forked from mirror/prosody
Compare commits
4 commits
Author | SHA1 | Date | |
---|---|---|---|
|
8d068580ea | ||
|
4fd9603a56 | ||
|
bce67be67d | ||
|
eb572d8180 |
10 changed files with 233 additions and 120 deletions
77
CHANGELOG.md
77
CHANGELOG.md
|
@ -2,33 +2,44 @@
|
||||||
|
|
||||||
## Unreleased
|
## Unreleased
|
||||||
|
|
||||||
* Nothing
|
- Nothing
|
||||||
|
|
||||||
|
## v1.2.9
|
||||||
|
|
||||||
|
- New environment variables to configure storage were added.
|
||||||
|
Added DEFAULT_STORAGE and STORAGE_ARCHIVE2 which default to `sql` for backward compatibility.
|
||||||
|
Added ARCHIVE_STORE which defaults to `archive2` for backward compatibility.
|
||||||
|
See [prosody docs](https://prosody.im/doc/storage) for information on prosody storage.
|
||||||
|
This fixes [#38](https://github.com/SaraSmiseth/prosody/issues/38).
|
||||||
|
- New tests for a container with DEFAULT_STORAGE set to `internal`.
|
||||||
|
New tests for a container with DEFAULT_STORAGE set to `internal` and ARCHIVE_STORE set to `archive`.
|
||||||
|
- Updated luarocks to version 3.9.1.
|
||||||
|
|
||||||
## v1.2.8
|
## v1.2.8
|
||||||
|
|
||||||
* Updated to Prosody version [0.12.1](https://blog.prosody.im/prosody-0.12.1-released/).
|
- Updated to Prosody version [0.12.1](https://blog.prosody.im/prosody-0.12.1-released/).
|
||||||
|
|
||||||
## v1.2.7
|
## v1.2.7
|
||||||
|
|
||||||
* Updated to Prosody version [0.12.0](https://blog.prosody.im/prosody-0.12.0-released/).
|
- Updated to Prosody version [0.12.0](https://blog.prosody.im/prosody-0.12.0-released/).
|
||||||
* Updated luarocks to version 3.9.0.
|
- Updated luarocks to version 3.9.0.
|
||||||
|
|
||||||
## v1.2.6
|
## v1.2.6
|
||||||
|
|
||||||
* Updated to Prosody version [0.11.13](https://blog.prosody.im/prosody-0.11.13-released/).
|
- Updated to Prosody version [0.11.13](https://blog.prosody.im/prosody-0.11.13-released/).
|
||||||
|
|
||||||
## v1.2.5
|
## v1.2.5
|
||||||
|
|
||||||
* Updated to Prosody version [0.11.12](https://blog.prosody.im/prosody-0.11.12-released/).
|
- Updated to Prosody version [0.11.12](https://blog.prosody.im/prosody-0.11.12-released/).
|
||||||
|
|
||||||
## v1.2.4
|
## v1.2.4
|
||||||
|
|
||||||
* Updated to Prosody version [0.11.11](https://blog.prosody.im/prosody-0.11.11-released/).
|
- Updated to Prosody version [0.11.11](https://blog.prosody.im/prosody-0.11.11-released/).
|
||||||
* Updated luarocks to version 3.8.0.
|
- Updated luarocks to version 3.8.0.
|
||||||
|
|
||||||
## v1.2.3
|
## v1.2.3
|
||||||
|
|
||||||
* Updated to Prosody version [0.11.10](https://blog.prosody.im/prosody-0.11.10-released/).
|
- Updated to Prosody version [0.11.10](https://blog.prosody.im/prosody-0.11.10-released/).
|
||||||
|
|
||||||
## v1.2.2
|
## v1.2.2
|
||||||
|
|
||||||
|
@ -36,81 +47,81 @@
|
||||||
|
|
||||||
## v1.2.1
|
## v1.2.1
|
||||||
|
|
||||||
* Updated to Prosody version [0.11.9](https://blog.prosody.im/prosody-0.11.9-released/).
|
- Updated to Prosody version [0.11.9](https://blog.prosody.im/prosody-0.11.9-released/).
|
||||||
|
|
||||||
## v1.2.0
|
## v1.2.0
|
||||||
|
|
||||||
### New features
|
### New features
|
||||||
|
|
||||||
* New environment variables for database settings. It is now possible to use MariaDB or Postgres instead of SQLite. SQLite is the default. See [README](https://github.com/SaraSmiseth/prosody#environment-variables).
|
- New environment variables for database settings. It is now possible to use MariaDB or Postgres instead of SQLite. SQLite is the default. See [README](https://github.com/SaraSmiseth/prosody#environment-variables).
|
||||||
|
|
||||||
### Updates
|
### Updates
|
||||||
|
|
||||||
* Updated luarocks to version 3.7.0.
|
- Updated luarocks to version 3.7.0.
|
||||||
|
|
||||||
## v1.1.4
|
## v1.1.4
|
||||||
|
|
||||||
### Updates
|
### Updates
|
||||||
|
|
||||||
* Updated to Prosody version [0.11.8](https://blog.prosody.im/prosody-0.11.8-released/).
|
- Updated to Prosody version [0.11.8](https://blog.prosody.im/prosody-0.11.8-released/).
|
||||||
* Updated luarocks to version 3.5.0.
|
- Updated luarocks to version 3.5.0.
