diff --git a/conf.d/02-storage.cfg.lua b/conf.d/02-storage.cfg.lua index 6271375..29b0711 100644 --- a/conf.d/02-storage.cfg.lua +++ b/conf.d/02-storage.cfg.lua @@ -1,8 +1,8 @@ default_storage = "sql" sql = { - driver = os.getenv("DB_DRIVER"); - database = os.getenv("DB_DATABASE"); + driver = os.getenv("DB_DRIVER") or "SQLite3"; + database = os.getenv("DB_DATABASE") or "prosody.sqlite"; host = os.getenv("DB_HOST"); port = os.getenv("DB_PORT"); username = os.getenv("DB_USERNAME"); diff --git a/conf.d/03-e2e-policy.cfg.lua b/conf.d/03-e2e-policy.cfg.lua index 88a7ca8..19fab10 100644 --- a/conf.d/03-e2e-policy.cfg.lua +++ b/conf.d/03-e2e-policy.cfg.lua @@ -1,8 +1,11 @@ local stringy = require "stringy" -e2e_policy_chat = os.getenv("E2E_POLICY_CHAT") -e2e_policy_muc = os.getenv("E2E_POLICY_MUC") -e2e_policy_whitelist = stringy.split(os.getenv("E2E_POLICY_WHITELIST"), ", ") +e2e_policy_chat = os.getenv("E2E_POLICY_CHAT") or "required" +e2e_policy_muc = os.getenv("E2E_POLICY_MUC") or "required" + +local whitelist = os.getenv("E2E_POLICY_WHITELIST") or "" +e2e_policy_whitelist = stringy.split(whitelist, ", ") + e2e_policy_message_optional_chat = "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for conversations on this server." e2e_policy_message_required_chat = "For security reasons, OMEMO, OTR or PGP encryption is required for conversations on this server." e2e_policy_message_optional_muc = "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for MUC on this server." diff --git a/conf.d/04-server_contact_info.cfg.lua b/conf.d/04-server_contact_info.cfg.lua index 52437e7..971392d 100644 --- a/conf.d/04-server_contact_info.cfg.lua +++ b/conf.d/04-server_contact_info.cfg.lua @@ -1,10 +1,18 @@ local stringy = require "stringy" +local domain = os.getenv("DOMAIN") +local abuse = os.getenv("SERVER_CONTACT_INFO_ABUSE") or "xmpp:abuse@" .. domain +local admin = os.getenv("SERVER_CONTACT_INFO_ADMIN") or "xmpp:admin@" .. domain +local feedback = os.getenv("SERVER_CONTACT_INFO_FEEDBACK") or "xmpp:feedback@" .. domain +local sales = os.getenv("SERVER_CONTACT_INFO_SALES") or "xmpp:sales@" .. domain +local security = os.getenv("SERVER_CONTACT_INFO_SECURITY") or "xmpp:security@" .. domain +local support = os.getenv("SERVER_CONTACT_INFO_SUPPORT") or "xmpp:support@" .. domain + contact_info = { - abuse = stringy.split(os.getenv("SERVER_CONTACT_INFO_ABUSE"), ", "); - admin = stringy.split(os.getenv("SERVER_CONTACT_INFO_ADMIN"), ", "); - feedback = stringy.split(os.getenv("SERVER_CONTACT_INFO_FEEDBACK"), ", "); - sales = stringy.split(os.getenv("SERVER_CONTACT_INFO_SALES"), ", "); - security = stringy.split(os.getenv("SERVER_CONTACT_INFO_SECURITY"), ", "); - support = stringy.split(os.getenv("SERVER_CONTACT_INFO_SUPPORT"), ", "); + abuse = stringy.split(abuse, ", "); + admin = stringy.split(admin, ", "); + feedback = stringy.split(feedback, ", "); + sales = stringy.split(sales, ", "); + security = stringy.split(security, ", "); + support = stringy.split(support, ", "); } diff --git a/conf.d/05-vhost.cfg.lua b/conf.d/05-vhost.cfg.lua index e92508f..1f5bcec 100644 --- a/conf.d/05-vhost.cfg.lua +++ b/conf.d/05-vhost.cfg.lua @@ -1,8 +1,8 @@ local domain = os.getenv("DOMAIN") -local domain_http_upload = os.getenv("DOMAIN_HTTP_UPLOAD") -local domain_muc = os.getenv("DOMAIN_MUC") -local domain_proxy = os.getenv("DOMAIN_PROXY") -local domain_pubsub = os.getenv("DOMAIN_PUBSUB") +local domain_http_upload = os.getenv("DOMAIN_HTTP_UPLOAD") or "upload." .. domain +local domain_muc = os.getenv("DOMAIN_MUC") or "conference." .. domain +local domain_proxy = os.getenv("DOMAIN_PROXY") or "proxy." .. domain +local domain_pubsub = os.getenv("DOMAIN_PUBSUB") or "pubsub." .. domain -- XEP-0368: SRV records for XMPP over TLS -- https://compliance.conversations.im/test/xep0368/ diff --git a/docker-entrypoint.bash b/docker-entrypoint.bash index dd317e0..3d85187 100755 --- a/docker-entrypoint.bash +++ b/docker-entrypoint.bash @@ -1,28 +1,6 @@ #!