s_secure_domains = { "jabber.org" }
|
|
116
|
+
|
|
117
|
+-- Required for init scripts and prosodyctl
|
|
118
|
+pidfile = "/var/run/prosody/prosody.pid"
|
|
119
|
+
|
|
120
|
+-- Select the authentication backend to use. The 'internal' providers
|
|
121
|
+-- use Prosody's configured data storage to store the authentication data.
|
|
122
|
+-- To allow Prosody to offer secure authentication mechanisms to clients, the
|
|
123
|
+-- default provider stores passwords in plaintext. If you do not trust your
|
|
124
|
+-- server please see http://prosody.im/doc/modules/mod_auth_internal_hashed
|
|
125
|
+-- for information about using the hashed backend.
|
|
126
|
+
|
|
127
|
+authentication = "internal_plain"
|
|
128
|
+
|
|
129
|
+-- Select the storage backend to use. By default Prosody uses flat files
|
|
130
|
+-- in its configured data directory, but it also supports more backends
|
|
131
|
+-- through modules. An "sql" backend is included by default, but requires
|
|
132
|
+-- additional dependencies. See http://prosody.im/doc/storage for more info.
|
|
133
|
+
|
|
134
|
+--storage = "sql" -- Default is "internal"
|
|
135
|
+
|
|
136
|
+-- For the "sql" backend, you can uncomment *one* of the below to configure:
|
|
137
|
+--sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename.
|
|
138
|
+--sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
|
|
139
|
+--sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
|
|
140
|
+
|
|
141
|
+-- Logging configuration
|
|
142
|
+-- For advanced logging see http://prosody.im/doc/logging
|
|
143
|
+log = {
|
|
144
|
+ info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
|
|
145
|
+ error = "/var/log/prosody/prosody.err";
|
|
146
|
+ "*syslog";
|
|
147
|
+}
|
|
148
|
+
|
|
149
|
+data_path = "/decrypted/prosody"
|
|
150
|
+
|
|
151
|
+----------- Virtual hosts -----------
|
|
152
|
+-- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
|
|
153
|
+-- Settings under each VirtualHost entry apply *only* to that host.
|
|
154
|
+
|
|
155
|
+VirtualHost "{{ prosody_virtual_domain }}"
|
|
156
|
+
|
|
157
|
+------ Components ------
|
|
158
|
+-- You can specify components to add hosts that provide special services,
|
|
159
|
+-- like multi-user conferences, and transports.
|
|
160
|
+-- For more information on components, see http://prosody.im/doc/components
|
|
161
|
+
|
|
162
|
+---Set up a MUC (multi-user chat) room server on conference.example.com:
|
|
163
|
+--Component "conference.example.com" "muc"
|
|
164
|
+
|
|
165
|
+-- Set up a SOCKS5 bytestream proxy for server-proxied file tr3ansfers:
|
|
166
|
+--Component "proxy.example.com" "proxy65"
|
|
167
|
+
|
|
168
|
+---Set up an external component (default component port is 5347)
|
|
169
|
+--
|
|
170
|
+-- External components allow adding various services, such as gateways/
|
|
171
|
+-- transports to other networks like ICQ, MSN and Yahoo. For more info
|
|
172
|
+-- see: http://prosody.im/doc/components#adding_an_external_component
|
|
173
|
+--
|
|
174
|
+--Component "gateway.example.com"
|
|
175
|
+-- component_secret = "password"
|