|
||||||
|
|
||||||
## v1.1.3
|
## v1.1.3
|
||||||
|
|
||||||
### New features
|
### New features
|
||||||
|
|
||||||
* Set pidfile in prosody.cfg.lua.
|
- Set pidfile in prosody.cfg.lua.
|
||||||
* Created a tests folder which contains pytest and bats tests.
|
- Created a tests folder which contains pytest and bats tests.
|
||||||
|
|
||||||
### Bug fixes
|
### Bug fixes
|
||||||
|
|
||||||
* Fixed using list ENV variables with multiple values.
|
- Fixed using list ENV variables with multiple values.
|
||||||
|
|
||||||
## v1.1.2
|
## v1.1.2
|
||||||
|
|
||||||
### Updates
|
### Updates
|
||||||
|
|
||||||
* Updated to Prosody version [0.11.7](https://blog.prosody.im/prosody-0.11.7-released/).
|
- Updated to Prosody version [0.11.7](https://blog.prosody.im/prosody-0.11.7-released/).
|
||||||
* Updated luarocks to version 3.4.0.
|
- Updated luarocks to version 3.4.0.
|
||||||
|
|
||||||
### New features
|
### New features
|
||||||
|
|
||||||
* Made 04-server_contact_info.cfg.lua configurable with ENV variables. Fixes [#4](https://github.com/SaraSmiseth/prosody/issues/4).
|
- Made 04-server_contact_info.cfg.lua configurable with ENV variables. Fixes [#4](https://github.com/SaraSmiseth/prosody/issues/4).
|
||||||
* Made 03-e2e-policy.cfg.lua configurable with ENV variables. Fixes [#9](https://github.com/SaraSmiseth/prosody/issues/9).
|
- Made 03-e2e-policy.cfg.lua configurable with ENV variables. Fixes [#9](https://github.com/SaraSmiseth/prosody/issues/9).
|
||||||
* Added E2E_POLICY_WHITELIST ENV variable to configure e2e_policy_whitelist. Fixes [#10](https://github.com/SaraSmiseth/prosody/issues/10).
|
- Added E2E_POLICY_WHITELIST ENV variable to configure e2e_policy_whitelist. Fixes [#10](https://github.com/SaraSmiseth/prosody/issues/10).
|
||||||
|
|
||||||
### Bug fixes
|
### Bug fixes
|
||||||
|
|
||||||
* Cherry picked [commit](https://github.com/zipizap/prosody/commit/fa13a990a1b87745ae5f5fe8297cb0669f9e8779) from [zipizap/prosody](https://github.com/zipizap/prosody) which fixes a bug with env-vars not beeing initialized.
|
- Cherry picked [commit](https://github.com/zipizap/prosody/commit/fa13a990a1b87745ae5f5fe8297cb0669f9e8779) from [zipizap/prosody](https://github.com/zipizap/prosody) which fixes a bug with env-vars not beeing initialized.
|
||||||
|
|
||||||
### Other changes
|
### Other changes
|
||||||
|
|
||||||
* Changed hashing of downloaded packages in Dockerfile to sha256.
|
- Changed hashing of downloaded packages in Dockerfile to sha256.
|
||||||
|
|
||||||
## v1.1.1
|
## v1.1.1
|
||||||
|
|
||||||
* Updated to Prosody version [0.11.6](https://blog.prosody.im/prosody-0.11.6-released/).
|
- Updated to Prosody version [0.11.6](https://blog.prosody.im/prosody-0.11.6-released/).
|
||||||
* Replace "master" with "dev".
|
- Replace "master" with "dev".
|
||||||
|
|
||||||
## v1.1.0
|
## v1.1.0
|
||||||
|
|
||||||
### New features
|
### New features
|
||||||
|
|
||||||
* Enable "announce" and "lastactivity" modules.
|
- Enable "announce" and "lastactivity" modules.
|
||||||
* Add PROSODY_ADMINS to specify who is an administrator. Fixes #7
|
- Add PROSODY_ADMINS to specify who is an administrator. Fixes #7
|
||||||
|
|
||||||
### Breaking changes
|
### Breaking changes
|
||||||
|
|
||||||
* Move global ssl section to https_ssl and legacy_ssl_ssl section. It is only needed there. #3
|
- Move global ssl section to https_ssl and legacy_ssl_ssl section. It is only needed there. #3
|
||||||
* <https://prosody.im/doc/ports#ssl_configuration>
|
- <https://prosody.im/doc/ports#ssl_configuration>
|
||||||
|
|
||||||
As explained in the [README](https://github.com/SaraSmiseth/prosody#ssl-certificates) this setup uses automatic location to find your certs. This did not work correctly before this change. It just always used the main certificate defined with the global `ssl` config setting. This setting was removed and for the [services](https://prosody.im/doc/certificates#service_certificates) that do not use automatic location new global settings were introduced. These are `legacy_ssl_ssl` and `https_ssl`.
|
As explained in the [README](https://github.com/SaraSmiseth/prosody#ssl-certificates) this setup uses automatic location to find your certs. This did not work correctly before this change. It just always used the main certificate defined with the global `ssl` config setting. This setting was removed and for the [services](https://prosody.im/doc/certificates#service_certificates) that do not use automatic location new global settings were introduced. These are `legacy_ssl_ssl` and `https_ssl`.
|
||||||
|
|
||||||
### Other changes
|
### Other changes
|
||||||
|
|
||||||
* Add badges to README. Fixes #5.
|
- Add badges to README. Fixes #5.
