hex/prosody
1
0
Fork 0
forked from mirror/prosody
Code Pull requests Activity

* New environment variable STORAGE was added. Defaults to sql like before. See [prosody docs](https://prosody.im/doc/storage). This fixes [#38](https://github.com/SaraSmiseth/prosody/issues/38).

Browse source 
* New tests for a container with STORAGE set to `internal`.
This commit is contained in:
Sara Aimée Smiseth 2022-08-19 10:01:29 +02:00
parent ab2afd4249
commit eb572d8180
7 changed files with 133 additions and 81 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
CHANGELOG.md
View file

@ -4,6 +4,11 @@
* Nothing * Nothing
## v1.2.9
* New environment variable STORAGE was added. Defaults to `sql` like before. See [prosody docs](https://prosody.im/doc/storage). This fixes [#38](https://github.com/SaraSmiseth/prosody/issues/38).
* New tests for a container with STORAGE set to `internal`.
## v1.2.8 ## v1.2.8
* Updated to Prosody version [0.12.1](https://blog.prosody.im/prosody-0.12.1-released/). * Updated to Prosody version [0.12.1](https://blog.prosody.im/prosody-0.12.1-released/).

4
conf.d/02-storage.cfg.lua
View file

@ -1,4 +1,4 @@
default_storage = "sql" default_storage = os.getenv("STORAGE")
sql = { sql = {
driver = os.getenv("DB_DRIVER"); driver = os.getenv("DB_DRIVER");
@ -14,7 +14,7 @@ archive_store = "archive2" -- Use the same data store as prosody-modules mod_mam
storage = { storage = {
-- this makes mod_mam use the sql storage backend -- this makes mod_mam use the sql storage backend
archive2 = "sql"; archive2 = os.getenv("STORAGE");
} }
-- https://modules.prosody.im/mod_mam.html -- https://modules.prosody.im/mod_mam.html

1
docker-entrypoint.bash
View file

@ -21,6 +21,7 @@ export SERVER_CONTACT_INFO_FEEDBACK=${SERVER_CONTACT_INFO_FEEDBACK:-"xmpp:feedba
export SERVER_CONTACT_INFO_SALES=${SERVER_CONTACT_INFO_SALES:-"xmpp:sales@$DOMAIN"} export SERVER_CONTACT_INFO_SALES=${SERVER_CONTACT_INFO_SALES:-"xmpp:sales@$DOMAIN"}
export SERVER_CONTACT_INFO_SECURITY=${SERVER_CONTACT_INFO_SECURITY:-"xmpp:security@$DOMAIN"} export SERVER_CONTACT_INFO_SECURITY=${SERVER_CONTACT_INFO_SECURITY:-"xmpp:security@$DOMAIN"}
export SERVER_CONTACT_INFO_SUPPORT=${SERVER_CONTACT_INFO_SUPPORT:-"xmpp:support@$DOMAIN"} export SERVER_CONTACT_INFO_SUPPORT=${SERVER_CONTACT_INFO_SUPPORT:-"xmpp:support@$DOMAIN"}
export STORAGE=${STORAGE:-"sql"}
export PROSODY_ADMINS=${PROSODY_ADMINS:-""} export PROSODY_ADMINS=${PROSODY_ADMINS:-""}
if [[ "$1" != "prosody" ]]; then if [[ "$1" != "prosody" ]]; then

157
readme.md
View file

@ -15,10 +15,10 @@ Multiple [architectures](https://hub.docker.com/r/sarasmiseth/prosody/tags) are
While Conversations got everything set-up out-of-the-box, Gajim was used with the following extensions: While Conversations got everything set-up out-of-the-box, Gajim was used with the following extensions:
* HttpUpload - HttpUpload
* Off-The-Record Encryption - Off-The-Record Encryption
* OMEMO (requires _python-axolotl_ to be installed) - OMEMO (requires _python-axolotl_ to be installed)
* Url Image preview - Url Image preview
## Table of Contents ## Table of Contents
@ -49,17 +49,17 @@ While Conversations got everything set-up out-of-the-box, Gajim was used with th
## Features ## Features
* Secure by default - Secure by default
* SSL certificate required - SSL certificate required
* End-to-end encryption required (using [OMEMO](https://conversations.im/omemo/) or [OTR](https://en.wikipedia.org/wiki/Off-the-Record_Messaging)) - End-to-end encryption required (using [OMEMO](https://conversations.im/omemo/) or [OTR](https://en.wikipedia.org/wiki/Off-the-Record_Messaging))
* Data storage - Data storage
* SQLite message store - SQLite message store
* Configured file upload and image sharing - Configured file upload and image sharing
* Multi-user chat (MUC) - Multi-user chat (MUC)
## Requirements ## Requirements
* You need a SSL certificate. I recommend [LetsEncrypt](https://letsencrypt.org/) for that. - You need a SSL certificate. I recommend [LetsEncrypt](https://letsencrypt.org/) for that.
## Image Details ## Image Details
@ -67,54 +67,54 @@ While Conversations got everything set-up out-of-the-box, Gajim was used with th
The following ports are exposed: The following ports are exposed:
* 5000: proxy65 port used for file sharing - 5000: proxy65 port used for file sharing
* 5222: c2s port (client to server) - 5222: c2s port (client to server)
* 5223: c2s legacy ssl port (client to server) - 5223: c2s legacy ssl port (client to server)
* 5269: s2s port (server to server) - 5269: s2s port (server to server)
* 5347: XMPP component port - 5347: XMPP component port
* 5280: BOSH / websocket port - 5280: BOSH / websocket port
* 5281: Secure BOSH / websocket port - 5281: Secure BOSH / websocket port
### Directories ### Directories
#### Data #### Data
Path: ```/usr/local/var/lib/prosody/```. Path: `/usr/local/var/lib/prosody/`.
- used for SQLite file
- used for HTTP uploads
- this is exposed as docker volume
* used for SQLite file
* used for HTTP uploads
* this is exposed as docker volume
#### Bundled modules #### Bundled modules
Path: ```/usr/local/lib/prosody/modules/```. Path: `/usr/local/lib/prosody/modules/`.
#### Additionally installed prosody modules #### Additionally installed prosody modules
Path: ```/usr/local/lib/prosody/custom-modules/```. Path: `/usr/local/lib/prosody/custom-modules/`.
#### Config #### Config
Path: ```/usr/local/etc/prosody/```. Path: `/usr/local/etc/prosody/`.
* containing the main config file called ```prosody.cfg.lua``` - containing the main config file called `prosody.cfg.lua`
* containing additional config files within ```conf.d/``` - containing additional config files within `conf.d/`
#### SSL certificates #### SSL certificates
Path: ```/usr/local/etc/prosody/certs/```. Path: `/usr/local/etc/prosody/certs/`.
Uses [automatic location](https://prosody.im/doc/certificates#automatic_location) to find your certs. Uses [automatic location](https://prosody.im/doc/certificates#automatic_location) to find your certs.
The http_upload module and the legacy_ssl module do not use the same search algorithm for the certificates. See [service certificates](https://prosody.im/doc/certificates#service_certificates). The http_upload module and the legacy_ssl module do not use the same search algorithm for the certificates. See [service certificates](https://prosody.im/doc/certificates#service_certificates).
The settings https_ssl and legacy_ssl_ssl in [05-vhost.cfg.lua](./conf.d/05-vhost.cfg.lua) configures the certificates to ```certs/domain.tld/fullchain.pem``` and ```certs/domain.tld/privkey.pem``` for legacy_ssl and to ```certs/DOMAIN_HTTP_UPLOAD/fullchain.pem``` and ```certs/DOMAIN_HTTP_UPLOAD/privkey.pem``` for http_upload where DOMAIN_HTTP_UPLOAD is an environtment variable. The settings https_ssl and legacy_ssl_ssl in [05-vhost.cfg.lua](./conf.d/05-vhost.cfg.lua) configures the certificates to `certs/domain.tld/fullchain.pem` and `certs/domain.tld/privkey.pem` for legacy_ssl and to `certs/DOMAIN_HTTP_UPLOAD/fullchain.pem` and `certs/DOMAIN_HTTP_UPLOAD/privkey.pem` for http_upload where DOMAIN_HTTP_UPLOAD is an environtment variable.
##### Folder structure ##### Folder structure
An example certificate folder structure could look like this: An example certificate folder structure could look like this:
``` zsh ```zsh
certs certs
├── conference.domain.tld ├── conference.domain.tld
│   ├── fullchain.pem │   ├── fullchain.pem
@ -136,9 +136,9 @@ Thats how Let's encrypt certbot does it out of the box.
certbot creates the structure and uses symlinks to the actual certificates. certbot creates the structure and uses symlinks to the actual certificates.
If you mount them like that prosody somehow does not find them. If you mount them like that prosody somehow does not find them.
I copied them to a folder named ```certs``` next to my ```docker-compose.yml``` and made sure to use the ```-L``` flag of ```cp```. I copied them to a folder named `certs` next to my `docker-compose.yml` and made sure to use the `-L` flag of `cp`.
This makes cp follow symbolic links when copying from them. This makes cp follow symbolic links when copying from them.
For example ```cp -L src dest```. For example `cp -L src dest`.
##### Permissions ##### Permissions
@ -147,7 +147,7 @@ Check [Volumes permissions](#volumes-permissions) as well.
### Run ### Run
I recommend using a ```docker-compose.yml``` file: I recommend using a `docker-compose.yml` file:
```yaml ```yaml
version: '3.7' version: '3.7'
@ -169,15 +169,15 @@ services:
- ./data:/usr/local/var/lib/prosody - ./data:/usr/local/var/lib/prosody
``` ```
Boot it via: ```docker-compose up -d```. Boot it via: `docker-compose up -d`.
Inspect logs: ```docker-compose logs -f```. Inspect logs: `docker-compose logs -f`.
### Volumes permissions ### Volumes permissions
The prosody user inside the container has the `uid=999` and `gid=999`. If you use the example `docker-compose.yml` from above make sure, that the `./data` folder and the `./certs` folder have the correct permissions. The prosody user inside the container has the `uid=999` and `gid=999`. If you use the example `docker-compose.yml` from above make sure, that the `./data` folder and the `./certs` folder have the correct permissions.
``` shell ```shell
sudo chown 999:999 ./certs sudo chown 999:999 ./certs
sudo chown 999:999 ./data sudo chown 999:999 ./data
``` ```
@ -191,61 +191,62 @@ sudo chown 999:999 ./data
| edge | This tag points to the latest version build from the newest [commit](https://github.com/SaraSmiseth/prosody/commits/dev) in the dev branch. | | edge | This tag points to the latest version build from the newest [commit](https://github.com/SaraSmiseth/prosody/commits/dev) in the dev branch. |
| nightly | This tag points to the latest version build from the newest [commit](https://github.com/SaraSmiseth/prosody/commits/dev) in the dev branch. It gets rebuild every night. | | nightly | This tag points to the latest version build from the newest [commit](https://github.com/SaraSmiseth/prosody/commits/dev) in the dev branch. It gets rebuild every night. |
| latest | This tag points to the latest version build from the latest commit that is tagged in git. See [releases](https://github.com/SaraSmiseth/prosody/releases). | | latest | This tag points to the latest version build from the latest commit that is tagged in git. See [releases](https://github.com/SaraSmiseth/prosody/releases). |
| *vX.Y.Z* | There is a tag for each [release](https://github.com/SaraSmiseth/prosody/releases). | | _vX.Y.Z_ | There is a tag for each [release](https://github.com/SaraSmiseth/prosody/releases). |
### Configuration ### Configuration
#### Environment variables #### Environment variables
| Variable | Description | Type | Default value | | Variable | Description | Type | Default value |
| -------------------------------- | -------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------- | | -------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------- |
| **ALLOW_REGISTRATION** | Whether to allow registration of new accounts via Jabber clients | *optional* | true | | **ALLOW_REGISTRATION** | Whether to allow registration of new accounts via Jabber clients | _optional_ | true |
| **DOMAIN** | domain | **required** | null | | **DOMAIN** | domain | **required** | null |
| **DOMAIN_HTTP_UPLOAD** | Domain which lets clients upload files over HTTP | *optional* | upload.**DOMAIN** | | **DOMAIN_HTTP_UPLOAD** | Domain which lets clients upload files over HTTP | _optional_ | upload.**DOMAIN** |
| **DOMAIN_MUC** | Domain for Multi-user chat (MUC) for allowing you to create hosted chatrooms/conferences for XMPP users | *optional* | conference.**DOMAIN** | | **DOMAIN_MUC** | Domain for Multi-user chat (MUC) for allowing you to create hosted chatrooms/conferences for XMPP users | _optional_ | conference.**DOMAIN** |
| **DOMAIN_PROXY** | Domain for SOCKS5 bytestream proxy for server-proxied file transfers | *optional* | proxy.**DOMAIN** | | **DOMAIN_PROXY** | Domain for SOCKS5 bytestream proxy for server-proxied file transfers | _optional_ | proxy.**DOMAIN** |
| **DOMAIN_PUBSUB** | Domain for a XEP-0060 pubsub service | *optional* | pubsub.**DOMAIN** | | **DOMAIN_PUBSUB** | Domain for a XEP-0060 pubsub service | _optional_ | pubsub.**DOMAIN** |
| **DB_DRIVER** | May also be "PostgreSQL" or "MySQL" or "SQLite3" (case sensitive!) | *optional* | SQLite3 | | **DB_DRIVER** | May also be "PostgreSQL" or "MySQL" or "SQLite3" (case sensitive!) | _optional_ | SQLite3 |
| **DB_DATABASE** | The database name to use. For SQLite3 this the database filename (relative to the data storage directory). | *optional* | prosody.sqlite | | **DB_DATABASE** | The database name to use. For SQLite3 this the database filename (relative to the data storage directory). | _optional_ | prosody.sqlite |
| **DB_HOST** | The address of the database server | *optional* | | | **DB_HOST** | The address of the database server | _optional_ | |
| **DB_PORT** | Port on which the database is listening | *optional* | | | **DB_PORT** | Port on which the database is listening | _optional_ | |
| **DB_USERNAME** | The username to authenticate to the database | *optional* | | | **DB_USERNAME** | The username to authenticate to the database | _optional_ | |
| **DB_PASSWORD** | The password to authenticate to the database | *optional* | | | **DB_PASSWORD** | The password to authenticate to the database | _optional_ | |
| **E2E_POLICY_CHAT** | Policy for chat messages. Possible values: "none", "optional" and "required". | *optional* | "required" | | **E2E_POLICY_CHAT** | Policy for chat messages. Possible values: "none", "optional" and "required". | _optional_ | "required" |
| **E2E_POLICY_MUC** | Policy for MUC messages. Possible values: "none", "optional" and "required". | *optional* | "required" | | **E2E_POLICY_MUC** | Policy for MUC messages. Possible values: "none", "optional" and "required". | _optional_ | "required" |
| **E2E_POLICY_WHITELIST** | Make this module ignore messages sent to and from this JIDs or MUCs. | *optional* | "" | | **E2E_POLICY_WHITELIST** | Make this module ignore messages sent to and from this JIDs or MUCs. | _optional_ | "" |
| **LOG_LEVEL** | Min log level. Change to debug for more information | *optional* | info | | **LOG_LEVEL** | Min log level. Change to debug for more information | _optional_ | info |
| **C2S_REQUIRE_ENCRYPTION** | Whether to force all client-to-server connections to be encrypted or not | *optional* | true | | **C2S_REQUIRE_ENCRYPTION** | Whether to force all client-to-server connections to be encrypted or not | _optional_ | true |
| **S2S_REQUIRE_ENCRYPTION** | Whether to force all server-to-server connections to be encrypted or not | *optional* | true | | **S2S_REQUIRE_ENCRYPTION** | Whether to force all server-to-server connections to be encrypted or not | _optional_ | true |
| **S2S_SECURE_AUTH** | Require encryption and certificate authentication | *optional* | true | | **S2S_SECURE_AUTH** | Require encryption and certificate authentication | _optional_ | true |
| **SERVER_CONTACT_INFO_ABUSE** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:abuse@**DOMAIN**" | | **SERVER_CONTACT_INFO_ABUSE** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:abuse@**DOMAIN**" |
| **SERVER_CONTACT_INFO_ADMIN** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:admin@**DOMAIN**" | | **SERVER_CONTACT_INFO_ADMIN** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:admin@**DOMAIN**" |
| **SERVER_CONTACT_INFO_FEEDBACK** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:feedback@**DOMAIN**" | | **SERVER_CONTACT_INFO_FEEDBACK** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:feedback@**DOMAIN**" |
| **SERVER_CONTACT_INFO_SALES** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:sales@**DOMAIN**" | | **SERVER_CONTACT_INFO_SALES** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:sales@**DOMAIN**" |
| **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:security@**DOMAIN**" | | **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:security@**DOMAIN**" |
| **SERVER_CONTACT_INFO_SUPPORT** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:support@**DOMAIN**" | | **SERVER_CONTACT_INFO_SUPPORT** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:support@**DOMAIN**" |
| **PROSODY_ADMINS** | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net" | *optional* | "" | | **PROSODY_ADMINS** | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net" | _optional_ | "" |
| **STORAGE** | Select the storage backend to load with the 'storage' configuration option. See [here](https://prosody.im/doc/storage). | _optional_ | "sql" |
#### DNS #### DNS
You need these DNS record pointing to your server: You need these DNS record pointing to your server:
* domain.tld - domain.tld
* conference.domain.tld - conference.domain.tld
* proxy.domain.tld - proxy.domain.tld
* pubsub.domain.tld - pubsub.domain.tld
* upload.domain.tld - upload.domain.tld
* A SRV record for _xmpps-client._tcp.domain.tld for port 5223. - A SRV record for \_xmpps-client.\_tcp.domain.tld for port 5223.
where domain.tld is the environment variable DOMAIN. where domain.tld is the environment variable DOMAIN.
### Extend ### Extend
There is a helper script that eases installing additional prosody modules: ```docker-prosody-module-install``` There is a helper script that eases installing additional prosody modules: `docker-prosody-module-install`
It downloads the current [prosody-modules](https://hg.prosody.im/prosody-modules/) repository. The specified modules are copied and its name is added to the ```modules_enabled``` variable within ```conf.d/01-modules.cfg.lua```. It downloads the current [prosody-modules](https://hg.prosody.im/prosody-modules/) repository. The specified modules are copied and its name is added to the `modules_enabled` variable within `conf.d/01-modules.cfg.lua`.
There is also ```docker-prosody-module-copy``` which copies the specified modules but does not add them to the ```modules_enabled``` variable within ```conf.d/01-modules.cfg.lua```. There is also `docker-prosody-module-copy` which copies the specified modules but does not add them to the `modules_enabled` variable within `conf.d/01-modules.cfg.lua`.
If you need additional configuration just overwrite the respective _cfg.lua_ file or add new ones. If you need additional configuration just overwrite the respective _cfg.lua_ file or add new ones.
@ -262,5 +263,5 @@ prosodyctl mod_storage_sql upgrade
You can test your server with these websites: You can test your server with these websites:
* [IM Observatory](https://www.xmpp.net/) - [IM Observatory](https://www.xmpp.net/)
* [XMPP Compliance Tester](https://compliance.conversations.im/) - [XMPP Compliance Tester](https://compliance.conversations.im/)

20
tests/docker-compose.yml
View file

@ -18,6 +18,24 @@ services:
volumes: volumes:
- ./certs:/usr/local/etc/prosody/certs - ./certs:/usr/local/etc/prosody/certs
prosody_internal_storage:
image: prosody
restart: unless-stopped
ports:
- "5000:5000"
- "5222:5222"
- "5223:5223"
- "5269:5269"
- "5281:5281"
environment:
DOMAIN: localhost
E2E_POLICY_WHITELIST: "admin@localhost, user1@localhost"
LOG_LEVEL: debug
PROSODY_ADMINS: "admin@localhost, admin2@localhost"
STORAGE: "internal"
volumes:
- ./certs:/usr/local/etc/prosody/certs
prosody_postgres: prosody_postgres:
image: prosody image: prosody
restart: unless-stopped restart: unless-stopped
@ -45,7 +63,7 @@ services:
- postgres - postgres
postgres: postgres:
image: postgres:13-alpine image: postgres:14-alpine
restart: unless-stopped restart: unless-stopped
environment: environment:
POSTGRES_DB: prosody POSTGRES_DB: prosody

6
tests/test.bash
View file

@ -69,3 +69,9 @@ sudo docker-compose up -d prosody
registerTestUsers prosody registerTestUsers prosody
runTests prosody runTests prosody
sudo docker-compose down sudo docker-compose down
# Run tests for third container with internal storage
sudo docker-compose up -d prosody_internal_storage
registerTestUsers prosody_internal_storage
runTests prosody_internal_storage
sudo docker-compose down

21
tests/tests-prosody_internal_storage.bats Normal file
View file

@ -0,0 +1,21 @@
# For tests with pipes see: https://github.com/sstephenson/bats/issues/10
load 'bats/bats-support/load'
load 'bats/bats-assert/load'
# TODO
#@test "Should use internal storage" {
# run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\""
# assert_failure
# assert_output
#}
@test "Should not use sqlite" {
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\""
assert_failure
}
@test "Should not use postgres" {
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[PostgreSQL\] prosody\.\.\.\""
assert_failure
}