/bin/bash set -e -export ALLOW_REGISTRATION=${ALLOW_REGISTRATION:-true} -export DOMAIN_HTTP_UPLOAD=${DOMAIN_HTTP_UPLOAD:-"upload.$DOMAIN"} -export DOMAIN_MUC=${DOMAIN_MUC:-"conference.$DOMAIN"} -export DOMAIN_PROXY=${DOMAIN_PROXY:-"proxy.$DOMAIN"} -export DOMAIN_PUBSUB=${DOMAIN_PUBSUB:-"pubsub.$DOMAIN"} -export DB_DRIVER=${DB_DRIVER:-"SQLite3"} -export DB_DATABASE=${DB_DATABASE:-"prosody.sqlite"} -export E2E_POLICY_CHAT=${E2E_POLICY_CHAT:-"required"} -export E2E_POLICY_MUC=${E2E_POLICY_MUC:-"required"} -export E2E_POLICY_WHITELIST=${E2E_POLICY_WHITELIST:-""} -export LOG_LEVEL=${LOG_LEVEL:-"info"} -export C2S_REQUIRE_ENCRYPTION=${C2S_REQUIRE_ENCRYPTION:-true} -export S2S_REQUIRE_ENCRYPTION=${S2S_REQUIRE_ENCRYPTION:-true} -export S2S_SECURE_AUTH=${S2S_SECURE_AUTH:-true} -export SERVER_CONTACT_INFO_ABUSE=${SERVER_CONTACT_INFO_ABUSE:-"xmpp:abuse@$DOMAIN"} -export SERVER_CONTACT_INFO_ADMIN=${SERVER_CONTACT_INFO_ADMIN:-"xmpp:admin@$DOMAIN"} -export SERVER_CONTACT_INFO_FEEDBACK=${SERVER_CONTACT_INFO_FEEDBACK:-"xmpp:feedback@$DOMAIN"} -export SERVER_CONTACT_INFO_SALES=${SERVER_CONTACT_INFO_SALES:-"xmpp:sales@$DOMAIN"} -export SERVER_CONTACT_INFO_SECURITY=${SERVER_CONTACT_INFO_SECURITY:-"xmpp:security@$DOMAIN"} -export SERVER_CONTACT_INFO_SUPPORT=${SERVER_CONTACT_INFO_SUPPORT:-"xmpp:support@$DOMAIN"} -export PROSODY_ADMINS=${PROSODY_ADMINS:-""} - if [[ "$1" != "prosody" ]]; then exec prosodyctl $* exit 0; diff --git a/prosody.cfg.lua b/prosody.cfg.lua index 6486643..b53faeb 100644 --- a/prosody.cfg.lua +++ b/prosody.cfg.lua @@ -3,15 +3,16 @@ local stringy = require "stringy" -admins = stringy.split(os.getenv("PROSODY_ADMINS"), ", "); +local prosody_admins = os.getenv("PROSODY_ADMINS") or ""; +admins = stringy.split(prosody_admins, ", "); pidfile = "/var/run/prosody/prosody.pid" -allow_registration = os.getenv("ALLOW_REGISTRATION"); +allow_registration = os.getenv("ALLOW_REGISTRATION") or "true"; -c2s_require_encryption = os.getenv("C2S_REQUIRE_ENCRYPTION"); -s2s_require_encryption = os.getenv("S2S_REQUIRE_ENCRYPTION"); -s2s_secure_auth = os.getenv("S2S_SECURE_AUTH"); +c2s_require_encryption = os.getenv("C2S_REQUIRE_ENCRYPTION") or "true"; +s2s_require_encryption = os.getenv("S2S_REQUIRE_ENCRYPTION") or "true"; +s2s_secure_auth = os.getenv("S2S_SECURE_AUTH") or "true"; authentication = os.getenv("AUTHENTICATION") or "internal_hashed"; @@ -26,7 +27,7 @@ ldap_mode = os.getenv("LDAP_MODE") or "bind"; ldap_admin_filter = os.getenv("LDAP_ADMIN_FILTER") or ""; log = { - {levels = {min = os.getenv("LOG_LEVEL")}, to = "console"}; + {levels = {min = os.getenv("LOG_LEVEL") or "info"}, to = "console"}; }; Include "conf.d/*.cfg.lua"; diff --git a/readme.md b/readme.md index 6a219ab..de5ab62 100644 --- a/readme.md +++ b/readme.md @@ -167,9 +167,9 @@ services: - ./data:/usr/local/var/lib/prosody ``` -Boot it via: ```docker-compose up -d```. +Boot it via: ```docker compose up -d```. -Inspect logs: ```docker-compose logs -f```. +Inspect logs: ```docker compose logs -f```. ### Volumes permissions @@ -265,7 +265,7 @@ If you need additional configuration just overwrite the respective _cfg.lua_ fil When migrating from prosody 0.10, you need to update the database once: ```bash -docker-compose exec server bash +docker compose exec server bash prosodyctl mod_storage_sql upgrade ``` diff --git a/tests/docker-compose.yml b/tests/docker-compose.yml index 2c5b4f7..b67723b 100644 --- a/tests/docker-compose.yml +++ b/tests/docker-compose.yml @@ -43,7 +43,7 @@ services: - postgres postgres: - image: postgres:15-alpine + image: postgres:16-alpine