Environment variables for most of prosody.cfg.lua

docker-entrypoint.sh

@@ -15,8 +15,13 @@ if [ -z "$DOMAIN" ]; then
   exit 1
 fi
 
+export ALLOW_REGISTRATION=${ALLOW_REGISTRATION:-true}
 export DOMAIN_HTTP_UPLOAD=${DOMAIN_HTTP_UPLOAD:-"upload.$DOMAIN"}
 export DOMAIN_MUC=${DOMAIN_MUC:-"conference.$DOMAIN"}
 export DOMAIN_PROXY=${DOMAIN_PROXY:-"proxy.$DOMAIN"}
+export LOG_LEVEL=${LOG_LEVEL:-"info"}
+export C2S_REQUIRE_ENCRYPTION=${C2S_REQUIRE_ENCRYPTION:-true}
+export S2S_REQUIRE_ENCRYPTION=${S2S_REQUIRE_ENCRYPTION:-true}
+export S2S_SECURE_AUTH=${S2S_SECURE_AUTH:-true}
 
 exec "$@"

prosody.cfg.lua

@@ -5,15 +5,16 @@ admins = {};
 
 use_libevent = true; -- improves performance
 
-allow_registration = true;
+allow_registration = os.getenv("ALLOW_REGISTRATION");
 
-c2s_require_encryption = true;
+c2s_require_encryption = os.getenv("C2S_REQUIRE_ENCRYPTION");
-s2s_secure_auth = true;
+s2s_require_encryption = os.getenv("S2S_REQUIRE_ENCRYPTION");
+s2s_secure_auth = os.getenv("S2S_SECURE_AUTH");
 
 authentication = "internal_hashed";
 
 log = {
-    {levels = {min = "info"}, to = "console"};
+    {levels = {min = os.getenv("LOG_LEVEL")}, to = "console"};
 };
 
 Include "conf.d/*.cfg.lua";

readme.md

@@ -21,7 +21,7 @@ While Conversations got everything set-up out-of-the-box, Gajim was used with th
     - [Directories](#directories)
     - [Run](#run)
     - [Configuration](#configuration)
-    - [Environment variables](#environment-variables)
+      - [Environment variables](#environment-variables)
       - [DNS](#dns)
       - [server_contact_info](#server_contact_info)
     - [Debugging](#debugging)
@@ -102,14 +102,19 @@ Inspect logs: ```docker-compose logs -f```
 
 ### Configuration
 
-### Environment variables
+#### Environment variables
 
 | Variable | Description | Type | Default value |
 | -------- | ----------- | ---- | ------------- |
+| **ALLOW_REGISTRATION** | Whether to allow registration of new accounts via Jabber clients | *optional* | true
 | **DOMAIN** | domain | **required** | null
 | **DOMAIN_HTTP_UPLOAD** | Domain which lets clients upload files over HTTP | *optional* | upload.**DOMAIN**
 | **DOMAIN_MUC** | Domain for Multi-user chat (MUC) for allowing you to create hosted chatrooms/conferences for XMPP users | *optional* | conference.**DOMAIN**
 | **DOMAIN_PROXY** | Domain for SOCKS5 bytestream proxy for server-proxied file transfers | *optional* | proxy.**DOMAIN**
+| **LOG_LEVEL** | Min log level. Change to debug for more information | *optional* | info
+| **C2S_REQUIRE_ENCRYPTION** | Whether to force all client-to-server connections to be encrypted or not | *optional* | true
+| **S2S_REQUIRE_ENCRYPTION** | Whether to force all server-to-server connections to be encrypted or not | *optional* | true
+| **S2S_SECURE_AUTH** | Require encryption and certificate authentication | *optional* | true
 
 #### DNS