|
||||||
* Add link to official documentation on certificate permissions to README. Related to #3
|
- Add link to official documentation on certificate permissions to README. Related to #3
|
||||||
|
|
||||||
## v1.0.0
|
## v1.0.0
|
||||||
|
|
||||||
* First version
|
- First version
|
||||||
|
|
|
@ -4,10 +4,10 @@ ARG BUILD_DATE
|
||||||
ARG VCS_REF
|
ARG VCS_REF
|
||||||
ARG VERSION
|
ARG VERSION
|
||||||
|
|
||||||
ARG LUAROCKS_VERSION=3.9.0
|
ARG LUAROCKS_VERSION=3.9.1
|
||||||
ARG PROSODY_VERSION=0.12.1
|
ARG PROSODY_VERSION=0.12.1
|
||||||
|
|
||||||
ARG LUAROCKS_SHA256=5e840f0224891de96be4139e9475d3b1de7af3a32b95c1bdf05394563c60175f
|
ARG LUAROCKS_SHA256=ffafd83b1c42aa38042166a59ac3b618c838ce4e63f4ace9d961a5679ef58253
|
||||||
ARG PROSODY_DOWNLOAD_SHA256=a7ecbbe41f01a4251805593ac6d15dbc6cb75d9c7a876c76b456cf74ff4b90e5
|
ARG PROSODY_DOWNLOAD_SHA256=a7ecbbe41f01a4251805593ac6d15dbc6cb75d9c7a876c76b456cf74ff4b90e5
|
||||||
|
|
||||||
LABEL luarocks.version="${LUAROCKS_VERSION}"
|
LABEL luarocks.version="${LUAROCKS_VERSION}"
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
default_storage = "sql"
|
default_storage = os.getenv("DEFAULT_STORAGE")
|
||||||
|
|
||||||
sql = {
|
sql = {
|
||||||
driver = os.getenv("DB_DRIVER");
|
driver = os.getenv("DB_DRIVER");
|
||||||
|
@ -9,12 +9,11 @@ sql = {
|
||||||
password = os.getenv("DB_PASSWORD");
|
password = os.getenv("DB_PASSWORD");
|
||||||
}
|
}
|
||||||
|
|
||||||
-- make 0.10-distributed mod_mam use sql store
|
archive_store = os.getenv("ARCHIVE_STORE")
|
||||||
archive_store = "archive2" -- Use the same data store as prosody-modules mod_mam
|
|
||||||
|
|
||||||
storage = {
|
storage = {
|
||||||
-- this makes mod_mam use the sql storage backend
|
-- this makes mod_mam use the sql storage backend
|
||||||
archive2 = "sql";
|
archive2 = os.getenv("STORAGE_ARCHIVE2");
|
||||||
}
|
}
|
||||||
|
|
||||||
-- https://modules.prosody.im/mod_mam.html
|
-- https://modules.prosody.im/mod_mam.html
|
||||||
|
|
|
@ -2,6 +2,8 @@
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
export ALLOW_REGISTRATION=${ALLOW_REGISTRATION:-true}
|
export ALLOW_REGISTRATION=${ALLOW_REGISTRATION:-true}
|
||||||
|
export ARCHIVE_STORE=${ARCHIVE_STORE:-"archive2"}
|
||||||
|
export DEFAULT_STORAGE=${DEFAULT_STORAGE:-"sql"}
|
||||||
export DOMAIN_HTTP_UPLOAD=${DOMAIN_HTTP_UPLOAD:-"upload.$DOMAIN"}
|
export DOMAIN_HTTP_UPLOAD=${DOMAIN_HTTP_UPLOAD:-"upload.$DOMAIN"}
|
||||||
export DOMAIN_MUC=${DOMAIN_MUC:-"conference.$DOMAIN"}
|
export DOMAIN_MUC=${DOMAIN_MUC:-"conference.$DOMAIN"}
|
||||||
export DOMAIN_PROXY=${DOMAIN_PROXY:-"proxy.$DOMAIN"}
|
export DOMAIN_PROXY=${DOMAIN_PROXY:-"proxy.$DOMAIN"}
|
||||||
|
@ -21,6 +23,7 @@ export SERVER_CONTACT_INFO_FEEDBACK=${SERVER_CONTACT_INFO_FEEDBACK:-"xmpp:feedba
|
||||||
export SERVER_CONTACT_INFO_SALES=${SERVER_CONTACT_INFO_SALES:-"xmpp:sales@$DOMAIN"}
|
export SERVER_CONTACT_INFO_SALES=${SERVER_CONTACT_INFO_SALES:-"xmpp:sales@$DOMAIN"}
|
||||||
export SERVER_CONTACT_INFO_SECURITY=${SERVER_CONTACT_INFO_SECURITY:-"xmpp:security@$DOMAIN"}
|
export SERVER_CONTACT_INFO_SECURITY=${SERVER_CONTACT_INFO_SECURITY:-"xmpp:security@$DOMAIN"}
|
||||||
export SERVER_CONTACT_INFO_SUPPORT=${SERVER_CONTACT_INFO_SUPPORT:-"xmpp:support@$DOMAIN"}
|
export SERVER_CONTACT_INFO_SUPPORT=${SERVER_CONTACT_INFO_SUPPORT:-"xmpp:support@$DOMAIN"}
|
||||||
|
export STORAGE_ARCHIVE2=${STORAGE_ARCHIVE2:-"sql"}
|
||||||
export PROSODY_ADMINS=${PROSODY_ADMINS:-""}
|
export PROSODY_ADMINS=${PROSODY_ADMINS:-""}
|
||||||
|
|
||||||
if [[ "$1" != "prosody" ]]; then
|
if [[ "$1" != "prosody" ]]; then
|
||||||
|
|
155
readme.md
155
readme.md
|
@ -15,10 +15,10 @@ Multiple [architectures](https://hub.docker.com/r/sarasmiseth/prosody/tags) are
|
||||||
|
|
||||||
While Conversations got everything set-up out-of-the-box, Gajim was used with the following extensions:
|
While Conversations got everything set-up out-of-the-box, Gajim was used with the following extensions:
|
||||||
|
|
||||||
* HttpUpload
|
- HttpUpload
|
||||||
* Off-The-Record Encryption
|
- Off-The-Record Encryption
|
||||||
* OMEMO (requires _python-axolotl_ to be installed)
|
- OMEMO (requires _python-axolotl_ to be installed)
|
||||||
* Url Image preview
|
- Url Image preview
|
||||||
|
|
||||||
## Table of Contents
|
## Table of Contents
|
||||||
|
|
||||||
|
@ -49,17 +49,17 @@ While Conversations got everything set-up out-of-the-box, Gajim was used with th
|
||||||
|
|
||||||
## Features
|
## Features
|
||||||
|
|
||||||
* Secure by default
|
- Secure by default
|
||||||
* SSL certificate required
|
- SSL certificate required
|
||||||
* End-to-end encryption required (using [OMEMO](https://conversations.im/omemo/) or [OTR](https://en.wikipedia.org/wiki/Off-the-Record_Messaging))
|
- End-to-end encryption required (using [OMEMO](https://conversations.im/omemo/) or [OTR](https://en.wikipedia.org/wiki/Off-the-Record_Messaging))
|
||||||
* Data storage
|
- Data storage
|
||||||
* SQLite message store
|
- SQLite message store
|
||||||
* Configured file upload and image sharing
|
- Configured file upload and image sharing
|
||||||
* Multi-user chat (MUC)
|
- Multi-user chat (MUC)
|
||||||
|
|
||||||
## Requirements
|
## Requirements
|
||||||
|
|
||||||
* You need a SSL certificate. I recommend [LetsEncrypt](https://letsencrypt.org/) for that.
|
- You need a SSL certificate. I recommend [LetsEncrypt](https://letsencrypt.org/) for that.
|
||||||
|
|
||||||
## Image Details
|
## Image Details
|
||||||
|
|
||||||
|
@ -67,54 +67,54 @@ While Conversations got everything set-up out-of-the-box, Gajim was used with th
|
||||||
|
|
||||||
The following ports are exposed:
|
The following ports are exposed:
|
||||||
|
|
||||||
* 5000: proxy65 port used for file sharing
|
- 5000: proxy65 port used for file sharing
|
||||||
* 5222: c2s port (client to server)
|
- 5222: c2s port (client to server)
|
||||||
* 5223: c2s legacy ssl port (client to server)
|
- 5223: c2s legacy ssl port (client to server)
|
||||||
* 5269: s2s port (server to server)
|
- 5269: s2s port (server to server)
|
||||||
* 5347: XMPP component port
|
- 5347: XMPP component port
|
||||||
* 5280: BOSH / websocket port
|
- 5280: BOSH / websocket port
|
||||||
* 5281: Secure BOSH / websocket port
|
- 5281: Secure BOSH / websocket port
|
||||||
|
|
||||||
### Directories
|
### Directories
|
||||||
|
|
||||||
#### Data
|
#### Data
|
||||||
|
|
||||||
Path: ```/usr/local/var/lib/prosody/```.
|
Path: `/usr/local/var/lib/prosody/`.
|
||||||
|
|
||||||
* used for SQLite file
|
- used for SQLite file
|
||||||
* used for HTTP uploads
|
- used for HTTP uploads
|
||||||
* this is exposed as docker volume
|
- this is exposed as docker volume
|
||||||
|
|
||||||
#### Bundled modules
|
#### Bundled modules
|
||||||
|
|
||||||
Path: ```/usr/local/lib/prosody/modules/```.
|
Path: `/usr/local/lib/prosody/modules/`.
|
||||||
|
|
||||||
#### Additionally installed prosody modules
|
#### Additionally installed prosody modules
|
||||||
|
|
||||||
Path: ```/usr/local/lib/prosody/custom-modules/```.
|
Path: `/usr/local/lib/prosody/custom-modules/`.
|
||||||
|
|
||||||
#### Config
|
#### Config
|
||||||
|
|
||||||
Path: ```/usr/local/etc/prosody/```.
|
Path: `/usr/local/etc/prosody/`.
|
||||||
|
|
||||||
* containing the main config file called ```prosody.cfg.lua```
|
- containing the main config file called `prosody.cfg.lua`
|
||||||
* containing additional config files within ```conf.d/```
|
- containing additional config files within `conf.d/`
|
||||||
|
|
||||||
#### SSL certificates
|
#### SSL certificates
|
||||||
|
|
||||||
Path: ```/usr/local/etc/prosody/certs/```.
|
Path: `/usr/local/etc/prosody/certs/`.
|
||||||
|
|
||||||
Uses [automatic location](https://prosody.im/doc/certificates#automatic_location) to find your certs.
|
Uses [automatic location](https://prosody.im/doc/certificates#automatic_location) to find your certs.
|
||||||
|
|
||||||
The http_upload module and the legacy_ssl module do not use the same search algorithm for the certificates. See [service certificates](https://prosody.im/doc/certificates#service_certificates).
|
The http_upload module and the legacy_ssl module do not use the same search algorithm for the certificates. See [service certificates](https://prosody.im/doc/certificates#service_certificates).
|
||||||
|
|
||||||
The settings https_ssl and legacy_ssl_ssl in [05-vhost.cfg.lua](./conf.d/05-vhost.cfg.lua) configures the certificates to ```certs/domain.tld/fullchain.pem``` and ```certs/domain.tld/privkey.pem``` for legacy_ssl and to ```certs/DOMAIN_HTTP_UPLOAD/fullchain.pem``` and ```certs/DOMAIN_HTTP_UPLOAD/privkey.pem``` for http_upload where DOMAIN_HTTP_UPLOAD is an environtment variable.
|
The settings https_ssl and legacy_ssl_ssl in [05-vhost.cfg.lua](./conf.d/05-vhost.cfg.lua) configures the certificates to `certs/domain.tld/fullchain.pem` and `certs/domain.tld/privkey.pem` for legacy_ssl and to `certs/DOMAIN_HTTP_UPLOAD/fullchain.pem` and `certs/DOMAIN_HTTP_UPLOAD/privkey.pem` for http_upload where DOMAIN_HTTP_UPLOAD is an environtment variable.
|
||||||
|
|
||||||
##### Folder structure
|
##### Folder structure
|
||||||
|
|
||||||
An example certificate folder structure could look like this:
|
An example certificate folder structure could look like this:
|
||||||
|
|
||||||
``` zsh
|
```zsh
|
||||||
certs
|
certs
|
||||||
├── conference.domain.tld
|
├── conference.domain.tld
|
||||||
│ ├── fullchain.pem
|
│ ├── fullchain.pem
|
||||||
|
@ -136,9 +136,9 @@ Thats how Let's encrypt certbot does it out of the box.
|
||||||
|
|
||||||
certbot creates the structure and uses symlinks to the actual certificates.
|
certbot creates the structure and uses symlinks to the actual certificates.
|
||||||
If you mount them like that prosody somehow does not find them.
|
If you mount them like that prosody somehow does not find them.
|
||||||
I copied them to a folder named ```certs``` next to my ```docker-compose.yml``` and made sure to use the ```-L``` flag of ```cp```.
|
I copied them to a folder named `certs` next to my `docker-compose.yml` and made sure to use the `-L` flag of `cp`.
|
||||||
This makes cp follow symbolic links when copying from them.
|
This makes cp follow symbolic links when copying from them.
|
||||||
For example ```cp -L src dest```.
|
For example `cp -L src dest`.
|
||||||
|
|
||||||
##### Permissions
|
##### Permissions
|
||||||
|
|
||||||
|
@ -147,10 +147,10 @@ Check [Volumes permissions](#volumes-permissions) as well.
|
||||||
|
|
||||||
### Run
|
### Run
|
||||||
|
|
||||||
I recommend using a ```docker-compose.yml``` file:
|
I recommend using a `docker-compose.yml` file:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
version: '3.7'
|
version: "3.7"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
server:
|
server:
|
||||||
|
@ -169,15 +169,15 @@ services:
|
||||||
- ./data:/usr/local/var/lib/prosody
|
- ./data:/usr/local/var/lib/prosody
|
||||||
```
|
```
|
||||||
|
|
||||||
Boot it via: ```docker-compose up -d```.
|
Boot it via: `docker-compose up -d`.
|
||||||
|
|
||||||
Inspect logs: ```docker-compose logs -f```.
|
Inspect logs: `docker-compose logs -f`.
|
||||||
|
|
||||||
### Volumes permissions
|
### Volumes permissions
|
||||||
|
|
||||||
The prosody user inside the container has the `uid=999` and `gid=999`. If you use the example `docker-compose.yml` from above make sure, that the `./data` folder and the `./certs` folder have the correct permissions.
|
The prosody user inside the container has the `uid=999` and `gid=999`. If you use the example `docker-compose.yml` from above make sure, that the `./data` folder and the `./certs` folder have the correct permissions.