restart: unless-stopped environment: POSTGRES_DB: prosody diff --git a/tests/test.bash b/tests/test.bash index 1b9d5de..33a374b 100755 --- a/tests/test.bash +++ b/tests/test.bash @@ -19,7 +19,7 @@ registerTestUser() { local userName="$1" local containerName="$2" echo "Registering TestUser '$userName' in container '$containerName'" - sudo docker compose exec "$containerName" /bin/bash -c "/entrypoint.bash register $userName example.com 12345678" + sudo docker compose exec "$containerName" /bin/bash -c "prosodyctl register $userName example.com 12345678" } registerTestUsers() { @@ -42,7 +42,7 @@ runTests() { && pytest \ && deactivate \ && sleep 5 \ - && sudo docker-compose logs "$containerName" \ + && sudo docker compose logs "$containerName" \ && export batsContainerName="$containerName" \ && ./bats/bats-core/bin/bats tests.bats \ && ./bats/bats-core/bin/bats tests-"$containerName".bats @@ -56,22 +56,22 @@ generateCert "upload.example.com" # Run tests for first container with postgres # Start postgres first and wait for 10 seconds before starting prosody. -sudo docker-compose down -sudo docker-compose up -d postgres +sudo docker compose down +sudo docker compose up -d postgres sleep 10 -sudo docker-compose up -d prosody_postgres +sudo docker compose up -d prosody_postgres registerTestUsers prosody_postgres runTests prosody_postgres -sudo docker-compose down +sudo docker compose down # Run tests for second container with SQLite -sudo docker-compose up -d prosody +sudo docker compose up -d prosody registerTestUsers prosody runTests prosody -sudo docker-compose down +sudo docker compose down # Run tests for prosody with ldap -sudo docker-compose up -d prosody_ldap +sudo docker compose up -d prosody_ldap runTests prosody_ldap -sudo docker-compose down +sudo docker compose down diff --git a/tests/tests-prosody.bats b/tests/tests-prosody.bats index 74ddc22..e2efe54 100644 --- a/tests/tests-prosody.bats +++ b/tests/tests-prosody.bats @@ -4,7 +4,7 @@ load 'bats/bats-support/load' load 'bats/bats-assert/load' @test "Should use sqlite" { - run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\"" + run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\"" assert_success assert_output } diff --git a/tests/tests-prosody_ldap.bats b/tests/tests-prosody_ldap.bats index 7eb0b77..64c92b2 100644 --- a/tests/tests-prosody_ldap.bats +++ b/tests/tests-prosody_ldap.bats @@ -4,13 +4,13 @@ load 'bats/bats-support/load' load 'bats/bats-assert/load' @test "Should use sqlite" { - run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\"" + run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\"" assert_success assert_output } @test "Should use ldap" { - run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Host 'example.com' now set to use user provider 'ldap'\"" + run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Host 'example.com' now set to use user provider 'ldap'\"" assert_success assert_output } diff --git a/tests/tests-prosody_postgres.bats b/tests/tests-prosody_postgres.bats index 2a1d1d0..f33fecb 100644 --- a/tests/tests-prosody_postgres.bats +++ b/tests/tests-prosody_postgres.bats @@ -4,7 +4,7 @@ load 'bats/bats-support/load' load 'bats/bats-assert/load' @test "Should use postgres" { - run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[PostgreSQL\] prosody\.\.\.\"" + run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Connecting to \[PostgreSQL\] prosody\.\.\.\"" assert_success assert_output } diff --git a/tests/tests.bats b/tests/tests.bats index 1f88f04..3655520 100644 --- a/tests/tests.bats +++ b/tests/tests.bats @@ -4,95 +4,95 @@ load 'bats/bats-support/load' load 'bats/bats-assert/load' @test "Should send 5 messages" { - run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Received\[c2s\]: