From eb572d818015558e0791cf2dc8e46457654961be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Fri, 19 Aug 2022 10:01:29 +0200 Subject: [PATCH 01/18] * New environment variable STORAGE was added. Defaults to `sql` like before. See [prosody docs](https://prosody.im/doc/storage). This fixes [#38](https://github.com/SaraSmiseth/prosody/issues/38). * New tests for a container with STORAGE set to `internal`. --- CHANGELOG.md | 5 + conf.d/02-storage.cfg.lua | 4 +- docker-entrypoint.bash | 1 + readme.md | 157 +++++++++++----------- tests/docker-compose.yml | 20 ++- tests/test.bash | 6 + tests/tests-prosody_internal_storage.bats | 21 +++ 7 files changed, 133 insertions(+), 81 deletions(-) create mode 100644 tests/tests-prosody_internal_storage.bats diff --git a/CHANGELOG.md b/CHANGELOG.md index 60f5c54..ffb3143 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,11 @@ * Nothing +## v1.2.9 + +* New environment variable STORAGE was added. Defaults to `sql` like before. See [prosody docs](https://prosody.im/doc/storage). This fixes [#38](https://github.com/SaraSmiseth/prosody/issues/38). +* New tests for a container with STORAGE set to `internal`. + ## v1.2.8 * Updated to Prosody version [0.12.1](https://blog.prosody.im/prosody-0.12.1-released/). diff --git a/conf.d/02-storage.cfg.lua b/conf.d/02-storage.cfg.lua index 549573a..05cdb2d 100644 --- a/conf.d/02-storage.cfg.lua +++ b/conf.d/02-storage.cfg.lua @@ -1,4 +1,4 @@ -default_storage = "sql" +default_storage = os.getenv("STORAGE") sql = { driver = os.getenv("DB_DRIVER"); @@ -14,7 +14,7 @@ archive_store = "archive2" -- Use the same data store as prosody-modules mod_mam storage = { -- this makes mod_mam use the sql storage backend - archive2 = "sql"; + archive2 = os.getenv("STORAGE"); } -- https://modules.prosody.im/mod_mam.html diff --git a/docker-entrypoint.bash b/docker-entrypoint.bash index dd317e0..2f20e9b 100755 --- a/docker-entrypoint.bash +++ b/docker-entrypoint.bash @@ -21,6 +21,7 @@ export SERVER_CONTACT_INFO_FEEDBACK=${SERVER_CONTACT_INFO_FEEDBACK:-"xmpp:feedba export SERVER_CONTACT_INFO_SALES=${SERVER_CONTACT_INFO_SALES:-"xmpp:sales@$DOMAIN"} export SERVER_CONTACT_INFO_SECURITY=${SERVER_CONTACT_INFO_SECURITY:-"xmpp:security@$DOMAIN"} export SERVER_CONTACT_INFO_SUPPORT=${SERVER_CONTACT_INFO_SUPPORT:-"xmpp:support@$DOMAIN"} +export STORAGE=${STORAGE:-"sql"} export PROSODY_ADMINS=${PROSODY_ADMINS:-""} if [[ "$1" != "prosody" ]]; then diff --git a/readme.md b/readme.md index c127e4a..6c1208f 100644 --- a/readme.md +++ b/readme.md @@ -15,10 +15,10 @@ Multiple [architectures](https://hub.docker.com/r/sarasmiseth/prosody/tags) are While Conversations got everything set-up out-of-the-box, Gajim was used with the following extensions: -* HttpUpload -* Off-The-Record Encryption -* OMEMO (requires _python-axolotl_ to be installed) -* Url Image preview +- HttpUpload +- Off-The-Record Encryption +- OMEMO (requires _python-axolotl_ to be installed) +- Url Image preview ## Table of Contents @@ -49,17 +49,17 @@ While Conversations got everything set-up out-of-the-box, Gajim was used with th ## Features -* Secure by default - * SSL certificate required - * End-to-end encryption required (using [OMEMO](https://conversations.im/omemo/) or [OTR](https://en.wikipedia.org/wiki/Off-the-Record_Messaging)) -* Data storage - * SQLite message store - * Configured file upload and image sharing -* Multi-user chat (MUC) +- Secure by default + - SSL certificate required + - End-to-end encryption required (using [OMEMO](https://conversations.im/omemo/) or [OTR](https://en.wikipedia.org/wiki/Off-the-Record_Messaging)) +- Data storage + - SQLite message store + - Configured file upload and image sharing +- Multi-user chat (MUC) ## Requirements -* You need a SSL certificate. I recommend [LetsEncrypt](https://letsencrypt.org/) for that. +- You need a SSL certificate. I recommend [LetsEncrypt](https://letsencrypt.org/) for that. ## Image Details @@ -67,54 +67,54 @@ While Conversations got everything set-up out-of-the-box, Gajim was used with th The following ports are exposed: -* 5000: proxy65 port used for file sharing -* 5222: c2s port (client to server) -* 5223: c2s legacy ssl port (client to server) -* 5269: s2s port (server to server) -* 5347: XMPP component port -* 5280: BOSH / websocket port -* 5281: Secure BOSH / websocket port +- 5000: proxy65 port used for file sharing +- 5222: c2s port (client to server) +- 5223: c2s legacy ssl port (client to server) +- 5269: s2s port (server to server) +- 5347: XMPP component port +- 5280: BOSH / websocket port +- 5281: Secure BOSH / websocket port ### Directories #### Data -Path: ```/usr/local/var/lib/prosody/```. +Path: `/usr/local/var/lib/prosody/`. + +- used for SQLite file +- used for HTTP uploads +- this is exposed as docker volume -* used for SQLite file -* used for HTTP uploads -* this is exposed as docker volume - #### Bundled modules -Path: ```/usr/local/lib/prosody/modules/```. +Path: `/usr/local/lib/prosody/modules/`. #### Additionally installed prosody modules -Path: ```/usr/local/lib/prosody/custom-modules/```. +Path: `/usr/local/lib/prosody/custom-modules/`. #### Config -Path: ```/usr/local/etc/prosody/```. +Path: `/usr/local/etc/prosody/`. -* containing the main config file called ```prosody.cfg.lua``` -* containing additional config files within ```conf.d/``` +- containing the main config file called `prosody.cfg.lua` +- containing additional config files within `conf.d/` #### SSL certificates -Path: ```/usr/local/etc/prosody/certs/```. +Path: `/usr/local/etc/prosody/certs/`. Uses [automatic location](https://prosody.im/doc/certificates#automatic_location) to find your certs. The http_upload module and the legacy_ssl module do not use the same search algorithm for the certificates. See [service certificates](https://prosody.im/doc/certificates#service_certificates). -The settings https_ssl and legacy_ssl_ssl in [05-vhost.cfg.lua](./conf.d/05-vhost.cfg.lua) configures the certificates to ```certs/domain.tld/fullchain.pem``` and ```certs/domain.tld/privkey.pem``` for legacy_ssl and to ```certs/DOMAIN_HTTP_UPLOAD/fullchain.pem``` and ```certs/DOMAIN_HTTP_UPLOAD/privkey.pem``` for http_upload where DOMAIN_HTTP_UPLOAD is an environtment variable. +The settings https_ssl and legacy_ssl_ssl in [05-vhost.cfg.lua](./conf.d/05-vhost.cfg.lua) configures the certificates to `certs/domain.tld/fullchain.pem` and `certs/domain.tld/privkey.pem` for legacy_ssl and to `certs/DOMAIN_HTTP_UPLOAD/fullchain.pem` and `certs/DOMAIN_HTTP_UPLOAD/privkey.pem` for http_upload where DOMAIN_HTTP_UPLOAD is an environtment variable. ##### Folder structure An example certificate folder structure could look like this: -``` zsh +```zsh certs ├── conference.domain.tld │   ├── fullchain.pem @@ -136,9 +136,9 @@ Thats how Let's encrypt certbot does it out of the box. certbot creates the structure and uses symlinks to the actual certificates. If you mount them like that prosody somehow does not find them. -I copied them to a folder named ```certs``` next to my ```docker-compose.yml``` and made sure to use the ```-L``` flag of ```cp```. +I copied them to a folder named `certs` next to my `docker-compose.yml` and made sure to use the `-L` flag of `cp`. This makes cp follow symbolic links when copying from them. -For example ```cp -L src dest```. +For example `cp -L src dest`. ##### Permissions @@ -147,7 +147,7 @@ Check [Volumes permissions](#volumes-permissions) as well. ### Run -I recommend using a ```docker-compose.yml``` file: +I recommend using a `docker-compose.yml` file: ```yaml version: '3.7' @@ -169,15 +169,15 @@ services: - ./data:/usr/local/var/lib/prosody ``` -Boot it via: ```docker-compose up -d```. +Boot it via: `docker-compose up -d`. -Inspect logs: ```docker-compose logs -f```. +Inspect logs: `docker-compose logs -f`. ### Volumes permissions The prosody user inside the container has the `uid=999` and `gid=999`. If you use the example `docker-compose.yml` from above make sure, that the `./data` folder and the `./certs` folder have the correct permissions. -``` shell +```shell sudo chown 999:999 ./certs sudo chown 999:999 ./data ``` @@ -191,61 +191,62 @@ sudo chown 999:999 ./data | edge | This tag points to the latest version build from the newest [commit](https://github.com/SaraSmiseth/prosody/commits/dev) in the dev branch. | | nightly | This tag points to the latest version build from the newest [commit](https://github.com/SaraSmiseth/prosody/commits/dev) in the dev branch. It gets rebuild every night. | | latest | This tag points to the latest version build from the latest commit that is tagged in git. See [releases](https://github.com/SaraSmiseth/prosody/releases). | -| *vX.Y.Z* | There is a tag for each [release](https://github.com/SaraSmiseth/prosody/releases). | +| _vX.Y.Z_ | There is a tag for each [release](https://github.com/SaraSmiseth/prosody/releases). | ### Configuration #### Environment variables -| Variable | Description | Type | Default value | -| -------------------------------- | -------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------- | -| **ALLOW_REGISTRATION** | Whether to allow registration of new accounts via Jabber clients | *optional* | true | -| **DOMAIN** | domain | **required** | null | -| **DOMAIN_HTTP_UPLOAD** | Domain which lets clients upload files over HTTP | *optional* | upload.**DOMAIN** | -| **DOMAIN_MUC** | Domain for Multi-user chat (MUC) for allowing you to create hosted chatrooms/conferences for XMPP users | *optional* | conference.**DOMAIN** | -| **DOMAIN_PROXY** | Domain for SOCKS5 bytestream proxy for server-proxied file transfers | *optional* | proxy.**DOMAIN** | -| **DOMAIN_PUBSUB** | Domain for a XEP-0060 pubsub service | *optional* | pubsub.**DOMAIN** | -| **DB_DRIVER** | May also be "PostgreSQL" or "MySQL" or "SQLite3" (case sensitive!) | *optional* | SQLite3 | -| **DB_DATABASE** | The database name to use. For SQLite3 this the database filename (relative to the data storage directory). | *optional* | prosody.sqlite | -| **DB_HOST** | The address of the database server | *optional* | | -| **DB_PORT** | Port on which the database is listening | *optional* | | -| **DB_USERNAME** | The username to authenticate to the database | *optional* | | -| **DB_PASSWORD** | The password to authenticate to the database | *optional* | | -| **E2E_POLICY_CHAT** | Policy for chat messages. Possible values: "none", "optional" and "required". | *optional* | "required" | -| **E2E_POLICY_MUC** | Policy for MUC messages. Possible values: "none", "optional" and "required". | *optional* | "required" | -| **E2E_POLICY_WHITELIST** | Make this module ignore messages sent to and from this JIDs or MUCs. | *optional* | "" | -| **LOG_LEVEL** | Min log level. Change to debug for more information | *optional* | info | -| **C2S_REQUIRE_ENCRYPTION** | Whether to force all client-to-server connections to be encrypted or not | *optional* | true | -| **S2S_REQUIRE_ENCRYPTION** | Whether to force all server-to-server connections to be encrypted or not | *optional* | true | -| **S2S_SECURE_AUTH** | Require encryption and certificate authentication | *optional* | true | -| **SERVER_CONTACT_INFO_ABUSE** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:abuse@**DOMAIN**" | -| **SERVER_CONTACT_INFO_ADMIN** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:admin@**DOMAIN**" | -| **SERVER_CONTACT_INFO_FEEDBACK** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:feedback@**DOMAIN**" | -| **SERVER_CONTACT_INFO_SALES** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:sales@**DOMAIN**" | -| **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:security@**DOMAIN**" | -| **SERVER_CONTACT_INFO_SUPPORT** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:support@**DOMAIN**" | -| **PROSODY_ADMINS** | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net" | *optional* | "" | +| Variable | Description | Type | Default value | +| -------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------- | +| **ALLOW_REGISTRATION** | Whether to allow registration of new accounts via Jabber clients | _optional_ | true | +| **DOMAIN** | domain | **required** | null | +| **DOMAIN_HTTP_UPLOAD** | Domain which lets clients upload files over HTTP | _optional_ | upload.**DOMAIN** | +| **DOMAIN_MUC** | Domain for Multi-user chat (MUC) for allowing you to create hosted chatrooms/conferences for XMPP users | _optional_ | conference.**DOMAIN** | +| **DOMAIN_PROXY** | Domain for SOCKS5 bytestream proxy for server-proxied file transfers | _optional_ | proxy.**DOMAIN** | +| **DOMAIN_PUBSUB** | Domain for a XEP-0060 pubsub service | _optional_ | pubsub.**DOMAIN** | +| **DB_DRIVER** | May also be "PostgreSQL" or "MySQL" or "SQLite3" (case sensitive!) | _optional_ | SQLite3 | +| **DB_DATABASE** | The database name to use. For SQLite3 this the database filename (relative to the data storage directory). | _optional_ | prosody.sqlite | +| **DB_HOST** | The address of the database server | _optional_ | | +| **DB_PORT** | Port on which the database is listening | _optional_ | | +| **DB_USERNAME** | The username to authenticate to the database | _optional_ | | +| **DB_PASSWORD** | The password to authenticate to the database | _optional_ | | +| **E2E_POLICY_CHAT** | Policy for chat messages. Possible values: "none", "optional" and "required". | _optional_ | "required" | +| **E2E_POLICY_MUC** | Policy for MUC messages. Possible values: "none", "optional" and "required". | _optional_ | "required" | +| **E2E_POLICY_WHITELIST** | Make this module ignore messages sent to and from this JIDs or MUCs. | _optional_ | "" | +| **LOG_LEVEL** | Min log level. Change to debug for more information | _optional_ | info | +| **C2S_REQUIRE_ENCRYPTION** | Whether to force all client-to-server connections to be encrypted or not | _optional_ | true | +| **S2S_REQUIRE_ENCRYPTION** | Whether to force all server-to-server connections to be encrypted or not | _optional_ | true | +| **S2S_SECURE_AUTH** | Require encryption and certificate authentication | _optional_ | true | +| **SERVER_CONTACT_INFO_ABUSE** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:abuse@**DOMAIN**" | +| **SERVER_CONTACT_INFO_ADMIN** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:admin@**DOMAIN**" | +| **SERVER_CONTACT_INFO_FEEDBACK** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:feedback@**DOMAIN**" | +| **SERVER_CONTACT_INFO_SALES** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:sales@**DOMAIN**" | +| **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:security@**DOMAIN**" | +| **SERVER_CONTACT_INFO_SUPPORT** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:support@**DOMAIN**" | +| **PROSODY_ADMINS** | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net" | _optional_ | "" | +| **STORAGE** | Select the storage backend to load with the 'storage' configuration option. See [here](https://prosody.im/doc/storage). | _optional_ | "sql" | #### DNS You need these DNS record pointing to your server: -* domain.tld -* conference.domain.tld -* proxy.domain.tld -* pubsub.domain.tld -* upload.domain.tld -* A SRV record for _xmpps-client._tcp.domain.tld for port 5223. +- domain.tld +- conference.domain.tld +- proxy.domain.tld +- pubsub.domain.tld +- upload.domain.tld +- A SRV record for \_xmpps-client.\_tcp.domain.tld for port 5223. where domain.tld is the environment variable DOMAIN. ### Extend -There is a helper script that eases installing additional prosody modules: ```docker-prosody-module-install``` +There is a helper script that eases installing additional prosody modules: `docker-prosody-module-install` -It downloads the current [prosody-modules](https://hg.prosody.im/prosody-modules/) repository. The specified modules are copied and its name is added to the ```modules_enabled``` variable within ```conf.d/01-modules.cfg.lua```. +It downloads the current [prosody-modules](https://hg.prosody.im/prosody-modules/) repository. The specified modules are copied and its name is added to the `modules_enabled` variable within `conf.d/01-modules.cfg.lua`. -There is also ```docker-prosody-module-copy``` which copies the specified modules but does not add them to the ```modules_enabled``` variable within ```conf.d/01-modules.cfg.lua```. +There is also `docker-prosody-module-copy` which copies the specified modules but does not add them to the `modules_enabled` variable within `conf.d/01-modules.cfg.lua`. If you need additional configuration just overwrite the respective _cfg.lua_ file or add new ones. @@ -262,5 +263,5 @@ prosodyctl mod_storage_sql upgrade You can test your server with these websites: -* [IM Observatory](https://www.xmpp.net/) -* [XMPP Compliance Tester](https://compliance.conversations.im/) +- [IM Observatory](https://www.xmpp.net/) +- [XMPP Compliance Tester](https://compliance.conversations.im/) diff --git a/tests/docker-compose.yml b/tests/docker-compose.yml index f854381..5cfbc65 100644 --- a/tests/docker-compose.yml +++ b/tests/docker-compose.yml @@ -18,6 +18,24 @@ services: volumes: - ./certs:/usr/local/etc/prosody/certs + prosody_internal_storage: + image: prosody + restart: unless-stopped + ports: + - "5000:5000" + - "5222:5222" + - "5223:5223" + - "5269:5269" + - "5281:5281" + environment: + DOMAIN: localhost + E2E_POLICY_WHITELIST: "admin@localhost, user1@localhost" + LOG_LEVEL: debug + PROSODY_ADMINS: "admin@localhost, admin2@localhost" + STORAGE: "internal" + volumes: + - ./certs:/usr/local/etc/prosody/certs + prosody_postgres: image: prosody restart: unless-stopped @@ -45,7 +63,7 @@ services: - postgres postgres: - image: postgres:13-alpine + image: postgres:14-alpine restart: unless-stopped environment: POSTGRES_DB: prosody diff --git a/tests/test.bash b/tests/test.bash index 9646ab5..d16373f 100755 --- a/tests/test.bash +++ b/tests/test.bash @@ -69,3 +69,9 @@ sudo docker-compose up -d prosody registerTestUsers prosody runTests prosody sudo docker-compose down + +# Run tests for third container with internal storage +sudo docker-compose up -d prosody_internal_storage +registerTestUsers prosody_internal_storage +runTests prosody_internal_storage +sudo docker-compose down diff --git a/tests/tests-prosody_internal_storage.bats b/tests/tests-prosody_internal_storage.bats new file mode 100644 index 0000000..d7bc232 --- /dev/null +++ b/tests/tests-prosody_internal_storage.bats @@ -0,0 +1,21 @@ +# For tests with pipes see: https://github.com/sstephenson/bats/issues/10 + +load 'bats/bats-support/load' +load 'bats/bats-assert/load' + +# TODO +#@test "Should use internal storage" { +# run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\"" +# assert_failure +# assert_output +#} + +@test "Should not use sqlite" { + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\"" + assert_failure +} + +@test "Should not use postgres" { + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[PostgreSQL\] prosody\.\.\.\"" + assert_failure +} From bce67be67d9afb2e477ebece026a39de6fab566b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Wed, 24 Aug 2022 17:10:54 +0200 Subject: [PATCH 02/18] Renamed STORAGE to DEFAULT_STORAGE. Added ARCHIVE_STORE and STORAGE_ARCHIVE2. --- conf.d/02-storage.cfg.lua | 7 +-- docker-entrypoint.bash | 4 +- readme.md | 62 ++++++++++--------- tests/docker-compose.yml | 22 ++++++- tests/test.bash | 10 ++- ...ests-prosody_internal_storage_archive.bats | 21 +++++++ tests/tests.bats | 5 ++ 7 files changed, 93 insertions(+), 38 deletions(-) create mode 100644 tests/tests-prosody_internal_storage_archive.bats diff --git a/conf.d/02-storage.cfg.lua b/conf.d/02-storage.cfg.lua index 05cdb2d..f03f0bd 100644 --- a/conf.d/02-storage.cfg.lua +++ b/conf.d/02-storage.cfg.lua @@ -1,4 +1,4 @@ -default_storage = os.getenv("STORAGE") +default_storage = os.getenv("DEFAULT_STORAGE") sql = { driver = os.getenv("DB_DRIVER"); @@ -9,12 +9,11 @@ sql = { password = os.getenv("DB_PASSWORD"); } --- make 0.10-distributed mod_mam use sql store -archive_store = "archive2" -- Use the same data store as prosody-modules mod_mam +archive_store = os.getenv("ARCHIVE_STORE") storage = { -- this makes mod_mam use the sql storage backend - archive2 = os.getenv("STORAGE"); + archive2 = os.getenv("STORAGE_ARCHIVE2"); } -- https://modules.prosody.im/mod_mam.html diff --git a/docker-entrypoint.bash b/docker-entrypoint.bash index 2f20e9b..b4f0035 100755 --- a/docker-entrypoint.bash +++ b/docker-entrypoint.bash @@ -2,6 +2,8 @@ set -e export ALLOW_REGISTRATION=${ALLOW_REGISTRATION:-true} +export ARCHIVE_STORE=${ARCHIVE_STORE:-"archive2"} +export DEFAULT_STORAGE=${DEFAULT_STORAGE:-"sql"} export DOMAIN_HTTP_UPLOAD=${DOMAIN_HTTP_UPLOAD:-"upload.$DOMAIN"} export DOMAIN_MUC=${DOMAIN_MUC:-"conference.$DOMAIN"} export DOMAIN_PROXY=${DOMAIN_PROXY:-"proxy.$DOMAIN"} @@ -21,7 +23,7 @@ export SERVER_CONTACT_INFO_FEEDBACK=${SERVER_CONTACT_INFO_FEEDBACK:-"xmpp:feedba export SERVER_CONTACT_INFO_SALES=${SERVER_CONTACT_INFO_SALES:-"xmpp:sales@$DOMAIN"} export SERVER_CONTACT_INFO_SECURITY=${SERVER_CONTACT_INFO_SECURITY:-"xmpp:security@$DOMAIN"} export SERVER_CONTACT_INFO_SUPPORT=${SERVER_CONTACT_INFO_SUPPORT:-"xmpp:support@$DOMAIN"} -export STORAGE=${STORAGE:-"sql"} +export STORAGE_ARCHIVE2=${STORAGE_ARCHIVE2:-"sql"} export PROSODY_ADMINS=${PROSODY_ADMINS:-""} if [[ "$1" != "prosody" ]]; then diff --git a/readme.md b/readme.md index 6c1208f..3a2880a 100644 --- a/readme.md +++ b/readme.md @@ -150,7 +150,7 @@ Check [Volumes permissions](#volumes-permissions) as well. I recommend using a `docker-compose.yml` file: ```yaml -version: '3.7' +version: "3.7" services: server: @@ -197,35 +197,37 @@ sudo chown 999:999 ./data #### Environment variables -| Variable | Description | Type | Default value | -| -------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------- | -| **ALLOW_REGISTRATION** | Whether to allow registration of new accounts via Jabber clients | _optional_ | true | -| **DOMAIN** | domain | **required** | null | -| **DOMAIN_HTTP_UPLOAD** | Domain which lets clients upload files over HTTP | _optional_ | upload.**DOMAIN** | -| **DOMAIN_MUC** | Domain for Multi-user chat (MUC) for allowing you to create hosted chatrooms/conferences for XMPP users | _optional_ | conference.**DOMAIN** | -| **DOMAIN_PROXY** | Domain for SOCKS5 bytestream proxy for server-proxied file transfers | _optional_ | proxy.**DOMAIN** | -| **DOMAIN_PUBSUB** | Domain for a XEP-0060 pubsub service | _optional_ | pubsub.**DOMAIN** | -| **DB_DRIVER** | May also be "PostgreSQL" or "MySQL" or "SQLite3" (case sensitive!) | _optional_ | SQLite3 | -| **DB_DATABASE** | The database name to use. For SQLite3 this the database filename (relative to the data storage directory). | _optional_ | prosody.sqlite | -| **DB_HOST** | The address of the database server | _optional_ | | -| **DB_PORT** | Port on which the database is listening | _optional_ | | -| **DB_USERNAME** | The username to authenticate to the database | _optional_ | | -| **DB_PASSWORD** | The password to authenticate to the database | _optional_ | | -| **E2E_POLICY_CHAT** | Policy for chat messages. Possible values: "none", "optional" and "required". | _optional_ | "required" | -| **E2E_POLICY_MUC** | Policy for MUC messages. Possible values: "none", "optional" and "required". | _optional_ | "required" | -| **E2E_POLICY_WHITELIST** | Make this module ignore messages sent to and from this JIDs or MUCs. | _optional_ | "" | -| **LOG_LEVEL** | Min log level. Change to debug for more information | _optional_ | info | -| **C2S_REQUIRE_ENCRYPTION** | Whether to force all client-to-server connections to be encrypted or not | _optional_ | true | -| **S2S_REQUIRE_ENCRYPTION** | Whether to force all server-to-server connections to be encrypted or not | _optional_ | true | -| **S2S_SECURE_AUTH** | Require encryption and certificate authentication | _optional_ | true | -| **SERVER_CONTACT_INFO_ABUSE** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:abuse@**DOMAIN**" | -| **SERVER_CONTACT_INFO_ADMIN** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:admin@**DOMAIN**" | -| **SERVER_CONTACT_INFO_FEEDBACK** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:feedback@**DOMAIN**" | -| **SERVER_CONTACT_INFO_SALES** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:sales@**DOMAIN**" | -| **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:security@**DOMAIN**" | -| **SERVER_CONTACT_INFO_SUPPORT** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:support@**DOMAIN**" | -| **PROSODY_ADMINS** | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net" | _optional_ | "" | -| **STORAGE** | Select the storage backend to load with the 'storage' configuration option. See [here](https://prosody.im/doc/storage). | _optional_ | "sql" | +| Variable | Description | Type | Default value | +| -------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------- | +| **ALLOW_REGISTRATION** | Whether to allow registration of new accounts via Jabber clients | _optional_ | true | +| **DOMAIN** | domain | **required** | null | +| **DOMAIN_HTTP_UPLOAD** | Domain which lets clients upload files over HTTP | _optional_ | upload.**DOMAIN** | +| **DOMAIN_MUC** | Domain for Multi-user chat (MUC) for allowing you to create hosted chatrooms/conferences for XMPP users | _optional_ | conference.**DOMAIN** | +| **DOMAIN_PROXY** | Domain for SOCKS5 bytestream proxy for server-proxied file transfers | _optional_ | proxy.**DOMAIN** | +| **DOMAIN_PUBSUB** | Domain for a XEP-0060 pubsub service | _optional_ | pubsub.**DOMAIN** | +| **DB_DRIVER** | May also be "PostgreSQL" or "MySQL" or "SQLite3" (case sensitive!) | _optional_ | SQLite3 | +| **DB_DATABASE** | The database name to use. For SQLite3 this the database filename (relative to the data storage directory). | _optional_ | prosody.sqlite | +| **DB_HOST** | The address of the database server | _optional_ | | +| **DB_PORT** | Port on which the database is listening | _optional_ | | +| **DB_USERNAME** | The username to authenticate to the database | _optional_ | | +| **DB_PASSWORD** | The password to authenticate to the database | _optional_ | | +| **E2E_POLICY_CHAT** | Policy for chat messages. Possible values: "none", "optional" and "required". | _optional_ | "required" | +| **E2E_POLICY_MUC** | Policy for MUC messages. Possible values: "none", "optional" and "required". | _optional_ | "required" | +| **E2E_POLICY_WHITELIST** | Make this module ignore messages sent to and from this JIDs or MUCs. | _optional_ | "" | +| **LOG_LEVEL** | Min log level. Change to debug for more information | _optional_ | info | +| **C2S_REQUIRE_ENCRYPTION** | Whether to force all client-to-server connections to be encrypted or not | _optional_ | true | +| **S2S_REQUIRE_ENCRYPTION** | Whether to force all server-to-server connections to be encrypted or not | _optional_ | true | +| **S2S_SECURE_AUTH** | Require encryption and certificate authentication | _optional_ | true | +| **SERVER_CONTACT_INFO_ABUSE** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:abuse@**DOMAIN**" | +| **SERVER_CONTACT_INFO_ADMIN** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:admin@**DOMAIN**" | +| **SERVER_CONTACT_INFO_FEEDBACK** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:feedback@**DOMAIN**" | +| **SERVER_CONTACT_INFO_SALES** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:sales@**DOMAIN**" | +| **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:security@**DOMAIN**" | +| **SERVER_CONTACT_INFO_SUPPORT** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:support@**DOMAIN**" | +| **PROSODY_ADMINS** | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net" | _optional_ | "" | +| **DEFAULT_STORAGE** | Select the storage backend to load with the 'storage' configuration option. See [here](https://prosody.im/doc/storage). | _optional_ | "sql" | +| **ARCHIVE_STORE** | Select the archive store. 'archive' or 'archive2'. See [here](https://prosody.im/doc/storage). | _optional_ | "archive2" | +| **STORAGE_ARCHIVE2** | Select the storage backend to load with the 'storage.archive2' configuration option. See [here](https://prosody.im/doc/storage). | _optional_ | "sql" | #### DNS diff --git a/tests/docker-compose.yml b/tests/docker-compose.yml index 5cfbc65..fff9c10 100644 --- a/tests/docker-compose.yml +++ b/tests/docker-compose.yml @@ -32,7 +32,27 @@ services: E2E_POLICY_WHITELIST: "admin@localhost, user1@localhost" LOG_LEVEL: debug PROSODY_ADMINS: "admin@localhost, admin2@localhost" - STORAGE: "internal" + DEFAULT_STORAGE: "internal" + STORAGE_ARCHIVE2: "internal" + volumes: + - ./certs:/usr/local/etc/prosody/certs + + prosody_internal_storage_archive: + image: prosody + restart: unless-stopped + ports: + - "5000:5000" + - "5222:5222" + - "5223:5223" + - "5269:5269" + - "5281:5281" + environment: + DOMAIN: localhost + E2E_POLICY_WHITELIST: "admin@localhost, user1@localhost" + LOG_LEVEL: debug + PROSODY_ADMINS: "admin@localhost, admin2@localhost" + DEFAULT_STORAGE: "internal" + ARCHIVE_STORE: "archive" volumes: - ./certs:/usr/local/etc/prosody/certs diff --git a/tests/test.bash b/tests/test.bash index d16373f..c74c561 100755 --- a/tests/test.bash +++ b/tests/test.bash @@ -64,14 +64,20 @@ registerTestUsers prosody_postgres runTests prosody_postgres sudo docker-compose down -# Run tests for second container with SQLite +# Run tests for container with SQLite sudo docker-compose up -d prosody registerTestUsers prosody runTests prosody sudo docker-compose down -# Run tests for third container with internal storage +# Run tests for container with internal storage and archive store archive2 sudo docker-compose up -d prosody_internal_storage registerTestUsers prosody_internal_storage runTests prosody_internal_storage sudo docker-compose down + +# Run tests for container with internal storage and archive store archive +sudo docker-compose up -d prosody_internal_storage_archive +registerTestUsers prosody_internal_storage_archive +runTests prosody_internal_storage_archive +sudo docker-compose down diff --git a/tests/tests-prosody_internal_storage_archive.bats b/tests/tests-prosody_internal_storage_archive.bats new file mode 100644 index 0000000..d7bc232 --- /dev/null +++ b/tests/tests-prosody_internal_storage_archive.bats @@ -0,0 +1,21 @@ +# For tests with pipes see: https://github.com/sstephenson/bats/issues/10 + +load 'bats/bats-support/load' +load 'bats/bats-assert/load' + +# TODO +#@test "Should use internal storage" { +# run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\"" +# assert_failure +# assert_output +#} + +@test "Should not use sqlite" { + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\"" + assert_failure +} + +@test "Should not use postgres" { + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[PostgreSQL\] prosody\.\.\.\"" + assert_failure +} diff --git a/tests/tests.bats b/tests/tests.bats index bbac09d..3dc1760 100644 --- a/tests/tests.bats +++ b/tests/tests.bats @@ -86,3 +86,8 @@ load 'bats/bats-assert/load' assert_success assert_output } + +@test "Should not have any sql errors" { + run bash -c "sudo docker-compose logs $batsContainerName | grep --ignore-case Error in SQL transaction" + assert_failure +} From 4fd9603a56c21a2f4b1b8f7712848b22e781fff2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Wed, 24 Aug 2022 17:54:17 +0200 Subject: [PATCH 03/18] Update CHANGELOG.md --- CHANGELOG.md | 75 ++++++++++++++++++++++++++++------------------------ 1 file changed, 40 insertions(+), 35 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ffb3143..1a88e34 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,38 +2,43 @@ ## Unreleased -* Nothing +- Nothing ## v1.2.9 -* New environment variable STORAGE was added. Defaults to `sql` like before. See [prosody docs](https://prosody.im/doc/storage). This fixes [#38](https://github.com/SaraSmiseth/prosody/issues/38). -* New tests for a container with STORAGE set to `internal`. +- New environment variables to configure storage were added. + Added DEFAULT_STORAGE and STORAGE_ARCHIVE2 which default to `sql` for backward compatibility. + Added ARCHIVE_STORE which defaults to `archive2` for backward compatibility. + See [prosody docs](https://prosody.im/doc/storage) for information on prosody storage. + This fixes [#38](https://github.com/SaraSmiseth/prosody/issues/38). +- New tests for a container with DEFAULT_STORAGE set to `internal`. + New tests for a container with DEFAULT_STORAGE set to `internal` and ARCHIVE_STORE set to `archive`. ## v1.2.8 -* Updated to Prosody version [0.12.1](https://blog.prosody.im/prosody-0.12.1-released/). +- Updated to Prosody version [0.12.1](https://blog.prosody.im/prosody-0.12.1-released/). ## v1.2.7 -* Updated to Prosody version [0.12.0](https://blog.prosody.im/prosody-0.12.0-released/). -* Updated luarocks to version 3.9.0. +- Updated to Prosody version [0.12.0](https://blog.prosody.im/prosody-0.12.0-released/). +- Updated luarocks to version 3.9.0. ## v1.2.6 -* Updated to Prosody version [0.11.13](https://blog.prosody.im/prosody-0.11.13-released/). +- Updated to Prosody version [0.11.13](https://blog.prosody.im/prosody-0.11.13-released/). ## v1.2.5 -* Updated to Prosody version [0.11.12](https://blog.prosody.im/prosody-0.11.12-released/). +- Updated to Prosody version [0.11.12](https://blog.prosody.im/prosody-0.11.12-released/). ## v1.2.4 -* Updated to Prosody version [0.11.11](https://blog.prosody.im/prosody-0.11.11-released/). -* Updated luarocks to version 3.8.0. +- Updated to Prosody version [0.11.11](https://blog.prosody.im/prosody-0.11.11-released/). +- Updated luarocks to version 3.8.0. ## v1.2.3 -* Updated to Prosody version [0.11.10](https://blog.prosody.im/prosody-0.11.10-released/). +- Updated to Prosody version [0.11.10](https://blog.prosody.im/prosody-0.11.10-released/). ## v1.2.2 @@ -41,81 +46,81 @@ ## v1.2.1 -* Updated to Prosody version [0.11.9](https://blog.prosody.im/prosody-0.11.9-released/). +- Updated to Prosody version [0.11.9](https://blog.prosody.im/prosody-0.11.9-released/). ## v1.2.0 ### New features -* New environment variables for database settings. It is now possible to use MariaDB or Postgres instead of SQLite. SQLite is the default. See [README](https://github.com/SaraSmiseth/prosody#environment-variables). +- New environment variables for database settings. It is now possible to use MariaDB or Postgres instead of SQLite. SQLite is the default. See [README](https://github.com/SaraSmiseth/prosody#environment-variables). ### Updates -* Updated luarocks to version 3.7.0. +- Updated luarocks to version 3.7.0. ## v1.1.4 ### Updates -* Updated to Prosody version [0.11.8](https://blog.prosody.im/prosody-0.11.8-released/). -* Updated luarocks to version 3.5.0. +- Updated to Prosody version [0.11.8](https://blog.prosody.im/prosody-0.11.8-released/). +- Updated luarocks to version 3.5.0. ## v1.1.3 ### New features -* Set pidfile in prosody.cfg.lua. -* Created a tests folder which contains pytest and bats tests. +- Set pidfile in prosody.cfg.lua. +- Created a tests folder which contains pytest and bats tests. ### Bug fixes -* Fixed using list ENV variables with multiple values. +- Fixed using list ENV variables with multiple values. ## v1.1.2 ### Updates -* Updated to Prosody version [0.11.7](https://blog.prosody.im/prosody-0.11.7-released/). -* Updated luarocks to version 3.4.0. +- Updated to Prosody version [0.11.7](https://blog.prosody.im/prosody-0.11.7-released/). +- Updated luarocks to version 3.4.0. ### New features -* Made 04-server_contact_info.cfg.lua configurable with ENV variables. Fixes [#4](https://github.com/SaraSmiseth/prosody/issues/4). -* Made 03-e2e-policy.cfg.lua configurable with ENV variables. Fixes [#9](https://github.com/SaraSmiseth/prosody/issues/9). -* Added E2E_POLICY_WHITELIST ENV variable to configure e2e_policy_whitelist. Fixes [#10](https://github.com/SaraSmiseth/prosody/issues/10). +- Made 04-server_contact_info.cfg.lua configurable with ENV variables. Fixes [#4](https://github.com/SaraSmiseth/prosody/issues/4). +- Made 03-e2e-policy.cfg.lua configurable with ENV variables. Fixes [#9](https://github.com/SaraSmiseth/prosody/issues/9). +- Added E2E_POLICY_WHITELIST ENV variable to configure e2e_policy_whitelist. Fixes [#10](https://github.com/SaraSmiseth/prosody/issues/10). ### Bug fixes -* Cherry picked [commit](https://github.com/zipizap/prosody/commit/fa13a990a1b87745ae5f5fe8297cb0669f9e8779) from [zipizap/prosody](https://github.com/zipizap/prosody) which fixes a bug with env-vars not beeing initialized. +- Cherry picked [commit](https://github.com/zipizap/prosody/commit/fa13a990a1b87745ae5f5fe8297cb0669f9e8779) from [zipizap/prosody](https://github.com/zipizap/prosody) which fixes a bug with env-vars not beeing initialized. ### Other changes -* Changed hashing of downloaded packages in Dockerfile to sha256. +- Changed hashing of downloaded packages in Dockerfile to sha256. ## v1.1.1 -* Updated to Prosody version [0.11.6](https://blog.prosody.im/prosody-0.11.6-released/). -* Replace "master" with "dev". +- Updated to Prosody version [0.11.6](https://blog.prosody.im/prosody-0.11.6-released/). +- Replace "master" with "dev". ## v1.1.0 ### New features -* Enable "announce" and "lastactivity" modules. -* Add PROSODY_ADMINS to specify who is an administrator. Fixes #7 +- Enable "announce" and "lastactivity" modules. +- Add PROSODY_ADMINS to specify who is an administrator. Fixes #7 ### Breaking changes -* Move global ssl section to https_ssl and legacy_ssl_ssl section. It is only needed there. #3 - * +- Move global ssl section to https_ssl and legacy_ssl_ssl section. It is only needed there. #3 + - As explained in the [README](https://github.com/SaraSmiseth/prosody#ssl-certificates) this setup uses automatic location to find your certs. This did not work correctly before this change. It just always used the main certificate defined with the global `ssl` config setting. This setting was removed and for the [services](https://prosody.im/doc/certificates#service_certificates) that do not use automatic location new global settings were introduced. These are `legacy_ssl_ssl` and `https_ssl`. ### Other changes -* Add badges to README. Fixes #5. -* Add link to official documentation on certificate permissions to README. Related to #3 +- Add badges to README. Fixes #5. +- Add link to official documentation on certificate permissions to README. Related to #3 ## v1.0.0 -* First version +- First version From 8d068580ea6073b9d8d71f886c52e1c753ed3c42 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Fri, 2 Sep 2022 09:07:43 +0200 Subject: [PATCH 04/18] Update luarocks to 3.9.1 --- CHANGELOG.md | 1 + Dockerfile | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1a88e34..983d906 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ This fixes [#38](https://github.com/SaraSmiseth/prosody/issues/38). - New tests for a container with DEFAULT_STORAGE set to `internal`. New tests for a container with DEFAULT_STORAGE set to `internal` and ARCHIVE_STORE set to `archive`. +- Updated luarocks to version 3.9.1. ## v1.2.8 diff --git a/Dockerfile b/Dockerfile index 5219e99..62c4fb5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,10 +4,10 @@ ARG BUILD_DATE ARG VCS_REF ARG VERSION -ARG LUAROCKS_VERSION=3.9.0 +ARG LUAROCKS_VERSION=3.9.1 ARG PROSODY_VERSION=0.12.1 -ARG LUAROCKS_SHA256=5e840f0224891de96be4139e9475d3b1de7af3a32b95c1bdf05394563c60175f +ARG LUAROCKS_SHA256=ffafd83b1c42aa38042166a59ac3b618c838ce4e63f4ace9d961a5679ef58253 ARG PROSODY_DOWNLOAD_SHA256=a7ecbbe41f01a4251805593ac6d15dbc6cb75d9c7a876c76b456cf74ff4b90e5 LABEL luarocks.version="${LUAROCKS_VERSION}" From f7fcfd5d88e3a98b4cdd4cfb583d7a15eaca8d1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Thu, 23 Feb 2023 16:22:36 +0100 Subject: [PATCH 05/18] Update prosody and luarocks (#48) * Update prosody to version 0.12.3. * Update luarocks to version 3.9.2 --- Dockerfile | 8 ++++---- tests/test.bash | 1 + 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5219e99..6f24959 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,11 +4,11 @@ ARG BUILD_DATE ARG VCS_REF ARG VERSION -ARG LUAROCKS_VERSION=3.9.0 -ARG PROSODY_VERSION=0.12.1 +ARG LUAROCKS_VERSION=3.9.2 +ARG PROSODY_VERSION=0.12.3 -ARG LUAROCKS_SHA256=5e840f0224891de96be4139e9475d3b1de7af3a32b95c1bdf05394563c60175f -ARG PROSODY_DOWNLOAD_SHA256=a7ecbbe41f01a4251805593ac6d15dbc6cb75d9c7a876c76b456cf74ff4b90e5 +ARG LUAROCKS_SHA256=bca6e4ecc02c203e070acdb5f586045d45c078896f6236eb46aa33ccd9b94edb +ARG PROSODY_DOWNLOAD_SHA256=35da0d031ff46040a2d638e004d4255e249b6323fe6212db9ddd76b401db2101 LABEL luarocks.version="${LUAROCKS_VERSION}" LABEL org.opencontainers.image.authors="Sara Smiseth" diff --git a/tests/test.bash b/tests/test.bash index 9646ab5..401189b 100755 --- a/tests/test.bash +++ b/tests/test.bash @@ -18,6 +18,7 @@ generateCert() { registerTestUser() { local userName="$1" local containerName="$2" + echo "Registering TestUser '$userName' in container '$containerName'" sudo docker compose exec "$containerName" /bin/bash -c "/entrypoint.bash register $userName localhost 12345678" } From 81e9c1abd95f798160726f6140afe6527ef7589e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Sat, 25 Mar 2023 11:23:51 +0100 Subject: [PATCH 06/18] Add LDAP authentication support to Prosody (#50) This commit adds support for LDAP authentication. The Dockerfile has been modified to install the required Lua modules (lua-ldap) and the prosody.cfg.lua file has been modified to add environment variables for configuring the LDAP connection. These environment variables include LDAP_BASE, LDAP_SERVER, LDAP_ROOTDN, LDAP_PASSWORD, LDAP_FILTER, LDAP_SCOPE, LDAP_TLS, LDAP_MODE, and LDAP_ADMIN_FILTER. The authentication variable has also been updated to use the value of the AUTHENTICATION environment variable, which defaults to "internal_hashed" if not set. This allows users to configure Prosody to use LDAP for authentication instead of the default internal hashing method. * Update test dependencies: aioxmpp, pytest-asyncio + add pytz to requirements.txt This fixes the following error when running the tests: E ModuleNotFoundError: No module named 'pytz' Instead of pytz only pytz-deprecation-shim was installed. TODO Check if "pytz" can be removed from requirements.txt later on. --- Dockerfile | 1 + prosody.cfg.lua | 12 +++++++- readme.md | 66 ++++++++++++++++++++++++------------------ tests/requirements.txt | 5 ++-- 4 files changed, 53 insertions(+), 31 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6f24959..f973ab6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -35,6 +35,7 @@ RUN apt-get update \ lua-dbi-mysql \ lua-expat \ lua-filesystem \ + lua-ldap \ lua-socket \ lua-sec \ lua-unbound \ diff --git a/prosody.cfg.lua b/prosody.cfg.lua index f0b0f3c..5405242 100644 --- a/prosody.cfg.lua +++ b/prosody.cfg.lua @@ -15,7 +15,17 @@ c2s_require_encryption = os.getenv("C2S_REQUIRE_ENCRYPTION"); s2s_require_encryption = os.getenv("S2S_REQUIRE_ENCRYPTION"); s2s_secure_auth = os.getenv("S2S_SECURE_AUTH"); -authentication = "internal_hashed"; +authentication = os.getenv("AUTHENTICATION") or "internal_hashed"; + +ldap_base = os.getenv("LDAP_BASE"); +ldap_server = os.getenv("LDAP_SERVER") or "localhost"; +ldap_rootdn = os.getenv("LDAP_ROOTDN") or ""; +ldap_password = os.getenv("LDAP_PASSWORD") or ""; +ldap_filter = os.getenv("LDAP_FILTER") or "(uid=$user)"; +ldap_scope = os.getenv("LDAP_SCOPE") or "subtree"; +ldap_tls = os.getenv("LDAP_TLS") or "false"; +ldap_mode = os.getenv("LDAP_MODE") or "bind"; +ldap_admin_filter = os.getenv("LDAP_ADMIN_FILTER") or ""; log = { {levels = {min = os.getenv("LOG_LEVEL")}, to = "console"}; diff --git a/readme.md b/readme.md index c127e4a..8abec2f 100644 --- a/readme.md +++ b/readme.md @@ -197,34 +197,44 @@ sudo chown 999:999 ./data #### Environment variables -| Variable | Description | Type | Default value | -| -------------------------------- | -------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------- | -| **ALLOW_REGISTRATION** | Whether to allow registration of new accounts via Jabber clients | *optional* | true | -| **DOMAIN** | domain | **required** | null | -| **DOMAIN_HTTP_UPLOAD** | Domain which lets clients upload files over HTTP | *optional* | upload.**DOMAIN** | -| **DOMAIN_MUC** | Domain for Multi-user chat (MUC) for allowing you to create hosted chatrooms/conferences for XMPP users | *optional* | conference.**DOMAIN** | -| **DOMAIN_PROXY** | Domain for SOCKS5 bytestream proxy for server-proxied file transfers | *optional* | proxy.**DOMAIN** | -| **DOMAIN_PUBSUB** | Domain for a XEP-0060 pubsub service | *optional* | pubsub.**DOMAIN** | -| **DB_DRIVER** | May also be "PostgreSQL" or "MySQL" or "SQLite3" (case sensitive!) | *optional* | SQLite3 | -| **DB_DATABASE** | The database name to use. For SQLite3 this the database filename (relative to the data storage directory). | *optional* | prosody.sqlite | -| **DB_HOST** | The address of the database server | *optional* | | -| **DB_PORT** | Port on which the database is listening | *optional* | | -| **DB_USERNAME** | The username to authenticate to the database | *optional* | | -| **DB_PASSWORD** | The password to authenticate to the database | *optional* | | -| **E2E_POLICY_CHAT** | Policy for chat messages. Possible values: "none", "optional" and "required". | *optional* | "required" | -| **E2E_POLICY_MUC** | Policy for MUC messages. Possible values: "none", "optional" and "required". | *optional* | "required" | -| **E2E_POLICY_WHITELIST** | Make this module ignore messages sent to and from this JIDs or MUCs. | *optional* | "" | -| **LOG_LEVEL** | Min log level. Change to debug for more information | *optional* | info | -| **C2S_REQUIRE_ENCRYPTION** | Whether to force all client-to-server connections to be encrypted or not | *optional* | true | -| **S2S_REQUIRE_ENCRYPTION** | Whether to force all server-to-server connections to be encrypted or not | *optional* | true | -| **S2S_SECURE_AUTH** | Require encryption and certificate authentication | *optional* | true | -| **SERVER_CONTACT_INFO_ABUSE** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:abuse@**DOMAIN**" | -| **SERVER_CONTACT_INFO_ADMIN** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:admin@**DOMAIN**" | -| **SERVER_CONTACT_INFO_FEEDBACK** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:feedback@**DOMAIN**" | -| **SERVER_CONTACT_INFO_SALES** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:sales@**DOMAIN**" | -| **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:security@**DOMAIN**" | -| **SERVER_CONTACT_INFO_SUPPORT** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:support@**DOMAIN**" | -| **PROSODY_ADMINS** | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net" | *optional* | "" | +| Variable | Description | Type | Default value | +| -------------------------------- | -------------------------------------------------------------------------------------------------------------------- | -------------------------------------------- | -------------------------- | +| **ALLOW_REGISTRATION** | Whether to allow registration of new accounts via Jabber clients | *optional* | true | +| **DOMAIN** | domain | **required** | null | +| **DOMAIN_HTTP_UPLOAD** | Domain which lets clients upload files over HTTP | *optional* | upload.**DOMAIN** | +| **DOMAIN_MUC** | Domain for Multi-user chat (MUC) for allowing you to create hosted chatrooms/conferences for XMPP users | *optional* | conference.**DOMAIN** | +| **DOMAIN_PROXY** | Domain for SOCKS5 bytestream proxy for server-proxied file transfers | *optional* | proxy.**DOMAIN** | +| **DOMAIN_PUBSUB** | Domain for a XEP-0060 pubsub service | *optional* | pubsub.**DOMAIN** | +| **AUTHENTICATION** | authentication | *optional* | "internal_hashed" | +| **LDAP_BASE** | LDAP base directory which stores user accounts | **required** if **AUTHENTICATION** is "ldap" | | +| **LDAP_SERVER** | Space-separated list of hostnames or IPs, optionally with port numbers (e.g. “localhost:8389”) | *optional* | "localhost" | +| **LDAP_ROOTDN** | The distinguished name to auth against | *optional* | "" | +| **LDAP_PASSWORD** | Password for rootdn | *optional* | "" | +| **LDAP_FILTER** | Search filter, with $user and $host substituted for user- and hostname | *optional* | "(uid=$user)" | +| **LDAP_SCOPE** | Search scope. other values: “base” and “onelevel” | *optional* | "subtree" | +| **LDAP_TLS** | Enable TLS (StartTLS) to connect to LDAP (can be true or false). The non-standard ‘LDAPS’ protocol is not supported. | *optional* | "false" | +| **LDAP_MODE** | How passwords are validated. | *optional* | "bind" | +| **LDAP_ADMIN_FILTER** | Search filter to match admins, works like ldap_filter | *optional* | "" | +| **DB_DRIVER** | May also be "PostgreSQL" or "MySQL" or "SQLite3" (case sensitive!) | *optional* | SQLite3 | +| **DB_DATABASE** | The database name to use. For SQLite3 this the database filename (relative to the data storage directory). | *optional* | prosody.sqlite | +| **DB_HOST** | The address of the database server | *optional* | | +| **DB_PORT** | Port on which the database is listening | *optional* | | +| **DB_USERNAME** | The username to authenticate to the database | *optional* | | +| **DB_PASSWORD** | The password to authenticate to the database | *optional* | | +| **E2E_POLICY_CHAT** | Policy for chat messages. Possible values: "none", "optional" and "required". | *optional* | "required" | +| **E2E_POLICY_MUC** | Policy for MUC messages. Possible values: "none", "optional" and "required". | *optional* | "required" | +| **E2E_POLICY_WHITELIST** | Make this module ignore messages sent to and from this JIDs or MUCs. | *optional* | "" | +| **LOG_LEVEL** | Min log level. Change to debug for more information | *optional* | info | +| **C2S_REQUIRE_ENCRYPTION** | Whether to force all client-to-server connections to be encrypted or not | *optional* | true | +| **S2S_REQUIRE_ENCRYPTION** | Whether to force all server-to-server connections to be encrypted or not | *optional* | true | +| **S2S_SECURE_AUTH** | Require encryption and certificate authentication | *optional* | true | +| **SERVER_CONTACT_INFO_ABUSE** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:abuse@**DOMAIN**" | +| **SERVER_CONTACT_INFO_ADMIN** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:admin@**DOMAIN**" | +| **SERVER_CONTACT_INFO_FEEDBACK** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:feedback@**DOMAIN**" | +| **SERVER_CONTACT_INFO_SALES** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:sales@**DOMAIN**" | +| **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:security@**DOMAIN**" | +| **SERVER_CONTACT_INFO_SUPPORT** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:support@**DOMAIN**" | +| **PROSODY_ADMINS** | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net" | *optional* | "" | #### DNS diff --git a/tests/requirements.txt b/tests/requirements.txt index c97b92d..cfbef74 100644 --- a/tests/requirements.txt +++ b/tests/requirements.txt @@ -1,3 +1,4 @@ -aioxmpp==0.13.2 +aioxmpp==0.13.3 pip-chill==1.0.1 -pytest-asyncio==0.18.3 +pytest-asyncio==0.21.0 +pytz==2022.7.1 From e6415fa51306dcb182f250c9b968131e6fdeff74 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Tue, 28 Mar 2023 08:08:01 +0200 Subject: [PATCH 07/18] Add tests for prosody with LDAP authentication (#53) This commit updates the docker-compose.yml file to use example.com domain instead of localhost. It also adds a new Prosody instance using LDAP authentication with glauth as the backend. The commit also includes a new file config.cfg for the glauth server configuration. --- tests/docker-compose.yml | 45 ++++++++++++++++++++++++------ tests/glauth/config.cfg | 52 +++++++++++++++++++++++++++++++++++ tests/test.bash | 27 ++++++++++-------- tests/test_prosody.py | 25 +++++++++-------- tests/tests-prosody_ldap.bats | 16 +++++++++++ tests/tests.bats | 24 ++++++++-------- 6 files changed, 146 insertions(+), 43 deletions(-) create mode 100644 tests/glauth/config.cfg create mode 100644 tests/tests-prosody_ldap.bats diff --git a/tests/docker-compose.yml b/tests/docker-compose.yml index f854381..d2cc6d2 100644 --- a/tests/docker-compose.yml +++ b/tests/docker-compose.yml @@ -1,4 +1,4 @@ -version: '3.9' +version: "3.9" services: prosody: @@ -11,10 +11,10 @@ services: - "5269:5269" - "5281:5281" environment: - DOMAIN: localhost - E2E_POLICY_WHITELIST: "admin@localhost, user1@localhost" + DOMAIN: example.com + E2E_POLICY_WHITELIST: "admin@example.com, user1@example.com" LOG_LEVEL: debug - PROSODY_ADMINS: "admin@localhost, admin2@localhost" + PROSODY_ADMINS: "admin@example.com, admin2@example.com" volumes: - ./certs:/usr/local/etc/prosody/certs @@ -28,10 +28,10 @@ services: - "5269:5269" - "5281:5281" environment: - DOMAIN: localhost - E2E_POLICY_WHITELIST: "admin@localhost, user1@localhost" + DOMAIN: example.com + E2E_POLICY_WHITELIST: "admin@example.com, user1@example.com" LOG_LEVEL: debug - PROSODY_ADMINS: "admin@localhost, admin2@localhost" + PROSODY_ADMINS: "admin@example.com, admin2@example.com" #DB_DRIVER: "MySQL" DB_DRIVER: "PostgreSQL" DB_DATABASE: "prosody" @@ -45,9 +45,38 @@ services: - postgres postgres: - image: postgres:13-alpine + image: postgres:15-alpine restart: unless-stopped environment: POSTGRES_DB: prosody POSTGRES_USER: prosody POSTGRES_PASSWORD: prosody + + prosody_ldap: + image: prosody + restart: unless-stopped + ports: + - "5000:5000" + - "5222:5222" + - "5223:5223" + - "5269:5269" + - "5281:5281" + environment: + DOMAIN: example.com + E2E_POLICY_WHITELIST: "admin@example.com, user1@example.com" + LOG_LEVEL: debug + PROSODY_ADMINS: "admin@example.com, admin2@example.com" + AUTHENTICATION: "ldap" + LDAP_BASE: "dc=example,dc=com" + LDAP_SERVER: "glauth" + LDAP_ROOTDN: "cn=svc,dc=example,dc=com" + LDAP_PASSWORD: "12345678" + volumes: + - ./certs:/usr/local/etc/prosody/certs + depends_on: + - glauth + + glauth: + image: glauth/glauth + volumes: + - "./glauth/config.cfg:/app/config/config.cfg" diff --git a/tests/glauth/config.cfg b/tests/glauth/config.cfg new file mode 100644 index 0000000..f180ac4 --- /dev/null +++ b/tests/glauth/config.cfg @@ -0,0 +1,52 @@ +[ldap] + enabled = true + listen = "0.0.0.0:389" + +[ldaps] + enabled = false + +[backend] + datastore = "config" + baseDN = "dc=example,dc=com" + +[[groups]] + name = "svc" + gidnumber = 5500 + +[[groups]] + name = "people" + gidnumber = 5501 + +[[users]] + name = "svc" + uidnumber = 5000 + primarygroup = 5500 + passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f" + +[[users.capabilities]] + action = "search" + object = "*" + +[[users]] + name = "admin" + uidnumber = 5001 + primarygroup = 5501 + passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f" + +[[users]] + name = "user1" + uidnumber = 5002 + primarygroup = 5501 + passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f" + +[[users]] + name = "user2" + uidnumber = 5003 + primarygroup = 5501 + passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f" + +[[users]] + name = "user3" + uidnumber = 5004 + primarygroup = 5501 + passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f" diff --git a/tests/test.bash b/tests/test.bash index 401189b..1b9d5de 100755 --- a/tests/test.bash +++ b/tests/test.bash @@ -5,7 +5,7 @@ set -e # generate certs for testing generateCert() { - DOMAIN="$1" + local DOMAIN="$1" if [[ ! -d certs/"$DOMAIN" ]] ; then mkdir -p certs/"$DOMAIN" cd certs/"$DOMAIN" @@ -19,7 +19,7 @@ registerTestUser() { local userName="$1" local containerName="$2" echo "Registering TestUser '$userName' in container '$containerName'" - sudo docker compose exec "$containerName" /bin/bash -c "/entrypoint.bash register $userName localhost 12345678" + sudo docker compose exec "$containerName" /bin/bash -c "/entrypoint.bash register $userName example.com 12345678" } registerTestUsers() { @@ -48,18 +48,18 @@ runTests() { && ./bats/bats-core/bin/bats tests-"$containerName".bats } -generateCert "localhost" -generateCert "conference.localhost" -generateCert "proxy.localhost" -generateCert "pubsub.localhost" -generateCert "upload.localhost" +generateCert "example.com" +generateCert "conference.example.com" +generateCert "proxy.example.com" +generateCert "pubsub.example.com" +generateCert "upload.example.com" # Run tests for first container with postgres # Start postgres first and wait for 10 seconds before starting prosody. -sudo docker-compose down \ -&& sudo docker-compose up -d postgres \ -&& sleep 10 \ -&& sudo docker-compose up -d prosody_postgres +sudo docker-compose down +sudo docker-compose up -d postgres +sleep 10 +sudo docker-compose up -d prosody_postgres registerTestUsers prosody_postgres runTests prosody_postgres @@ -70,3 +70,8 @@ sudo docker-compose up -d prosody registerTestUsers prosody runTests prosody sudo docker-compose down + +# Run tests for prosody with ldap +sudo docker-compose up -d prosody_ldap +runTests prosody_ldap +sudo docker-compose down diff --git a/tests/test_prosody.py b/tests/test_prosody.py index e6c39bc..b7b13fa 100644 --- a/tests/test_prosody.py +++ b/tests/test_prosody.py @@ -15,6 +15,7 @@ def client(client_username, password): password, no_verify=True ), + override_peer=[("localhost", 5222, aioxmpp.connector.STARTTLSConnector())], ) return client @@ -39,9 +40,9 @@ def client_with_message_dispatcher(client): return client @pytest.mark.asyncio -@pytest.mark.parametrize("client_username, password", [("admin@localhost", "12345678")]) +@pytest.mark.parametrize("client_username, password", [("admin@example.com", "12345678")]) async def test_send_message_from_admin_to_user1(client): - recipient_jid = aioxmpp.JID.fromstr("user1@localhost") + recipient_jid = aioxmpp.JID.fromstr("user1@example.com") async with client.connected() as stream: msg = aioxmpp.Message( to=recipient_jid, @@ -53,9 +54,9 @@ async def test_send_message_from_admin_to_user1(client): await client.send(msg) @pytest.mark.asyncio -@pytest.mark.parametrize("client_username, password", [("admin@localhost", "12345678")]) +@pytest.mark.parametrize("client_username, password", [("admin@example.com", "12345678")]) async def test_send_message_from_admin_to_user2(client): - recipient_jid = aioxmpp.JID.fromstr("user2@localhost") + recipient_jid = aioxmpp.JID.fromstr("user2@example.com") async with client.connected() as stream: msg = aioxmpp.Message( to=recipient_jid, @@ -66,9 +67,9 @@ async def test_send_message_from_admin_to_user2(client): await client.send(msg) @pytest.mark.asyncio -@pytest.mark.parametrize("client_username, password", [("user1@localhost", "12345678")]) +@pytest.mark.parametrize("client_username, password", [("user1@example.com", "12345678")]) async def test_send_message_from_user1_to_user2(client): - recipient_jid = aioxmpp.JID.fromstr("user2@localhost") + recipient_jid = aioxmpp.JID.fromstr("user2@example.com") async with client.connected() as stream: msg = aioxmpp.Message( to=recipient_jid, @@ -79,9 +80,9 @@ async def test_send_message_from_user1_to_user2(client): await client.send(msg) @pytest.mark.asyncio -@pytest.mark.parametrize("client_username, password", [("user2@localhost", "12345678")]) +@pytest.mark.parametrize("client_username, password", [("user2@example.com", "12345678")]) async def test_send_message_from_user2_to_user3(client): - recipient_jid = aioxmpp.JID.fromstr("user3@localhost") + recipient_jid = aioxmpp.JID.fromstr("user3@example.com") async with client.connected() as stream: msg = aioxmpp.Message( to=recipient_jid, @@ -92,9 +93,9 @@ async def test_send_message_from_user2_to_user3(client): await client.send(msg) @pytest.mark.asyncio -@pytest.mark.parametrize("client_username, password", [("user2@localhost", "12345678")]) +@pytest.mark.parametrize("client_username, password", [("user2@example.com", "12345678")]) async def test_send_message_from_user2_to_nonexisting(client): - recipient_jid = aioxmpp.JID.fromstr("nonexisting@localhost") + recipient_jid = aioxmpp.JID.fromstr("nonexisting@example.com") async with client.connected() as stream: msg = aioxmpp.Message( to=recipient_jid, @@ -105,10 +106,10 @@ async def test_send_message_from_user2_to_nonexisting(client): await client.send(msg) @pytest.mark.asyncio -@pytest.mark.parametrize("client_username, password", [("user2@localhost", "wrong password")]) +@pytest.mark.parametrize("client_username, password", [("user2@example.com", "wrong password")]) async def test_can_not_log_in_with_wrong_password(client): with pytest.raises(aiosasl.AuthenticationFailure): - recipient_jid = aioxmpp.JID.fromstr("nonexisting@localhost") + recipient_jid = aioxmpp.JID.fromstr("nonexisting@example.com") async with client.connected() as stream: msg = aioxmpp.Message( to=recipient_jid, diff --git a/tests/tests-prosody_ldap.bats b/tests/tests-prosody_ldap.bats new file mode 100644 index 0000000..7eb0b77 --- /dev/null +++ b/tests/tests-prosody_ldap.bats @@ -0,0 +1,16 @@ +# For tests with pipes see: https://github.com/sstephenson/bats/issues/10 + +load 'bats/bats-support/load' +load 'bats/bats-assert/load' + +@test "Should use sqlite" { + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\"" + assert_success + assert_output +} + +@test "Should use ldap" { + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Host 'example.com' now set to use user provider 'ldap'\"" + assert_success + assert_output +} diff --git a/tests/tests.bats b/tests/tests.bats index bbac09d..7c9f176 100644 --- a/tests/tests.bats +++ b/tests/tests.bats @@ -9,32 +9,32 @@ load 'bats/bats-assert/load' assert_output "5" } -@test "Should select certificate for localhost" { - run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \" localhost:tls\" | wc -l" +@test "Should select certificate for example.com" { + run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \" example.com:tls\" | wc -l" assert_success assert_output "1" } -@test "Should select certificate for conference.localhost" { - run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"conference.localhost:tls\" | wc -l" +@test "Should select certificate for conference.example.com" { + run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"conference.example.com:tls\" | wc -l" assert_success assert_output "1" } -@test "Should select certificate for proxy.localhost" { - run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"proxy.localhost:tls\" | wc -l" +@test "Should select certificate for proxy.example.com" { + run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"proxy.example.com:tls\" | wc -l" assert_success assert_output "1" } -@test "Should select certificate for pubsub.localhost" { - run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"pubsub.localhost:tls\" | wc -l" +@test "Should select certificate for pubsub.example.com" { + run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"pubsub.example.com:tls\" | wc -l" assert_success assert_output "1" } -@test "Should select certificate for upload.localhost" { - run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"upload.localhost:tls\" | wc -l" +@test "Should select certificate for upload.example.com" { + run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"upload.example.com:tls\" | wc -l" assert_success assert_output "1" } @@ -76,13 +76,13 @@ load 'bats/bats-assert/load' } @test "Should load module cloud_notify" { - run bash -c "sudo docker-compose logs $batsContainerName | grep \"localhost:cloud_notify.*info.*Module loaded\"" + run bash -c "sudo docker-compose logs $batsContainerName | grep \"example.com:cloud_notify.*info.*Module loaded\"" assert_success assert_output } @test "Should show upload URL" { - run bash -c "sudo docker-compose logs $batsContainerName | grep \"URL: - Ensure this can be reached by users\"" + run bash -c "sudo docker-compose logs $batsContainerName | grep \"URL: - Ensure this can be reached by users\"" assert_success assert_output } From 375b0068149972ffdba234cdaa5726e50e1ff914 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Sun, 9 Jul 2023 09:59:41 +0200 Subject: [PATCH 08/18] Update to debian bookworm (#54) --- CHANGELOG.md | 2 +- Dockerfile | 12 ++++++------ tests/requirements.txt | 4 ++-- update-dependencies.sh | 14 ++++++++++++++ 4 files changed, 23 insertions(+), 9 deletions(-) create mode 100755 update-dependencies.sh diff --git a/CHANGELOG.md b/CHANGELOG.md index 60f5c54..82941db 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ ## Unreleased -* Nothing +* Update to debian bookworm ## v1.2.8 diff --git a/Dockerfile b/Dockerfile index f973ab6..9058210 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bullseye-slim +FROM debian:bookworm-slim ARG BUILD_DATE ARG VCS_REF @@ -7,7 +7,7 @@ ARG VERSION ARG LUAROCKS_VERSION=3.9.2 ARG PROSODY_VERSION=0.12.3 -ARG LUAROCKS_SHA256=bca6e4ecc02c203e070acdb5f586045d45c078896f6236eb46aa33ccd9b94edb +ARG LUAROCKS_SHA256="bca6e4ecc02c203e070acdb5f586045d45c078896f6236eb46aa33ccd9b94edb" ARG PROSODY_DOWNLOAD_SHA256=35da0d031ff46040a2d638e004d4255e249b6323fe6212db9ddd76b401db2101 LABEL luarocks.version="${LUAROCKS_VERSION}" @@ -26,13 +26,14 @@ LABEL prosody.version="${PROSODY_VERSION}" RUN apt-get update \ && DEBIAN_FRONTEND=noninteractive apt-get install -y \ libevent-dev `# this is no build dependency, but needed for luaevent` \ - libicu67 \ - libidn11 \ + libicu72 \ + libidn2-0 \ libpq-dev \ libsqlite3-0 \ lua5.2 \ lua-bitop \ lua-dbi-mysql \ + lua-dbi-postgresql \ lua-expat \ lua-filesystem \ lua-ldap \ @@ -43,7 +44,7 @@ RUN apt-get update \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* -RUN buildDeps='gcc git libc6-dev libidn11-dev liblua5.2-dev libsqlite3-dev libssl-dev libicu-dev make unzip' \ +RUN buildDeps='gcc git libc6-dev libidn2-dev liblua5.2-dev libsqlite3-dev libssl-dev libicu-dev make unzip' \ && set -x \ && apt-get update && apt-get install -y $buildDeps --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ @@ -71,7 +72,6 @@ RUN buildDeps='gcc git libc6-dev libidn11-dev liblua5.2-dev libsqlite3-dev libss && luarocks install luaevent \ && luarocks install luadbi \ `#&& luarocks install luadbi-mysql MYSQL_INCDIR=/usr/include/mariadb/` \ - && luarocks install luadbi-postgresql POSTGRES_INCDIR=/usr/include/postgresql/ \ && luarocks install luadbi-sqlite3 \ && luarocks install stringy \ \ diff --git a/tests/requirements.txt b/tests/requirements.txt index cfbef74..dbe0b29 100644 --- a/tests/requirements.txt +++ b/tests/requirements.txt @@ -1,4 +1,4 @@ aioxmpp==0.13.3 -pip-chill==1.0.1 +pip-chill==1.0.3 pytest-asyncio==0.21.0 -pytz==2022.7.1 +pytz==2023.3 diff --git a/update-dependencies.sh b/update-dependencies.sh new file mode 100755 index 0000000..2dc6188 --- /dev/null +++ b/update-dependencies.sh @@ -0,0 +1,14 @@ +#!/bin/zsh + +update_luarocks() { + # Get latest luarocks version and calculate sha256 hash of the tarball + local LUAROCKS_VER=$(wget -q -O - 'https://api.github.com/repos/luarocks/luarocks/tags' | jq -r ".[0].name") + local LUAROCKS_VER=${LUAROCKS_VER#v} + local LUAROCKS_SHA256_HASH=$(wget -q -O - "https://luarocks.org/releases/luarocks-$LUAROCKS_VER.tar.gz" | sha256sum --zero | perl -lane 'print $F[0]') + + # Update Dockerfile + perl -pi -e "s/LUAROCKS_VERSION=\K.*/$LUAROCKS_VER/" Dockerfile + perl -pi -e "s/LUAROCKS_SHA256=\K.*/\"$LUAROCKS_SHA256_HASH\"/" Dockerfile +} + +update_luarocks From da2f438bda95bd0ac344b11ccdaff95a6f558f48 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Thu, 7 Sep 2023 17:48:56 +0200 Subject: [PATCH 09/18] Add ENV variables for http_max_content_size and http_upload_file_size_limit (#57) Fixes #55 and fixes #56: * Add environment variable HTTP_UPLOAD_FILE_SIZE_LIMIT for setting http_upload_file_size_limit * Add environment variable HTTP_MAX_CONTENT_SIZE * Add domain_http_upload to disco_items to support http_upload on some clients and if http_upload is not a subdomain --- CHANGELOG.md | 13 ++++++++++++- conf.d/02-storage.cfg.lua | 1 + conf.d/05-vhost.cfg.lua | 4 ++++ readme.md | 2 ++ 4 files changed, 19 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 82941db..202afa4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,18 @@ ## Unreleased -* Update to debian bookworm +## v1.2.10 + +* Update docker base image to debian bookworm +* [Add LDAP authentication support](https://github.com/SaraSmiseth/prosody/pull/50) +* Add environment variable HTTP_MAX_CONTENT_SIZE for setting http_max_content_size. +* Add environment variable HTTP_UPLOAD_FILE_SIZE_LIMIT for setting http_upload_file_size_limit. +* Add domain_http_upload to disco_items to support http_upload on some clients and if http_upload is not a subdomain. + +## v1.2.9 + +* Update prosody to version 0.12.3 +* Update luarocks to version 3.9.2 ## v1.2.8 diff --git a/conf.d/02-storage.cfg.lua b/conf.d/02-storage.cfg.lua index 549573a..6271375 100644 --- a/conf.d/02-storage.cfg.lua +++ b/conf.d/02-storage.cfg.lua @@ -20,3 +20,4 @@ storage = { -- https://modules.prosody.im/mod_mam.html archive_expires_after = "1y" +http_max_content_size = os.getenv("HTTP_MAX_CONTENT_SIZE") or 1024 * 1024 * 10 -- Default is 10MB diff --git a/conf.d/05-vhost.cfg.lua b/conf.d/05-vhost.cfg.lua index e4fe3f1..279ac8d 100644 --- a/conf.d/05-vhost.cfg.lua +++ b/conf.d/05-vhost.cfg.lua @@ -20,10 +20,14 @@ https_ssl = { } VirtualHost (domain) +disco_items = { + { domain_http_upload }, +} -- Set up a http file upload because proxy65 is not working in muc Component (domain_http_upload) "http_upload" http_upload_expire_after = 60 * 60 * 24 * 7 -- a week in seconds + http_upload_file_size_limit = os.getenv("HTTP_UPLOAD_FILE_SIZE_LIMIT") or 1024 * 1024 -- Default is 1MB Component (domain_muc) "muc" name = "Prosody Chatrooms" diff --git a/readme.md b/readme.md index 8abec2f..7d87fe2 100644 --- a/readme.md +++ b/readme.md @@ -221,6 +221,8 @@ sudo chown 999:999 ./data | **DB_PORT** | Port on which the database is listening | *optional* | | | **DB_USERNAME** | The username to authenticate to the database | *optional* | | | **DB_PASSWORD** | The password to authenticate to the database | *optional* | | +| **HTTP_MAX_CONTENT_SIZE** | Max http content size in bytes | *optional* | 10485760 | +| **HTTP_UPLOAD_FILE_SIZE_LIMIT** | Max upload file size. Can not be larger than HTTP_MAX_CONTENT_SIZE | *optional* | 1048576 | | **E2E_POLICY_CHAT** | Policy for chat messages. Possible values: "none", "optional" and "required". | *optional* | "required" | | **E2E_POLICY_MUC** | Policy for MUC messages. Possible values: "none", "optional" and "required". | *optional* | "required" | | **E2E_POLICY_WHITELIST** | Make this module ignore messages sent to and from this JIDs or MUCs. | *optional* | "" | From f8d0fe4f59a0ed1c6a91f4c862d74aa84b4245c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Sat, 9 Sep 2023 20:29:13 +0200 Subject: [PATCH 10/18] Update prosody to version 0.12.4. (#59) --- CHANGELOG.md | 4 ++++ Dockerfile | 4 ++-- readme.md | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 202afa4..c5a4fdd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ ## Unreleased +## v1.2.11 + +* Updated to Prosody version [0.12.4](https://blog.prosody.im/prosody-0.12.4-released/) + ## v1.2.10 * Update docker base image to debian bookworm diff --git a/Dockerfile b/Dockerfile index 9058210..ce12cd0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,10 +5,10 @@ ARG VCS_REF ARG VERSION ARG LUAROCKS_VERSION=3.9.2 -ARG PROSODY_VERSION=0.12.3 +ARG PROSODY_VERSION=0.12.4 ARG LUAROCKS_SHA256="bca6e4ecc02c203e070acdb5f586045d45c078896f6236eb46aa33ccd9b94edb" -ARG PROSODY_DOWNLOAD_SHA256=35da0d031ff46040a2d638e004d4255e249b6323fe6212db9ddd76b401db2101 +ARG PROSODY_DOWNLOAD_SHA256="47d712273c2f29558c412f6cdaec073260bbc26b7dda243db580330183d65856" LABEL luarocks.version="${LUAROCKS_VERSION}" LABEL org.opencontainers.image.authors="Sara Smiseth" diff --git a/readme.md b/readme.md index 7d87fe2..7c8a7fb 100644 --- a/readme.md +++ b/readme.md @@ -9,7 +9,7 @@ [![Github open issues](https://img.shields.io/github/issues-raw/SaraSmiseth/prosody)](https://github.com/SaraSmiseth/prosody/issues) [![Github open pull requests](https://img.shields.io/github/issues-pr-raw/SaraSmiseth/prosody)](https://github.com/SaraSmiseth/prosody/pulls) -This docker image provides you with a configured [Prosody](https://prosody.im/) XMPP server. The image is based on `debian:bullseye-slim`. +This docker image provides you with a configured [Prosody](https://prosody.im/) XMPP server. The image is based on `debian:bookworm-slim`. The server was tested using the Android App [Conversations](https://conversations.im/) and the Desktop client [Gajim](https://gajim.org). Multiple [architectures](https://hub.docker.com/r/sarasmiseth/prosody/tags) are supported. I use it on my raspberry pi 4. From fe1787f93cf664505b891f70c0e5d18f50f53d24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Thu, 14 Sep 2023 20:02:00 +0200 Subject: [PATCH 11/18] Switched from [http_upload](https://modules.prosody.im/mod_http_upload) to [http_file_share](https://prosody.im/doc/modules/mod_http_file_share). (#60) --- CHANGELOG.md | 15 ++++++++++++++- Dockerfile | 1 - conf.d/05-vhost.cfg.lua | 8 +++++--- readme.md | 5 +++-- tests/tests.bats | 2 +- 5 files changed, 23 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c5a4fdd..e7d089e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,10 +2,23 @@ ## Unreleased -## v1.2.11 +## v1.3.0 * Updated to Prosody version [0.12.4](https://blog.prosody.im/prosody-0.12.4-released/) +### Breaking Change + +Switched from [http_upload](https://modules.prosody.im/mod_http_upload) to [http_file_share](https://prosody.im/doc/modules/mod_http_file_share). +This means that previous uploads will NOT work after upgrading. +ENV variable `HTTP_UPLOAD_FILE_SIZE_LIMIT` was removed. + +The new module uses the following variables: + +* HTTP_FILE_SHARE_SIZE_LIMIT +* HTTP_FILE_SHARE_DAILY_QUOTA + +See [readme.md](readme.md) for explanations and defaults. + ## v1.2.10 * Update docker base image to debian bookworm diff --git a/Dockerfile b/Dockerfile index ce12cd0..c8a9343 100644 --- a/Dockerfile +++ b/Dockerfile @@ -107,7 +107,6 @@ RUN download-prosody-modules.bash \ filter_chatstates `# disable "X is typing" type messages` \ smacks `# stream management (XEP-0198)` \ throttle_presence `# presence throttling in CSI` \ - http_upload `# file sharing (XEP-0363)` \ vcard_muc `# XEP-0153: vCard-Based Avatar (MUC)` \ && rm -rf "/usr/src/prosody-modules" diff --git a/conf.d/05-vhost.cfg.lua b/conf.d/05-vhost.cfg.lua index 279ac8d..2bc3d52 100644 --- a/conf.d/05-vhost.cfg.lua +++ b/conf.d/05-vhost.cfg.lua @@ -25,9 +25,11 @@ disco_items = { } -- Set up a http file upload because proxy65 is not working in muc -Component (domain_http_upload) "http_upload" - http_upload_expire_after = 60 * 60 * 24 * 7 -- a week in seconds - http_upload_file_size_limit = os.getenv("HTTP_UPLOAD_FILE_SIZE_LIMIT") or 1024 * 1024 -- Default is 1MB +Component (domain_http_upload) "http_file_share" + http_file_share_expires_after = 60 * 60 * 24 * 7 -- a week in seconds + local size_limit = os.getenv("HTTP_FILE_SHARE_SIZE_LIMIT") or 10 * 1024 * 1024 -- Default is 10MB + http_file_share_size_limit = size_limit + http_file_share_daily_quota = os.getenv("HTTP_FILE_SHARE_DAILY_QUOTA") or 10 * size_limit -- Default is 10x the size limit Component (domain_muc) "muc" name = "Prosody Chatrooms" diff --git a/readme.md b/readme.md index 7c8a7fb..033a852 100644 --- a/readme.md +++ b/readme.md @@ -221,8 +221,9 @@ sudo chown 999:999 ./data | **DB_PORT** | Port on which the database is listening | *optional* | | | **DB_USERNAME** | The username to authenticate to the database | *optional* | | | **DB_PASSWORD** | The password to authenticate to the database | *optional* | | -| **HTTP_MAX_CONTENT_SIZE** | Max http content size in bytes | *optional* | 10485760 | -| **HTTP_UPLOAD_FILE_SIZE_LIMIT** | Max upload file size. Can not be larger than HTTP_MAX_CONTENT_SIZE | *optional* | 1048576 | +| **HTTP_MAX_CONTENT_SIZE** | Max http content size in bytes | *optional* | 10485760 | +| **HTTP_FILE_SHARE_SIZE_LIMIT** | Max http file share size in bytes | *optional* | 10485760 | +| **HTTP_FILE_SHARE_DAILY_QUOTA** | Daily quota in bytes | *optional* | 10 times share size limit | | **E2E_POLICY_CHAT** | Policy for chat messages. Possible values: "none", "optional" and "required". | *optional* | "required" | | **E2E_POLICY_MUC** | Policy for MUC messages. Possible values: "none", "optional" and "required". | *optional* | "required" | | **E2E_POLICY_WHITELIST** | Make this module ignore messages sent to and from this JIDs or MUCs. | *optional* | "" | diff --git a/tests/tests.bats b/tests/tests.bats index 7c9f176..06d035a 100644 --- a/tests/tests.bats +++ b/tests/tests.bats @@ -82,7 +82,7 @@ load 'bats/bats-assert/load' } @test "Should show upload URL" { - run bash -c "sudo docker-compose logs $batsContainerName | grep \"URL: - Ensure this can be reached by users\"" + run bash -c "sudo docker-compose logs $batsContainerName | grep \"Serving 'file_share' at https:\/\/upload.example.com:5281\/file_share\"" assert_success assert_output } From d8e5906e550a1d870f95674d5cde137dfe7e4ffd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Tue, 20 Feb 2024 18:52:34 +0100 Subject: [PATCH 12/18] Fix deprecated config options (#64) Adjust config: Replace deprecated legacy_ssl with c2s_direct_tls. Removed use_libevent = true. This means the default is now used which is epoll. Added a test to check that no deprecated config settings are used. --- CHANGELOG.md | 9 +++++++++ conf.d/05-vhost.cfg.lua | 4 ++-- prosody.cfg.lua | 2 -- tests/docker-compose.yml | 2 -- tests/tests.bats | 9 +++++++-- 5 files changed, 18 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e7d089e..ea1e879 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,15 @@ ## Unreleased +### Adjust config + +* Replace deprecated legacy_ssl with c2s_direct_tls. +* Removed use_libevent = true. This means the default is now used which is epoll. + +### Test + +Added a test to check that no deprecated config settings are used. + ## v1.3.0 * Updated to Prosody version [0.12.4](https://blog.prosody.im/prosody-0.12.4-released/) diff --git a/conf.d/05-vhost.cfg.lua b/conf.d/05-vhost.cfg.lua index 2bc3d52..e92508f 100644 --- a/conf.d/05-vhost.cfg.lua +++ b/conf.d/05-vhost.cfg.lua @@ -6,11 +6,11 @@ local domain_pubsub = os.getenv("DOMAIN_PUBSUB") -- XEP-0368: SRV records for XMPP over TLS -- https://compliance.conversations.im/test/xep0368/ -legacy_ssl_ssl = { +c2s_direct_tls_ssl = { certificate = "certs/" .. domain .. "/fullchain.pem"; key = "certs/" .. domain .. "/privkey.pem"; } -legacy_ssl_ports = { 5223 } +c2s_direct_tls_ports = { 5223 } -- https://prosody.im/doc/certificates#service_certificates -- https://prosody.im/doc/ports#ssl_configuration diff --git a/prosody.cfg.lua b/prosody.cfg.lua index 5405242..6486643 100644 --- a/prosody.cfg.lua +++ b/prosody.cfg.lua @@ -7,8 +7,6 @@ admins = stringy.split(os.getenv("PROSODY_ADMINS"), ", "); pidfile = "/var/run/prosody/prosody.pid" -use_libevent = true; -- improves performance - allow_registration = os.getenv("ALLOW_REGISTRATION"); c2s_require_encryption = os.getenv("C2S_REQUIRE_ENCRYPTION"); diff --git a/tests/docker-compose.yml b/tests/docker-compose.yml index d2cc6d2..2c5b4f7 100644 --- a/tests/docker-compose.yml +++ b/tests/docker-compose.yml @@ -1,5 +1,3 @@ -version: "3.9" - services: prosody: image: prosody diff --git a/tests/tests.bats b/tests/tests.bats index 06d035a..ca2e987 100644 --- a/tests/tests.bats +++ b/tests/tests.bats @@ -57,8 +57,8 @@ load 'bats/bats-assert/load' assert_output } -@test "Should activate legacy_ssl" { - run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'legacy_ssl' on (\[::\]:5223|\[\*\]:5223), (\[::\]:5223|\[\*\]:5223)\"" +@test "Should activate c2s_direct_tls" { + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'c2s_direct_tls' on (\[::\]:5223|\[\*\]:5223), (\[::\]:5223|\[\*\]:5223)\"" assert_success assert_output } @@ -86,3 +86,8 @@ load 'bats/bats-assert/load' assert_success assert_output } + +@test "Should not use deprecated config" { + run bash -c "sudo docker-compose exec $batsContainerName /bin/bash -c \"/entrypoint.bash check\" | grep 'deprecated' -A 3" + assert_failure +} From 74c64514e2e1ad1c788a0695ed41af94a1cdaaf7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Tue, 20 Feb 2024 19:43:58 +0100 Subject: [PATCH 13/18] Remove broken links. (#65) --- readme.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/readme.md b/readme.md index 033a852..6a219ab 100644 --- a/readme.md +++ b/readme.md @@ -2,8 +2,6 @@ ![Docker](https://github.com/SaraSmiseth/prosody/workflows/Docker/badge.svg?branch=dev) ![Git repository size](https://img.shields.io/github/repo-size/SaraSmiseth/prosody) -[![Docker image](https://images.microbadger.com/badges/image/sarasmiseth/prosody:latest.svg)](https://microbadger.com/images/sarasmiseth/prosody:latest) -[![Docker version](https://images.microbadger.com/badges/version/sarasmiseth/prosody.svg)](https://microbadger.com/images/sarasmiseth/prosody:latest) [![Docker pulls](https://img.shields.io/docker/pulls/sarasmiseth/prosody.svg)](https://hub.docker.com/r/sarasmiseth/prosody/) [![Docker stars](https://img.shields.io/docker/stars/sarasmiseth/prosody.svg)](https://hub.docker.com/r/sarasmiseth/prosody/) [![Github open issues](https://img.shields.io/github/issues-raw/SaraSmiseth/prosody)](https://github.com/SaraSmiseth/prosody/issues) From 0e33f7073944ef53f3cbe0538abdfcb2e8807293 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Mon, 4 Mar 2024 17:46:15 +0100 Subject: [PATCH 14/18] Remove modules from Dockerfile which are already part of core modules (#66) See https://prosody.im/doc/modules. Add test to check if log contains warnings This fixes https://github.com/SaraSmiseth/prosody/issues/63. --- Dockerfile | 4 ---- tests/tests.bats | 5 +++++ 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index c8a9343..008eb5d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -99,13 +99,9 @@ COPY *.bash /usr/local/bin/ RUN download-prosody-modules.bash \ && docker-prosody-module-install.bash \ - bookmarks `# XEP-0411: Bookmarks Conversion` \ - carbons `# message carbons (XEP-0280)` \ cloud_notify `# XEP-0357: Push Notifications` \ - csi `# client state indication (XEP-0352)` \ e2e_policy `# require end-2-end encryption` \ filter_chatstates `# disable "X is typing" type messages` \ - smacks `# stream management (XEP-0198)` \ throttle_presence `# presence throttling in CSI` \ vcard_muc `# XEP-0153: vCard-Based Avatar (MUC)` \ && rm -rf "/usr/src/prosody-modules" diff --git a/tests/tests.bats b/tests/tests.bats index ca2e987..1f88f04 100644 --- a/tests/tests.bats +++ b/tests/tests.bats @@ -91,3 +91,8 @@ load 'bats/bats-assert/load' run bash -c "sudo docker-compose exec $batsContainerName /bin/bash -c \"/entrypoint.bash check\" | grep 'deprecated' -A 3" assert_failure } + +@test "Should not have warnings in log" { + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"warn\"" + assert_failure +} From 982ddcd60bff9bfbd5ac0eade3a4baf4c90eeb37 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Tue, 19 Nov 2024 15:09:13 +0100 Subject: [PATCH 15/18] Move defaults from entrypoint script to cfg.lua files (#71) * Move multiple defaults from entrypoint script to cfg.lua files. * Move remaining defaults from entrypoint script to cfg.lua files. * Update postgres version in tests * Register users with prosodyctl in tests * Replace 'docker-compose' with 'docker compose' --- conf.d/02-storage.cfg.lua | 4 ++-- conf.d/03-e2e-policy.cfg.lua | 9 +++++--- conf.d/04-server_contact_info.cfg.lua | 20 ++++++++++++----- conf.d/05-vhost.cfg.lua | 8 +++---- docker-entrypoint.bash | 22 ------------------ prosody.cfg.lua | 13 ++++++----- readme.md | 6 ++--- tests/docker-compose.yml | 2 +- tests/test.bash | 20 ++++++++--------- tests/tests-prosody.bats | 2 +- tests/tests-prosody_ldap.bats | 4 ++-- tests/tests-prosody_postgres.bats | 2 +- tests/tests.bats | 32 +++++++++++++-------------- 13 files changed, 67 insertions(+), 77 deletions(-) diff --git a/conf.d/02-storage.cfg.lua b/conf.d/02-storage.cfg.lua index 6271375..29b0711 100644 --- a/conf.d/02-storage.cfg.lua +++ b/conf.d/02-storage.cfg.lua @@ -1,8 +1,8 @@ default_storage = "sql" sql = { - driver = os.getenv("DB_DRIVER"); - database = os.getenv("DB_DATABASE"); + driver = os.getenv("DB_DRIVER") or "SQLite3"; + database = os.getenv("DB_DATABASE") or "prosody.sqlite"; host = os.getenv("DB_HOST"); port = os.getenv("DB_PORT"); username = os.getenv("DB_USERNAME"); diff --git a/conf.d/03-e2e-policy.cfg.lua b/conf.d/03-e2e-policy.cfg.lua index 88a7ca8..19fab10 100644 --- a/conf.d/03-e2e-policy.cfg.lua +++ b/conf.d/03-e2e-policy.cfg.lua @@ -1,8 +1,11 @@ local stringy = require "stringy" -e2e_policy_chat = os.getenv("E2E_POLICY_CHAT") -e2e_policy_muc = os.getenv("E2E_POLICY_MUC") -e2e_policy_whitelist = stringy.split(os.getenv("E2E_POLICY_WHITELIST"), ", ") +e2e_policy_chat = os.getenv("E2E_POLICY_CHAT") or "required" +e2e_policy_muc = os.getenv("E2E_POLICY_MUC") or "required" + +local whitelist = os.getenv("E2E_POLICY_WHITELIST") or "" +e2e_policy_whitelist = stringy.split(whitelist, ", ") + e2e_policy_message_optional_chat = "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for conversations on this server." e2e_policy_message_required_chat = "For security reasons, OMEMO, OTR or PGP encryption is required for conversations on this server." e2e_policy_message_optional_muc = "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for MUC on this server." diff --git a/conf.d/04-server_contact_info.cfg.lua b/conf.d/04-server_contact_info.cfg.lua index 52437e7..971392d 100644 --- a/conf.d/04-server_contact_info.cfg.lua +++ b/conf.d/04-server_contact_info.cfg.lua @@ -1,10 +1,18 @@ local stringy = require "stringy" +local domain = os.getenv("DOMAIN") +local abuse = os.getenv("SERVER_CONTACT_INFO_ABUSE") or "xmpp:abuse@" .. domain +local admin = os.getenv("SERVER_CONTACT_INFO_ADMIN") or "xmpp:admin@" .. domain +local feedback = os.getenv("SERVER_CONTACT_INFO_FEEDBACK") or "xmpp:feedback@" .. domain +local sales = os.getenv("SERVER_CONTACT_INFO_SALES") or "xmpp:sales@" .. domain +local security = os.getenv("SERVER_CONTACT_INFO_SECURITY") or "xmpp:security@" .. domain +local support = os.getenv("SERVER_CONTACT_INFO_SUPPORT") or "xmpp:support@" .. domain + contact_info = { - abuse = stringy.split(os.getenv("SERVER_CONTACT_INFO_ABUSE"), ", "); - admin = stringy.split(os.getenv("SERVER_CONTACT_INFO_ADMIN"), ", "); - feedback = stringy.split(os.getenv("SERVER_CONTACT_INFO_FEEDBACK"), ", "); - sales = stringy.split(os.getenv("SERVER_CONTACT_INFO_SALES"), ", "); - security = stringy.split(os.getenv("SERVER_CONTACT_INFO_SECURITY"), ", "); - support = stringy.split(os.getenv("SERVER_CONTACT_INFO_SUPPORT"), ", "); + abuse = stringy.split(abuse, ", "); + admin = stringy.split(admin, ", "); + feedback = stringy.split(feedback, ", "); + sales = stringy.split(sales, ", "); + security = stringy.split(security, ", "); + support = stringy.split(support, ", "); } diff --git a/conf.d/05-vhost.cfg.lua b/conf.d/05-vhost.cfg.lua index e92508f..1f5bcec 100644 --- a/conf.d/05-vhost.cfg.lua +++ b/conf.d/05-vhost.cfg.lua @@ -1,8 +1,8 @@ local domain = os.getenv("DOMAIN") -local domain_http_upload = os.getenv("DOMAIN_HTTP_UPLOAD") -local domain_muc = os.getenv("DOMAIN_MUC") -local domain_proxy = os.getenv("DOMAIN_PROXY") -local domain_pubsub = os.getenv("DOMAIN_PUBSUB") +local domain_http_upload = os.getenv("DOMAIN_HTTP_UPLOAD") or "upload." .. domain +local domain_muc = os.getenv("DOMAIN_MUC") or "conference." .. domain +local domain_proxy = os.getenv("DOMAIN_PROXY") or "proxy." .. domain +local domain_pubsub = os.getenv("DOMAIN_PUBSUB") or "pubsub." .. domain -- XEP-0368: SRV records for XMPP over TLS -- https://compliance.conversations.im/test/xep0368/ diff --git a/docker-entrypoint.bash b/docker-entrypoint.bash index dd317e0..3d85187 100755 --- a/docker-entrypoint.bash +++ b/docker-entrypoint.bash @@ -1,28 +1,6 @@ #!/bin/bash set -e -export ALLOW_REGISTRATION=${ALLOW_REGISTRATION:-true} -export DOMAIN_HTTP_UPLOAD=${DOMAIN_HTTP_UPLOAD:-"upload.$DOMAIN"} -export DOMAIN_MUC=${DOMAIN_MUC:-"conference.$DOMAIN"} -export DOMAIN_PROXY=${DOMAIN_PROXY:-"proxy.$DOMAIN"} -export DOMAIN_PUBSUB=${DOMAIN_PUBSUB:-"pubsub.$DOMAIN"} -export DB_DRIVER=${DB_DRIVER:-"SQLite3"} -export DB_DATABASE=${DB_DATABASE:-"prosody.sqlite"} -export E2E_POLICY_CHAT=${E2E_POLICY_CHAT:-"required"} -export E2E_POLICY_MUC=${E2E_POLICY_MUC:-"required"} -export E2E_POLICY_WHITELIST=${E2E_POLICY_WHITELIST:-""} -export LOG_LEVEL=${LOG_LEVEL:-"info"} -export C2S_REQUIRE_ENCRYPTION=${C2S_REQUIRE_ENCRYPTION:-true} -export S2S_REQUIRE_ENCRYPTION=${S2S_REQUIRE_ENCRYPTION:-true} -export S2S_SECURE_AUTH=${S2S_SECURE_AUTH:-true} -export SERVER_CONTACT_INFO_ABUSE=${SERVER_CONTACT_INFO_ABUSE:-"xmpp:abuse@$DOMAIN"} -export SERVER_CONTACT_INFO_ADMIN=${SERVER_CONTACT_INFO_ADMIN:-"xmpp:admin@$DOMAIN"} -export SERVER_CONTACT_INFO_FEEDBACK=${SERVER_CONTACT_INFO_FEEDBACK:-"xmpp:feedback@$DOMAIN"} -export SERVER_CONTACT_INFO_SALES=${SERVER_CONTACT_INFO_SALES:-"xmpp:sales@$DOMAIN"} -export SERVER_CONTACT_INFO_SECURITY=${SERVER_CONTACT_INFO_SECURITY:-"xmpp:security@$DOMAIN"} -export SERVER_CONTACT_INFO_SUPPORT=${SERVER_CONTACT_INFO_SUPPORT:-"xmpp:support@$DOMAIN"} -export PROSODY_ADMINS=${PROSODY_ADMINS:-""} - if [[ "$1" != "prosody" ]]; then exec prosodyctl $* exit 0; diff --git a/prosody.cfg.lua b/prosody.cfg.lua index 6486643..b53faeb 100644 --- a/prosody.cfg.lua +++ b/prosody.cfg.lua @@ -3,15 +3,16 @@ local stringy = require "stringy" -admins = stringy.split(os.getenv("PROSODY_ADMINS"), ", "); +local prosody_admins = os.getenv("PROSODY_ADMINS") or ""; +admins = stringy.split(prosody_admins, ", "); pidfile = "/var/run/prosody/prosody.pid" -allow_registration = os.getenv("ALLOW_REGISTRATION"); +allow_registration = os.getenv("ALLOW_REGISTRATION") or "true"; -c2s_require_encryption = os.getenv("C2S_REQUIRE_ENCRYPTION"); -s2s_require_encryption = os.getenv("S2S_REQUIRE_ENCRYPTION"); -s2s_secure_auth = os.getenv("S2S_SECURE_AUTH"); +c2s_require_encryption = os.getenv("C2S_REQUIRE_ENCRYPTION") or "true"; +s2s_require_encryption = os.getenv("S2S_REQUIRE_ENCRYPTION") or "true"; +s2s_secure_auth = os.getenv("S2S_SECURE_AUTH") or "true"; authentication = os.getenv("AUTHENTICATION") or "internal_hashed"; @@ -26,7 +27,7 @@ ldap_mode = os.getenv("LDAP_MODE") or "bind"; ldap_admin_filter = os.getenv("LDAP_ADMIN_FILTER") or ""; log = { - {levels = {min = os.getenv("LOG_LEVEL")}, to = "console"}; + {levels = {min = os.getenv("LOG_LEVEL") or "info"}, to = "console"}; }; Include "conf.d/*.cfg.lua"; diff --git a/readme.md b/readme.md index 6a219ab..de5ab62 100644 --- a/readme.md +++ b/readme.md @@ -167,9 +167,9 @@ services: - ./data:/usr/local/var/lib/prosody ``` -Boot it via: ```docker-compose up -d```. +Boot it via: ```docker compose up -d```. -Inspect logs: ```docker-compose logs -f```. +Inspect logs: ```docker compose logs -f```. ### Volumes permissions @@ -265,7 +265,7 @@ If you need additional configuration just overwrite the respective _cfg.lua_ fil When migrating from prosody 0.10, you need to update the database once: ```bash -docker-compose exec server bash +docker compose exec server bash prosodyctl mod_storage_sql upgrade ``` diff --git a/tests/docker-compose.yml b/tests/docker-compose.yml index 2c5b4f7..b67723b 100644 --- a/tests/docker-compose.yml +++ b/tests/docker-compose.yml @@ -43,7 +43,7 @@ services: - postgres postgres: - image: postgres:15-alpine + image: postgres:16-alpine restart: unless-stopped environment: POSTGRES_DB: prosody diff --git a/tests/test.bash b/tests/test.bash index 1b9d5de..33a374b 100755 --- a/tests/test.bash +++ b/tests/test.bash @@ -19,7 +19,7 @@ registerTestUser() { local userName="$1" local containerName="$2" echo "Registering TestUser '$userName' in container '$containerName'" - sudo docker compose exec "$containerName" /bin/bash -c "/entrypoint.bash register $userName example.com 12345678" + sudo docker compose exec "$containerName" /bin/bash -c "prosodyctl register $userName example.com 12345678" } registerTestUsers() { @@ -42,7 +42,7 @@ runTests() { && pytest \ && deactivate \ && sleep 5 \ - && sudo docker-compose logs "$containerName" \ + && sudo docker compose logs "$containerName" \ && export batsContainerName="$containerName" \ && ./bats/bats-core/bin/bats tests.bats \ && ./bats/bats-core/bin/bats tests-"$containerName".bats @@ -56,22 +56,22 @@ generateCert "upload.example.com" # Run tests for first container with postgres # Start postgres first and wait for 10 seconds before starting prosody. -sudo docker-compose down -sudo docker-compose up -d postgres +sudo docker compose down +sudo docker compose up -d postgres sleep 10 -sudo docker-compose up -d prosody_postgres +sudo docker compose up -d prosody_postgres registerTestUsers prosody_postgres runTests prosody_postgres -sudo docker-compose down +sudo docker compose down # Run tests for second container with SQLite -sudo docker-compose up -d prosody +sudo docker compose up -d prosody registerTestUsers prosody runTests prosody -sudo docker-compose down +sudo docker compose down # Run tests for prosody with ldap -sudo docker-compose up -d prosody_ldap +sudo docker compose up -d prosody_ldap runTests prosody_ldap -sudo docker-compose down +sudo docker compose down diff --git a/tests/tests-prosody.bats b/tests/tests-prosody.bats index 74ddc22..e2efe54 100644 --- a/tests/tests-prosody.bats +++ b/tests/tests-prosody.bats @@ -4,7 +4,7 @@ load 'bats/bats-support/load' load 'bats/bats-assert/load' @test "Should use sqlite" { - run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\"" + run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\"" assert_success assert_output } diff --git a/tests/tests-prosody_ldap.bats b/tests/tests-prosody_ldap.bats index 7eb0b77..64c92b2 100644 --- a/tests/tests-prosody_ldap.bats +++ b/tests/tests-prosody_ldap.bats @@ -4,13 +4,13 @@ load 'bats/bats-support/load' load 'bats/bats-assert/load' @test "Should use sqlite" { - run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\"" + run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\"" assert_success assert_output } @test "Should use ldap" { - run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Host 'example.com' now set to use user provider 'ldap'\"" + run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Host 'example.com' now set to use user provider 'ldap'\"" assert_success assert_output } diff --git a/tests/tests-prosody_postgres.bats b/tests/tests-prosody_postgres.bats index 2a1d1d0..f33fecb 100644 --- a/tests/tests-prosody_postgres.bats +++ b/tests/tests-prosody_postgres.bats @@ -4,7 +4,7 @@ load 'bats/bats-support/load' load 'bats/bats-assert/load' @test "Should use postgres" { - run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[PostgreSQL\] prosody\.\.\.\"" + run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Connecting to \[PostgreSQL\] prosody\.\.\.\"" assert_success assert_output } diff --git a/tests/tests.bats b/tests/tests.bats index 1f88f04..3655520 100644 --- a/tests/tests.bats +++ b/tests/tests.bats @@ -4,95 +4,95 @@ load 'bats/bats-support/load' load 'bats/bats-assert/load' @test "Should send 5 messages" { - run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Received\[c2s\]: Date: Tue, 19 Nov 2024 15:41:10 +0100 Subject: [PATCH 16/18] Update LUAROCKS_VERSION=3.11.1 (#72) --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 008eb5d..5dceb69 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,10 +4,10 @@ ARG BUILD_DATE ARG VCS_REF ARG VERSION -ARG LUAROCKS_VERSION=3.9.2 +ARG LUAROCKS_VERSION=3.11.1 ARG PROSODY_VERSION=0.12.4 -ARG LUAROCKS_SHA256="bca6e4ecc02c203e070acdb5f586045d45c078896f6236eb46aa33ccd9b94edb" +ARG LUAROCKS_SHA256="c3fb3d960dffb2b2fe9de7e3cb004dc4d0b34bb3d342578af84f84325c669102" ARG PROSODY_DOWNLOAD_SHA256="47d712273c2f29558c412f6cdaec073260bbc26b7dda243db580330183d65856" LABEL luarocks.version="${LUAROCKS_VERSION}" From 0eaf173701ea55d493893e24b009619a4509cc8b Mon Sep 17 00:00:00 2001 From: hexlocation Date: Thu, 26 Dec 2024 22:33:47 +0100 Subject: [PATCH 17/18] feat: add turn support --- conf.d/01-modules.cfg.lua | 1 + conf.d/05-vhost.cfg.lua | 6 ++++++ readme.md | 4 ++++ 3 files changed, 11 insertions(+) diff --git a/conf.d/01-modules.cfg.lua b/conf.d/01-modules.cfg.lua index 6f8640f..57aa216 100644 --- a/conf.d/01-modules.cfg.lua +++ b/conf.d/01-modules.cfg.lua @@ -24,6 +24,7 @@ modules_enabled = { "ping"; -- Replies to XMPP pings with pongs "pep"; -- Enables users to publish their mood, activity, playing music and more "register"; -- Allow users to register on this server using a client and change passwords + "turn_external"; -- Allow users to make voice/video calls --"muc"; -- [Loaded as component, therefore commented here] Multi-user chats (XEP-0045) -- Admin interfaces diff --git a/conf.d/05-vhost.cfg.lua b/conf.d/05-vhost.cfg.lua index 1f5bcec..a269481 100644 --- a/conf.d/05-vhost.cfg.lua +++ b/conf.d/05-vhost.cfg.lua @@ -47,3 +47,9 @@ Component (domain_proxy) "proxy65" -- Implements a XEP-0060 pubsub service. Component (domain_pubsub) "pubsub" + +-- Set TURN server information. + +turn_external_host = os.getenv("TURN_EXTERNAL_HOST") or "turn" .. domain; +turn_external_port = os.getenv("TURN_EXTERNAL_PORT") or 3478; +turn_external_secret = os.getenv("TURN_EXTERNAL_SECRET"); diff --git a/readme.md b/readme.md index de5ab62..a2c9086 100644 --- a/readme.md +++ b/readme.md @@ -235,6 +235,9 @@ sudo chown 999:999 ./data | **SERVER_CONTACT_INFO_SALES** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:sales@**DOMAIN**" | | **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:security@**DOMAIN**" | | **SERVER_CONTACT_INFO_SUPPORT** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:support@**DOMAIN**" | +| **TURN_EXTERNAL_HOST** | The external hostname for the TURN server. | *optional* | "turn.**DOMAIN**" | +| **TURN_EXTERNAL_PORT** | The external port for the TURN server. | *optional* | "" | +| **TURN_EXTERNAL_SECRET** | The external secret for the TURN server. | *optional* | "" | | **PROSODY_ADMINS** | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net" | *optional* | "" | #### DNS @@ -246,6 +249,7 @@ You need these DNS record pointing to your server: * proxy.domain.tld * pubsub.domain.tld * upload.domain.tld +* turn.domain.tld * A SRV record for _xmpps-client._tcp.domain.tld for port 5223. where domain.tld is the environment variable DOMAIN. From 265fc1606359830a5329fb52926f9db7b1525e3e Mon Sep 17 00:00:00 2001 From: hexlocation Date: Thu, 26 Dec 2024 22:56:02 +0100 Subject: [PATCH 18/18] fix: add variables to global vhost --- conf.d/05-vhost.cfg.lua | 8 +++++--- readme.md | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/conf.d/05-vhost.cfg.lua b/conf.d/05-vhost.cfg.lua index a269481..7ddc77e 100644 --- a/conf.d/05-vhost.cfg.lua +++ b/conf.d/05-vhost.cfg.lua @@ -20,6 +20,11 @@ https_ssl = { } VirtualHost (domain) + +turn_external_host = os.getenv("TURN_EXTERNAL_HOST") or "turn" .. domain; +turn_external_port = os.getenv("TURN_EXTERNAL_PORT") or 3478; +turn_external_secret = os.getenv("TURN_EXTERNAL_SECRET"); + disco_items = { { domain_http_upload }, } @@ -50,6 +55,3 @@ Component (domain_pubsub) "pubsub" -- Set TURN server information. -turn_external_host = os.getenv("TURN_EXTERNAL_HOST") or "turn" .. domain; -turn_external_port = os.getenv("TURN_EXTERNAL_PORT") or 3478; -turn_external_secret = os.getenv("TURN_EXTERNAL_SECRET"); diff --git a/readme.md b/readme.md index a2c9086..8113d2c 100644 --- a/readme.md +++ b/readme.md @@ -236,7 +236,7 @@ sudo chown 999:999 ./data | **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:security@**DOMAIN**" | | **SERVER_CONTACT_INFO_SUPPORT** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:support@**DOMAIN**" | | **TURN_EXTERNAL_HOST** | The external hostname for the TURN server. | *optional* | "turn.**DOMAIN**" | -| **TURN_EXTERNAL_PORT** | The external port for the TURN server. | *optional* | "" | +| **TURN_EXTERNAL_PORT** | The external port for the TURN server. | *optional* | "3478" | | **TURN_EXTERNAL_SECRET** | The external secret for the TURN server. | *optional* | "" | | **PROSODY_ADMINS** | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net" | *optional* | "" |