|
||||||
|
|
||||||
``` shell
|
```shell
|
||||||
sudo chown 999:999 ./certs
|
sudo chown 999:999 ./certs
|
||||||
sudo chown 999:999 ./data
|
sudo chown 999:999 ./data
|
||||||
```
|
```
|
||||||
|
@ -191,61 +191,64 @@ sudo chown 999:999 ./data
|
||||||
| edge | This tag points to the latest version build from the newest [commit](https://github.com/SaraSmiseth/prosody/commits/dev) in the dev branch. |
|
| edge | This tag points to the latest version build from the newest [commit](https://github.com/SaraSmiseth/prosody/commits/dev) in the dev branch. |
|
||||||
| nightly | This tag points to the latest version build from the newest [commit](https://github.com/SaraSmiseth/prosody/commits/dev) in the dev branch. It gets rebuild every night. |
|
| nightly | This tag points to the latest version build from the newest [commit](https://github.com/SaraSmiseth/prosody/commits/dev) in the dev branch. It gets rebuild every night. |
|
||||||
| latest | This tag points to the latest version build from the latest commit that is tagged in git. See [releases](https://github.com/SaraSmiseth/prosody/releases). |
|
| latest | This tag points to the latest version build from the latest commit that is tagged in git. See [releases](https://github.com/SaraSmiseth/prosody/releases). |
|
||||||
| *vX.Y.Z* | There is a tag for each [release](https://github.com/SaraSmiseth/prosody/releases). |
|
| _vX.Y.Z_ | There is a tag for each [release](https://github.com/SaraSmiseth/prosody/releases). |
|
||||||
|
|
||||||
### Configuration
|
### Configuration
|
||||||
|
|
||||||
#### Environment variables
|
#### Environment variables
|
||||||
|
|
||||||
| Variable | Description | Type | Default value |
|
| Variable | Description | Type | Default value |
|
||||||
| -------------------------------- | -------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------- |
|
| -------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------- |
|
||||||
| **ALLOW_REGISTRATION** | Whether to allow registration of new accounts via Jabber clients | *optional* | true |
|
| **ALLOW_REGISTRATION** | Whether to allow registration of new accounts via Jabber clients | _optional_ | true |
|
||||||
| **DOMAIN** | domain | **required** | null |
|
| **DOMAIN** | domain | **required** | null |
|
||||||
| **DOMAIN_HTTP_UPLOAD** | Domain which lets clients upload files over HTTP | *optional* | upload.**DOMAIN** |
|
| **DOMAIN_HTTP_UPLOAD** | Domain which lets clients upload files over HTTP | _optional_ | upload.**DOMAIN** |
|
||||||
| **DOMAIN_MUC** | Domain for Multi-user chat (MUC) for allowing you to create hosted chatrooms/conferences for XMPP users | *optional* | conference.**DOMAIN** |
|
| **DOMAIN_MUC** | Domain for Multi-user chat (MUC) for allowing you to create hosted chatrooms/conferences for XMPP users | _optional_ | conference.**DOMAIN** |
|
||||||
| **DOMAIN_PROXY** | Domain for SOCKS5 bytestream proxy for server-proxied file transfers | *optional* | proxy.**DOMAIN** |
|
| **DOMAIN_PROXY** | Domain for SOCKS5 bytestream proxy for server-proxied file transfers | _optional_ | proxy.**DOMAIN** |
|
||||||
| **DOMAIN_PUBSUB** | Domain for a XEP-0060 pubsub service | *optional* | pubsub.**DOMAIN** |
|
| **DOMAIN_PUBSUB** | Domain for a XEP-0060 pubsub service | _optional_ | pubsub.**DOMAIN** |
|
||||||
| **DB_DRIVER** | May also be "PostgreSQL" or "MySQL" or "SQLite3" (case sensitive!) | *optional* | SQLite3 |
|
| **DB_DRIVER** | May also be "PostgreSQL" or "MySQL" or "SQLite3" (case sensitive!) | _optional_ | SQLite3 |
|
||||||
| **DB_DATABASE** | The database name to use. For SQLite3 this the database filename (relative to the data storage directory). | *optional* | prosody.sqlite |
|
| **DB_DATABASE** | The database name to use. For SQLite3 this the database filename (relative to the data storage directory). | _optional_ | prosody.sqlite |
|
||||||
| **DB_HOST** | The address of the database server | *optional* | |
|
| **DB_HOST** | The address of the database server | _optional_ | |
|
||||||
| **DB_PORT** | Port on which the database is listening | *optional* | |
|
| **DB_PORT** | Port on which the database is listening | _optional_ | |
|
||||||
| **DB_USERNAME** | The username to authenticate to the database | *optional* | |
|
| **DB_USERNAME** | The username to authenticate to the database | _optional_ | |
|
||||||
| **DB_PASSWORD** | The password to authenticate to the database | *optional* | |
|
| **DB_PASSWORD** | The password to authenticate to the database | _optional_ | |
|
||||||
| **E2E_POLICY_CHAT** | Policy for chat messages. Possible values: "none", "optional" and "required". | *optional* | "required" |
|
| **E2E_POLICY_CHAT** | Policy for chat messages. Possible values: "none", "optional" and "required". | _optional_ | "required" |
|
||||||
| **E2E_POLICY_MUC** | Policy for MUC messages. Possible values: "none", "optional" and "required". | *optional* | "required" |
|
| **E2E_POLICY_MUC** | Policy for MUC messages. Possible values: "none", "optional" and "required". | _optional_ | "required" |
|
||||||
| **E2E_POLICY_WHITELIST** | Make this module ignore messages sent to and from this JIDs or MUCs. | *optional* | "" |
|
| **E2E_POLICY_WHITELIST** | Make this module ignore messages sent to and from this JIDs or MUCs. | _optional_ | "" |
|
||||||
| **LOG_LEVEL** | Min log level. Change to debug for more information | *optional* | info |
|
| **LOG_LEVEL** | Min log level. Change to debug for more information | _optional_ | info |
|
||||||
| **C2S_REQUIRE_ENCRYPTION** | Whether to force all client-to-server connections to be encrypted or not | *optional* | true |
|
| **C2S_REQUIRE_ENCRYPTION** | Whether to force all client-to-server connections to be encrypted or not | _optional_ | true |
|
||||||
| **S2S_REQUIRE_ENCRYPTION** | Whether to force all server-to-server connections to be encrypted or not | *optional* | true |
|
| **S2S_REQUIRE_ENCRYPTION** | Whether to force all server-to-server connections to be encrypted or not | _optional_ | true |
|
||||||
| **S2S_SECURE_AUTH** | Require encryption and certificate authentication | *optional* | true |
|
| **S2S_SECURE_AUTH** | Require encryption and certificate authentication | _optional_ | true |
|
||||||
| **SERVER_CONTACT_INFO_ABUSE** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:abuse@**DOMAIN**" |
|
| **SERVER_CONTACT_INFO_ABUSE** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:abuse@**DOMAIN**" |
|
||||||
| **SERVER_CONTACT_INFO_ADMIN** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:admin@**DOMAIN**" |
|
| **SERVER_CONTACT_INFO_ADMIN** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:admin@**DOMAIN**" |
|
||||||
| **SERVER_CONTACT_INFO_FEEDBACK** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:feedback@**DOMAIN**" |
|
| **SERVER_CONTACT_INFO_FEEDBACK** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:feedback@**DOMAIN**" |
|
||||||
| **SERVER_CONTACT_INFO_SALES** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:sales@**DOMAIN**" |
|
| **SERVER_CONTACT_INFO_SALES** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:sales@**DOMAIN**" |
|
||||||
| **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:security@**DOMAIN**" |
|
| **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:security@**DOMAIN**" |
|
||||||
| **SERVER_CONTACT_INFO_SUPPORT** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:support@**DOMAIN**" |
|
| **SERVER_CONTACT_INFO_SUPPORT** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:support@**DOMAIN**" |
|
||||||
| **PROSODY_ADMINS** | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net" | *optional* | "" |
|
| **PROSODY_ADMINS** | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net" | _optional_ | "" |
|
||||||
|
| **DEFAULT_STORAGE** | Select the storage backend to load with the 'storage' configuration option. See [here](https://prosody.im/doc/storage). | _optional_ | "sql" |
|
||||||
|
| **ARCHIVE_STORE** | Select the archive store. 'archive' or 'archive2'. See [here](https://prosody.im/doc/storage). | _optional_ | "archive2" |
|
||||||
|
| **STORAGE_ARCHIVE2** | Select the storage backend to load with the 'storage.archive2' configuration option. See [here](https://prosody.im/doc/storage). | _optional_ | "sql" |
|
||||||
|
|
||||||
#### DNS
|
#### DNS
|
||||||
|
|
||||||
You need these DNS record pointing to your server:
|
You need these DNS record pointing to your server:
|
||||||
|
|
||||||
* domain.tld
|
- domain.tld
|
||||||
* conference.domain.tld
|
- conference.domain.tld
|
||||||
* proxy.domain.tld
|
- proxy.domain.tld
|
||||||
* pubsub.domain.tld
|
- pubsub.domain.tld
|
||||||
* upload.domain.tld
|
- upload.domain.tld
|
||||||
* A SRV record for _xmpps-client._tcp.domain.tld for port 5223.
|
- A SRV record for \_xmpps-client.\_tcp.domain.tld for port 5223.
|
||||||
|
|
||||||
where domain.tld is the environment variable DOMAIN.
|
where domain.tld is the environment variable DOMAIN.
|
||||||
|
|
||||||
### Extend
|
### Extend
|
||||||
|
|
||||||
There is a helper script that eases installing additional prosody modules: ```docker-prosody-module-install```
|
There is a helper script that eases installing additional prosody modules: `docker-prosody-module-install`
|
||||||
|
|
||||||
It downloads the current [prosody-modules](https://hg.prosody.im/prosody-modules/) repository. The specified modules are copied and its name is added to the ```modules_enabled``` variable within ```conf.d/01-modules.cfg.lua```.
|
It downloads the current [prosody-modules](https://hg.prosody.im/prosody-modules/) repository. The specified modules are copied and its name is added to the `modules_enabled` variable within `conf.d/01-modules.cfg.lua`.
|
||||||
|
|
||||||
There is also ```docker-prosody-module-copy``` which copies the specified modules but does not add them to the ```modules_enabled``` variable within ```conf.d/01-modules.cfg.lua```.
|
There is also `docker-prosody-module-copy` which copies the specified modules but does not add them to the `modules_enabled` variable within `conf.d/01-modules.cfg.lua`.
|
||||||
|
|
||||||
If you need additional configuration just overwrite the respective _cfg.lua_ file or add new ones.
|
If you need additional configuration just overwrite the respective _cfg.lua_ file or add new ones.
|
||||||
|
|
||||||
|
@ -262,5 +265,5 @@ prosodyctl mod_storage_sql upgrade
|
||||||
|
|
||||||
You can test your server with these websites:
|
You can test your server with these websites:
|
||||||
|
|
||||||
* [IM Observatory](https://www.xmpp.net/)
|
- [IM Observatory](https://www.xmpp.net/)
|
||||||
* [XMPP Compliance Tester](https://compliance.conversations.im/)
|
- [XMPP Compliance Tester](https://compliance.conversations.im/)
|
||||||
|
|
|
@ -18,6 +18,44 @@ services:
|
||||||
volumes:
|
volumes:
|
||||||
- ./certs:/usr/local/etc/prosody/certs
|
- ./certs:/usr/local/etc/prosody/certs
|
||||||
|
|
||||||
|
prosody_internal_storage:
|
||||||
|
image: prosody
|
||||||
|
restart: unless-stopped
|
||||||
|
ports:
|
||||||
|
- "5000:5000"
|
||||||
|
- "5222:5222"
|
||||||
|
- "5223:5223"
|
||||||
|
- "5269:5269"
|
||||||
|
- "5281:5281"
|
||||||
|
environment:
|
||||||
|
DOMAIN: localhost
|
||||||
|
E2E_POLICY_WHITELIST: "admin@localhost, user1@localhost"
|
||||||
|
LOG_LEVEL: debug
|
||||||
|
PROSODY_ADMINS: "admin@localhost, admin2@localhost"
|
||||||
|
DEFAULT_STORAGE: "internal"
|
||||||
|
STORAGE_ARCHIVE2: "internal"
|
||||||
|
volumes:
|
||||||
|
- ./certs:/usr/local/etc/prosody/certs
|
||||||
|
|
||||||
|
prosody_internal_storage_archive:
|
||||||
|
image: prosody
|
||||||
|
restart: unless-stopped
|
||||||
|
ports:
|
||||||
|
- "5000:5000"
|
||||||
|
- "5222:5222"
|
||||||
|
- "5223:5223"
|
||||||
|
- "5269:5269"
|
||||||
|
- "5281:5281"
|
||||||
|
environment:
|
||||||
|
DOMAIN: localhost
|
||||||
|
E2E_POLICY_WHITELIST: "admin@localhost, user1@localhost"
|
||||||
|
LOG_LEVEL: debug
|
||||||
|
PROSODY_ADMINS: "admin@localhost, admin2@localhost"
|
||||||
|
DEFAULT_STORAGE: "internal"
|
||||||
|
ARCHIVE_STORE: "archive"
|
||||||
|
volumes:
|
||||||
|
- ./certs:/usr/local/etc/prosody/certs
|
||||||
|
|
||||||
prosody_postgres:
|
prosody_postgres:
|
||||||
image: prosody
|
image: prosody
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
@ -45,7 +83,7 @@ services:
|
||||||
- postgres
|
- postgres
|
||||||
|
|
||||||
postgres:
|
postgres:
|
||||||
image: postgres:13-alpine
|
image: postgres:14-alpine
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
environment:
|
environment:
|
||||||
POSTGRES_DB: prosody
|
POSTGRES_DB: prosody
|
||||||
|
|
|
@ -64,8 +64,20 @@ registerTestUsers prosody_postgres
|
||||||
runTests prosody_postgres
|
runTests prosody_postgres
|
||||||
sudo docker-compose down
|
sudo docker-compose down
|
||||||
|
|
||||||
# Run tests for second container with SQLite
|
# Run tests for container with SQLite
|
||||||
sudo docker-compose up -d prosody
|
sudo docker-compose up -d prosody
|
||||||
registerTestUsers prosody
|
registerTestUsers prosody
|
||||||
runTests prosody
|
runTests prosody
|
||||||
sudo docker-compose down
|
sudo docker-compose down
|
||||||
|
|
||||||
|
# Run tests for container with internal storage and archive store archive2
|
||||||
|
sudo docker-compose up -d prosody_internal_storage
|
||||||
|
registerTestUsers prosody_internal_storage
|
||||||
|
runTests prosody_internal_storage
|
||||||
|
sudo docker-compose down
|
||||||
|
|
||||||
|
# Run tests for container with internal storage and archive store archive
|
||||||
|
sudo docker-compose up -d prosody_internal_storage_archive
|
||||||
|
registerTestUsers prosody_internal_storage_archive
|
||||||
|
runTests prosody_internal_storage_archive
|
||||||
|
sudo docker-compose down
|
||||||
|
|
21
tests/tests-prosody_internal_storage.bats
Normal file
21
tests/tests-prosody_internal_storage.bats
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
# For tests with pipes see: https://github.com/sstephenson/bats/issues/10
|
||||||
|
|
||||||
|
load 'bats/bats-support/load'
|
||||||
|
load 'bats/bats-assert/load'
|
||||||
|
|
||||||
|
# TODO
|
||||||
|
#@test "Should use internal storage" {
|
||||||
|
# run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\""
|
||||||
|
# assert_failure
|
||||||
|
# assert_output
|
||||||
|
#}
|
||||||
|
|
||||||
|
@test "Should not use sqlite" {
|
||||||
|
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\""
|
||||||
|
assert_failure
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Should not use postgres" {
|
||||||
|
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[PostgreSQL\] prosody\.\.\.\""
|
||||||
|
assert_failure
|
||||||
|
}
|
21
tests/tests-prosody_internal_storage_archive.bats
Normal file
21
tests/tests-prosody_internal_storage_archive.bats
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
# For tests with pipes see: https://github.com/sstephenson/bats/issues/10
|
||||||
|
|
||||||
|
load 'bats/bats-support/load'
|
||||||
|
load 'bats/bats-assert/load'
|
||||||
|
|
||||||
|
# TODO
|
||||||
|
#@test "Should use internal storage" {
|
||||||
|
# run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\""
|
||||||
|
# assert_failure
|
||||||
|
# assert_output
|
||||||
|
#}
|
||||||
|
|
||||||
|
@test "Should not use sqlite" {
|
||||||
|
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\""
|
||||||
|
assert_failure
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Should not use postgres" {
|
||||||
|
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[PostgreSQL\] prosody\.\.\.\""
|
||||||
|
assert_failure
|
||||||
|
}
|
|
@ -86,3 +86,8 @@ load 'bats/bats-assert/load'
|
||||||
assert_success
|
assert_success
|
||||||
assert_output
|
assert_output
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@test "Should not have any sql errors" {
|
||||||
|
run bash -c "sudo docker-compose logs $batsContainerName | grep --ignore-case Error in SQL transaction"
|
||||||
|
assert_failure
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue