forked from mirror/prosody
Compare commits
4 commits
Author | SHA1 | Date | |
---|---|---|---|
|
8d068580ea | ||
|
4fd9603a56 | ||
|
bce67be67d | ||
|
eb572d8180 |
10 changed files with 233 additions and 120 deletions
77
CHANGELOG.md
77
CHANGELOG.md
|
@ -2,33 +2,44 @@
|
|||
|
||||
## Unreleased
|
||||
|
||||
* Nothing
|
||||
- Nothing
|
||||
|
||||
## v1.2.9
|
||||
|
||||
- New environment variables to configure storage were added.
|
||||
Added DEFAULT_STORAGE and STORAGE_ARCHIVE2 which default to `sql` for backward compatibility.
|
||||
Added ARCHIVE_STORE which defaults to `archive2` for backward compatibility.
|
||||
See [prosody docs](https://prosody.im/doc/storage) for information on prosody storage.
|
||||
This fixes [#38](https://github.com/SaraSmiseth/prosody/issues/38).
|
||||
- New tests for a container with DEFAULT_STORAGE set to `internal`.
|
||||
New tests for a container with DEFAULT_STORAGE set to `internal` and ARCHIVE_STORE set to `archive`.
|
||||
- Updated luarocks to version 3.9.1.
|
||||
|
||||
## v1.2.8
|
||||
|
||||
* Updated to Prosody version [0.12.1](https://blog.prosody.im/prosody-0.12.1-released/).
|
||||
- Updated to Prosody version [0.12.1](https://blog.prosody.im/prosody-0.12.1-released/).
|
||||
|
||||
## v1.2.7
|
||||
|
||||
* Updated to Prosody version [0.12.0](https://blog.prosody.im/prosody-0.12.0-released/).
|
||||
* Updated luarocks to version 3.9.0.
|
||||
- Updated to Prosody version [0.12.0](https://blog.prosody.im/prosody-0.12.0-released/).
|
||||
- Updated luarocks to version 3.9.0.
|
||||
|
||||
## v1.2.6
|
||||
|
||||
* Updated to Prosody version [0.11.13](https://blog.prosody.im/prosody-0.11.13-released/).
|
||||
- Updated to Prosody version [0.11.13](https://blog.prosody.im/prosody-0.11.13-released/).
|
||||
|
||||
## v1.2.5
|
||||
|
||||
* Updated to Prosody version [0.11.12](https://blog.prosody.im/prosody-0.11.12-released/).
|
||||
- Updated to Prosody version [0.11.12](https://blog.prosody.im/prosody-0.11.12-released/).
|
||||
|
||||
## v1.2.4
|
||||
|
||||
* Updated to Prosody version [0.11.11](https://blog.prosody.im/prosody-0.11.11-released/).
|
||||
* Updated luarocks to version 3.8.0.
|
||||
- Updated to Prosody version [0.11.11](https://blog.prosody.im/prosody-0.11.11-released/).
|
||||
- Updated luarocks to version 3.8.0.
|
||||
|
||||
## v1.2.3
|
||||
|
||||
* Updated to Prosody version [0.11.10](https://blog.prosody.im/prosody-0.11.10-released/).
|
||||
- Updated to Prosody version [0.11.10](https://blog.prosody.im/prosody-0.11.10-released/).
|
||||
|
||||
## v1.2.2
|
||||
|
||||
|
@ -36,81 +47,81 @@
|
|||
|
||||
## v1.2.1
|
||||
|
||||
* Updated to Prosody version [0.11.9](https://blog.prosody.im/prosody-0.11.9-released/).
|
||||
- Updated to Prosody version [0.11.9](https://blog.prosody.im/prosody-0.11.9-released/).
|
||||
|
||||
## v1.2.0
|
||||
|
||||
### New features
|
||||
|
||||
* New environment variables for database settings. It is now possible to use MariaDB or Postgres instead of SQLite. SQLite is the default. See [README](https://github.com/SaraSmiseth/prosody#environment-variables).
|
||||
- New environment variables for database settings. It is now possible to use MariaDB or Postgres instead of SQLite. SQLite is the default. See [README](https://github.com/SaraSmiseth/prosody#environment-variables).
|
||||
|
||||
### Updates
|
||||
|
||||
* Updated luarocks to version 3.7.0.
|
||||
- Updated luarocks to version 3.7.0.
|
||||
|
||||
## v1.1.4
|
||||
|
||||
### Updates
|
||||
|
||||
* Updated to Prosody version [0.11.8](https://blog.prosody.im/prosody-0.11.8-released/).
|
||||
* Updated luarocks to version 3.5.0.
|
||||
- Updated to Prosody version [0.11.8](https://blog.prosody.im/prosody-0.11.8-released/).
|
||||
- Updated luarocks to version 3.5.0.
|
||||
|
||||
## v1.1.3
|
||||
|
||||
### New features
|
||||
|
||||
* Set pidfile in prosody.cfg.lua.
|
||||
* Created a tests folder which contains pytest and bats tests.
|
||||
- Set pidfile in prosody.cfg.lua.
|
||||
- Created a tests folder which contains pytest and bats tests.
|
||||
|
||||
### Bug fixes
|
||||
|
||||
* Fixed using list ENV variables with multiple values.
|
||||
- Fixed using list ENV variables with multiple values.
|
||||
|
||||
## v1.1.2
|
||||
|
||||
### Updates
|
||||
|
||||
* Updated to Prosody version [0.11.7](https://blog.prosody.im/prosody-0.11.7-released/).
|
||||
* Updated luarocks to version 3.4.0.
|
||||
- Updated to Prosody version [0.11.7](https://blog.prosody.im/prosody-0.11.7-released/).
|
||||
- Updated luarocks to version 3.4.0.
|
||||
|
||||
### New features
|
||||
|
||||
* Made 04-server_contact_info.cfg.lua configurable with ENV variables. Fixes [#4](https://github.com/SaraSmiseth/prosody/issues/4).
|
||||
* Made 03-e2e-policy.cfg.lua configurable with ENV variables. Fixes [#9](https://github.com/SaraSmiseth/prosody/issues/9).
|
||||
* Added E2E_POLICY_WHITELIST ENV variable to configure e2e_policy_whitelist. Fixes [#10](https://github.com/SaraSmiseth/prosody/issues/10).
|
||||
- Made 04-server_contact_info.cfg.lua configurable with ENV variables. Fixes [#4](https://github.com/SaraSmiseth/prosody/issues/4).
|
||||
- Made 03-e2e-policy.cfg.lua configurable with ENV variables. Fixes [#9](https://github.com/SaraSmiseth/prosody/issues/9).
|
||||
- Added E2E_POLICY_WHITELIST ENV variable to configure e2e_policy_whitelist. Fixes [#10](https://github.com/SaraSmiseth/prosody/issues/10).
|
||||
|
||||
### Bug fixes
|
||||
|
||||
* Cherry picked [commit](https://github.com/zipizap/prosody/commit/fa13a990a1b87745ae5f5fe8297cb0669f9e8779) from [zipizap/prosody](https://github.com/zipizap/prosody) which fixes a bug with env-vars not beeing initialized.
|
||||
- Cherry picked [commit](https://github.com/zipizap/prosody/commit/fa13a990a1b87745ae5f5fe8297cb0669f9e8779) from [zipizap/prosody](https://github.com/zipizap/prosody) which fixes a bug with env-vars not beeing initialized.
|
||||
|
||||
### Other changes
|
||||
|
||||
* Changed hashing of downloaded packages in Dockerfile to sha256.
|
||||
- Changed hashing of downloaded packages in Dockerfile to sha256.
|
||||
|
||||
## v1.1.1
|
||||
|
||||
* Updated to Prosody version [0.11.6](https://blog.prosody.im/prosody-0.11.6-released/).
|
||||
* Replace "master" with "dev".
|
||||
- Updated to Prosody version [0.11.6](https://blog.prosody.im/prosody-0.11.6-released/).
|
||||
- Replace "master" with "dev".
|
||||
|
||||
## v1.1.0
|
||||
|
||||
### New features
|
||||
|
||||
* Enable "announce" and "lastactivity" modules.
|
||||
* Add PROSODY_ADMINS to specify who is an administrator. Fixes #7
|
||||
- Enable "announce" and "lastactivity" modules.
|
||||
- Add PROSODY_ADMINS to specify who is an administrator. Fixes #7
|
||||
|
||||
### Breaking changes
|
||||
|
||||
* Move global ssl section to https_ssl and legacy_ssl_ssl section. It is only needed there. #3
|
||||
* <https://prosody.im/doc/ports#ssl_configuration>
|
||||
- Move global ssl section to https_ssl and legacy_ssl_ssl section. It is only needed there. #3
|
||||
- <https://prosody.im/doc/ports#ssl_configuration>
|
||||
|
||||
As explained in the [README](https://github.com/SaraSmiseth/prosody#ssl-certificates) this setup uses automatic location to find your certs. This did not work correctly before this change. It just always used the main certificate defined with the global `ssl` config setting. This setting was removed and for the [services](https://prosody.im/doc/certificates#service_certificates) that do not use automatic location new global settings were introduced. These are `legacy_ssl_ssl` and `https_ssl`.
|
||||
|
||||
### Other changes
|
||||
|
||||
* Add badges to README. Fixes #5.
|
||||
* Add link to official documentation on certificate permissions to README. Related to #3
|
||||
- Add badges to README. Fixes #5.
|
||||
- Add link to official documentation on certificate permissions to README. Related to #3
|
||||
|
||||
## v1.0.0
|
||||
|
||||
* First version
|
||||
- First version
|
||||
|
|
|
@ -4,10 +4,10 @@ ARG BUILD_DATE
|
|||
ARG VCS_REF
|
||||
ARG VERSION
|
||||
|
||||
ARG LUAROCKS_VERSION=3.9.0
|
||||
ARG LUAROCKS_VERSION=3.9.1
|
||||
ARG PROSODY_VERSION=0.12.1
|
||||
|
||||
ARG LUAROCKS_SHA256=5e840f0224891de96be4139e9475d3b1de7af3a32b95c1bdf05394563c60175f
|
||||
ARG LUAROCKS_SHA256=ffafd83b1c42aa38042166a59ac3b618c838ce4e63f4ace9d961a5679ef58253
|
||||
ARG PROSODY_DOWNLOAD_SHA256=a7ecbbe41f01a4251805593ac6d15dbc6cb75d9c7a876c76b456cf74ff4b90e5
|
||||
|
||||
LABEL luarocks.version="${LUAROCKS_VERSION}"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
default_storage = "sql"
|
||||
default_storage = os.getenv("DEFAULT_STORAGE")
|
||||
|
||||
sql = {
|
||||
driver = os.getenv("DB_DRIVER");
|
||||
|
@ -9,12 +9,11 @@ sql = {
|
|||
password = os.getenv("DB_PASSWORD");
|
||||
}
|
||||
|
||||
-- make 0.10-distributed mod_mam use sql store
|
||||
archive_store = "archive2" -- Use the same data store as prosody-modules mod_mam
|
||||
archive_store = os.getenv("ARCHIVE_STORE")
|
||||
|
||||
storage = {
|
||||
-- this makes mod_mam use the sql storage backend
|
||||
archive2 = "sql";
|
||||
archive2 = os.getenv("STORAGE_ARCHIVE2");
|
||||
}
|
||||
|
||||
-- https://modules.prosody.im/mod_mam.html
|
||||
|
|
|
@ -2,6 +2,8 @@
|
|||
set -e
|
||||
|
||||
export ALLOW_REGISTRATION=${ALLOW_REGISTRATION:-true}
|
||||
export ARCHIVE_STORE=${ARCHIVE_STORE:-"archive2"}
|
||||
export DEFAULT_STORAGE=${DEFAULT_STORAGE:-"sql"}
|
||||
export DOMAIN_HTTP_UPLOAD=${DOMAIN_HTTP_UPLOAD:-"upload.$DOMAIN"}
|
||||
export DOMAIN_MUC=${DOMAIN_MUC:-"conference.$DOMAIN"}
|
||||
export DOMAIN_PROXY=${DOMAIN_PROXY:-"proxy.$DOMAIN"}
|
||||
|
@ -21,6 +23,7 @@ export SERVER_CONTACT_INFO_FEEDBACK=${SERVER_CONTACT_INFO_FEEDBACK:-"xmpp:feedba
|
|||
export SERVER_CONTACT_INFO_SALES=${SERVER_CONTACT_INFO_SALES:-"xmpp:sales@$DOMAIN"}
|
||||
export SERVER_CONTACT_INFO_SECURITY=${SERVER_CONTACT_INFO_SECURITY:-"xmpp:security@$DOMAIN"}
|
||||
export SERVER_CONTACT_INFO_SUPPORT=${SERVER_CONTACT_INFO_SUPPORT:-"xmpp:support@$DOMAIN"}
|
||||
export STORAGE_ARCHIVE2=${STORAGE_ARCHIVE2:-"sql"}
|
||||
export PROSODY_ADMINS=${PROSODY_ADMINS:-""}
|
||||
|
||||
if [[ "$1" != "prosody" ]]; then
|
||||
|
|
159
readme.md
159
readme.md
|
@ -15,10 +15,10 @@ Multiple [architectures](https://hub.docker.com/r/sarasmiseth/prosody/tags) are
|
|||
|
||||
While Conversations got everything set-up out-of-the-box, Gajim was used with the following extensions:
|
||||
|
||||
* HttpUpload
|
||||
* Off-The-Record Encryption
|
||||
* OMEMO (requires _python-axolotl_ to be installed)
|
||||
* Url Image preview
|
||||
- HttpUpload
|
||||
- Off-The-Record Encryption
|
||||
- OMEMO (requires _python-axolotl_ to be installed)
|
||||
- Url Image preview
|
||||
|
||||
## Table of Contents
|
||||
|
||||
|
@ -49,17 +49,17 @@ While Conversations got everything set-up out-of-the-box, Gajim was used with th
|
|||
|
||||
## Features
|
||||
|
||||
* Secure by default
|
||||
* SSL certificate required
|
||||
* End-to-end encryption required (using [OMEMO](https://conversations.im/omemo/) or [OTR](https://en.wikipedia.org/wiki/Off-the-Record_Messaging))
|
||||
* Data storage
|
||||
* SQLite message store
|
||||
* Configured file upload and image sharing
|
||||
* Multi-user chat (MUC)
|
||||
- Secure by default
|
||||
- SSL certificate required
|
||||
- End-to-end encryption required (using [OMEMO](https://conversations.im/omemo/) or [OTR](https://en.wikipedia.org/wiki/Off-the-Record_Messaging))
|
||||
- Data storage
|
||||
- SQLite message store
|
||||
- Configured file upload and image sharing
|
||||
- Multi-user chat (MUC)
|
||||
|
||||
## Requirements
|
||||
|
||||
* You need a SSL certificate. I recommend [LetsEncrypt](https://letsencrypt.org/) for that.
|
||||
- You need a SSL certificate. I recommend [LetsEncrypt](https://letsencrypt.org/) for that.
|
||||
|
||||
## Image Details
|
||||
|
||||
|
@ -67,54 +67,54 @@ While Conversations got everything set-up out-of-the-box, Gajim was used with th
|
|||
|
||||
The following ports are exposed:
|
||||
|
||||
* 5000: proxy65 port used for file sharing
|
||||
* 5222: c2s port (client to server)
|
||||
* 5223: c2s legacy ssl port (client to server)
|
||||
* 5269: s2s port (server to server)
|
||||
* 5347: XMPP component port
|
||||
* 5280: BOSH / websocket port
|
||||
* 5281: Secure BOSH / websocket port
|
||||
- 5000: proxy65 port used for file sharing
|
||||
- 5222: c2s port (client to server)
|
||||
- 5223: c2s legacy ssl port (client to server)
|
||||
- 5269: s2s port (server to server)
|
||||
- 5347: XMPP component port
|
||||
- 5280: BOSH / websocket port
|
||||
- 5281: Secure BOSH / websocket port
|
||||
|
||||
### Directories
|
||||
|
||||
#### Data
|
||||
|
||||
Path: ```/usr/local/var/lib/prosody/```.
|
||||
Path: `/usr/local/var/lib/prosody/`.
|
||||
|
||||
* used for SQLite file
|
||||
* used for HTTP uploads
|
||||
* this is exposed as docker volume
|
||||
- used for SQLite file
|
||||
- used for HTTP uploads
|
||||
- this is exposed as docker volume
|
||||
|
||||
#### Bundled modules
|
||||
|
||||
Path: ```/usr/local/lib/prosody/modules/```.
|
||||
Path: `/usr/local/lib/prosody/modules/`.
|
||||
|
||||
#### Additionally installed prosody modules
|
||||
|
||||
Path: ```/usr/local/lib/prosody/custom-modules/```.
|
||||
Path: `/usr/local/lib/prosody/custom-modules/`.
|
||||
|
||||
#### Config
|
||||
|
||||
Path: ```/usr/local/etc/prosody/```.
|
||||
Path: `/usr/local/etc/prosody/`.
|
||||
|
||||
* containing the main config file called ```prosody.cfg.lua```
|
||||
* containing additional config files within ```conf.d/```
|
||||
- containing the main config file called `prosody.cfg.lua`
|
||||
- containing additional config files within `conf.d/`
|
||||
|
||||
#### SSL certificates
|
||||
|
||||
Path: ```/usr/local/etc/prosody/certs/```.
|
||||
Path: `/usr/local/etc/prosody/certs/`.
|
||||
|
||||
Uses [automatic location](https://prosody.im/doc/certificates#automatic_location) to find your certs.
|
||||
|
||||
The http_upload module and the legacy_ssl module do not use the same search algorithm for the certificates. See [service certificates](https://prosody.im/doc/certificates#service_certificates).
|
||||
|
||||
The settings https_ssl and legacy_ssl_ssl in [05-vhost.cfg.lua](./conf.d/05-vhost.cfg.lua) configures the certificates to ```certs/domain.tld/fullchain.pem``` and ```certs/domain.tld/privkey.pem``` for legacy_ssl and to ```certs/DOMAIN_HTTP_UPLOAD/fullchain.pem``` and ```certs/DOMAIN_HTTP_UPLOAD/privkey.pem``` for http_upload where DOMAIN_HTTP_UPLOAD is an environtment variable.
|
||||
The settings https_ssl and legacy_ssl_ssl in [05-vhost.cfg.lua](./conf.d/05-vhost.cfg.lua) configures the certificates to `certs/domain.tld/fullchain.pem` and `certs/domain.tld/privkey.pem` for legacy_ssl and to `certs/DOMAIN_HTTP_UPLOAD/fullchain.pem` and `certs/DOMAIN_HTTP_UPLOAD/privkey.pem` for http_upload where DOMAIN_HTTP_UPLOAD is an environtment variable.
|
||||
|
||||
##### Folder structure
|
||||
|
||||
An example certificate folder structure could look like this:
|
||||
|
||||
``` zsh
|
||||
```zsh
|
||||
certs
|
||||
├── conference.domain.tld
|
||||
│ ├── fullchain.pem
|
||||
|
@ -136,9 +136,9 @@ Thats how Let's encrypt certbot does it out of the box.
|
|||
|
||||
certbot creates the structure and uses symlinks to the actual certificates.
|
||||
If you mount them like that prosody somehow does not find them.
|
||||
I copied them to a folder named ```certs``` next to my ```docker-compose.yml``` and made sure to use the ```-L``` flag of ```cp```.
|
||||
I copied them to a folder named `certs` next to my `docker-compose.yml` and made sure to use the `-L` flag of `cp`.
|
||||
This makes cp follow symbolic links when copying from them.
|
||||
For example ```cp -L src dest```.
|
||||
For example `cp -L src dest`.
|
||||
|
||||
##### Permissions
|
||||
|
||||
|
@ -147,10 +147,10 @@ Check [Volumes permissions](#volumes-permissions) as well.
|
|||
|
||||
### Run
|
||||
|
||||
I recommend using a ```docker-compose.yml``` file:
|
||||
I recommend using a `docker-compose.yml` file:
|
||||
|
||||
```yaml
|
||||
version: '3.7'
|
||||
version: "3.7"
|
||||
|
||||
services:
|
||||
server:
|
||||
|
@ -169,15 +169,15 @@ services:
|
|||
- ./data:/usr/local/var/lib/prosody
|
||||
```
|
||||
|
||||
Boot it via: ```docker-compose up -d```.
|
||||
Boot it via: `docker-compose up -d`.
|
||||
|
||||
Inspect logs: ```docker-compose logs -f```.
|
||||
Inspect logs: `docker-compose logs -f`.
|
||||
|
||||
### Volumes permissions
|
||||
|
||||
The prosody user inside the container has the `uid=999` and `gid=999`. If you use the example `docker-compose.yml` from above make sure, that the `./data` folder and the `./certs` folder have the correct permissions.
|
||||
|
||||
``` shell
|
||||
```shell
|
||||
sudo chown 999:999 ./certs
|
||||
sudo chown 999:999 ./data
|
||||
```
|
||||
|
@ -191,61 +191,64 @@ sudo chown 999:999 ./data
|
|||
| edge | This tag points to the latest version build from the newest [commit](https://github.com/SaraSmiseth/prosody/commits/dev) in the dev branch. |
|
||||
| nightly | This tag points to the latest version build from the newest [commit](https://github.com/SaraSmiseth/prosody/commits/dev) in the dev branch. It gets rebuild every night. |
|
||||
| latest | This tag points to the latest version build from the latest commit that is tagged in git. See [releases](https://github.com/SaraSmiseth/prosody/releases). |
|
||||
| *vX.Y.Z* | There is a tag for each [release](https://github.com/SaraSmiseth/prosody/releases). |
|
||||
| _vX.Y.Z_ | There is a tag for each [release](https://github.com/SaraSmiseth/prosody/releases). |
|
||||
|
||||
### Configuration
|
||||
|
||||
#### Environment variables
|
||||
|
||||
| Variable | Description | Type | Default value |
|
||||
| -------------------------------- | -------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------- |
|
||||
| **ALLOW_REGISTRATION** | Whether to allow registration of new accounts via Jabber clients | *optional* | true |
|
||||
| **DOMAIN** | domain | **required** | null |
|
||||
| **DOMAIN_HTTP_UPLOAD** | Domain which lets clients upload files over HTTP | *optional* | upload.**DOMAIN** |
|
||||
| **DOMAIN_MUC** | Domain for Multi-user chat (MUC) for allowing you to create hosted chatrooms/conferences for XMPP users | *optional* | conference.**DOMAIN** |
|
||||
| **DOMAIN_PROXY** | Domain for SOCKS5 bytestream proxy for server-proxied file transfers | *optional* | proxy.**DOMAIN** |
|
||||
| **DOMAIN_PUBSUB** | Domain for a XEP-0060 pubsub service | *optional* | pubsub.**DOMAIN** |
|
||||
| **DB_DRIVER** | May also be "PostgreSQL" or "MySQL" or "SQLite3" (case sensitive!) | *optional* | SQLite3 |
|
||||
| **DB_DATABASE** | The database name to use. For SQLite3 this the database filename (relative to the data storage directory). | *optional* | prosody.sqlite |
|
||||
| **DB_HOST** | The address of the database server | *optional* | |
|
||||
| **DB_PORT** | Port on which the database is listening | *optional* | |
|
||||
| **DB_USERNAME** | The username to authenticate to the database | *optional* | |
|
||||
| **DB_PASSWORD** | The password to authenticate to the database | *optional* | |
|
||||
| **E2E_POLICY_CHAT** | Policy for chat messages. Possible values: "none", "optional" and "required". | *optional* | "required" |
|
||||
| **E2E_POLICY_MUC** | Policy for MUC messages. Possible values: "none", "optional" and "required". | *optional* | "required" |
|
||||
| **E2E_POLICY_WHITELIST** | Make this module ignore messages sent to and from this JIDs or MUCs. | *optional* | "" |
|
||||
| **LOG_LEVEL** | Min log level. Change to debug for more information | *optional* | info |
|
||||
| **C2S_REQUIRE_ENCRYPTION** | Whether to force all client-to-server connections to be encrypted or not | *optional* | true |
|
||||
| **S2S_REQUIRE_ENCRYPTION** | Whether to force all server-to-server connections to be encrypted or not | *optional* | true |
|
||||
| **S2S_SECURE_AUTH** | Require encryption and certificate authentication | *optional* | true |
|
||||
| **SERVER_CONTACT_INFO_ABUSE** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:abuse@**DOMAIN**" |
|
||||
| **SERVER_CONTACT_INFO_ADMIN** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:admin@**DOMAIN**" |
|
||||
| **SERVER_CONTACT_INFO_FEEDBACK** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:feedback@**DOMAIN**" |
|
||||
| **SERVER_CONTACT_INFO_SALES** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:sales@**DOMAIN**" |
|
||||
| **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:security@**DOMAIN**" |
|
||||
| **SERVER_CONTACT_INFO_SUPPORT** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:support@**DOMAIN**" |
|
||||
| **PROSODY_ADMINS** | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net" | *optional* | "" |
|
||||
| Variable | Description | Type | Default value |
|
||||
| -------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------- |
|
||||
| **ALLOW_REGISTRATION** | Whether to allow registration of new accounts via Jabber clients | _optional_ | true |
|
||||
| **DOMAIN** | domain | **required** | null |
|
||||
| **DOMAIN_HTTP_UPLOAD** | Domain which lets clients upload files over HTTP | _optional_ | upload.**DOMAIN** |
|
||||
| **DOMAIN_MUC** | Domain for Multi-user chat (MUC) for allowing you to create hosted chatrooms/conferences for XMPP users | _optional_ | conference.**DOMAIN** |
|
||||
| **DOMAIN_PROXY** | Domain for SOCKS5 bytestream proxy for server-proxied file transfers | _optional_ | proxy.**DOMAIN** |
|
||||
| **DOMAIN_PUBSUB** | Domain for a XEP-0060 pubsub service | _optional_ | pubsub.**DOMAIN** |
|
||||
| **DB_DRIVER** | May also be "PostgreSQL" or "MySQL" or "SQLite3" (case sensitive!) | _optional_ | SQLite3 |
|
||||
| **DB_DATABASE** | The database name to use. For SQLite3 this the database filename (relative to the data storage directory). | _optional_ | prosody.sqlite |
|
||||
| **DB_HOST** | The address of the database server | _optional_ | |
|
||||
| **DB_PORT** | Port on which the database is listening | _optional_ | |
|
||||
| **DB_USERNAME** | The username to authenticate to the database | _optional_ | |
|
||||
| **DB_PASSWORD** | The password to authenticate to the database | _optional_ | |
|
||||
| **E2E_POLICY_CHAT** | Policy for chat messages. Possible values: "none", "optional" and "required". | _optional_ | "required" |
|
||||
| **E2E_POLICY_MUC** | Policy for MUC messages. Possible values: "none", "optional" and "required". | _optional_ | "required" |
|
||||
| **E2E_POLICY_WHITELIST** | Make this module ignore messages sent to and from this JIDs or MUCs. | _optional_ | "" |
|
||||
| **LOG_LEVEL** | Min log level. Change to debug for more information | _optional_ | info |
|
||||
| **C2S_REQUIRE_ENCRYPTION** | Whether to force all client-to-server connections to be encrypted or not | _optional_ | true |
|
||||
| **S2S_REQUIRE_ENCRYPTION** | Whether to force all server-to-server connections to be encrypted or not | _optional_ | true |
|
||||
| **S2S_SECURE_AUTH** | Require encryption and certificate authentication | _optional_ | true |
|
||||
| **SERVER_CONTACT_INFO_ABUSE** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:abuse@**DOMAIN**" |
|
||||
| **SERVER_CONTACT_INFO_ADMIN** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:admin@**DOMAIN**" |
|
||||
| **SERVER_CONTACT_INFO_FEEDBACK** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:feedback@**DOMAIN**" |
|
||||
| **SERVER_CONTACT_INFO_SALES** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:sales@**DOMAIN**" |
|
||||
| **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:security@**DOMAIN**" |
|
||||
| **SERVER_CONTACT_INFO_SUPPORT** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:support@**DOMAIN**" |
|
||||
| **PROSODY_ADMINS** | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net" | _optional_ | "" |
|
||||
| **DEFAULT_STORAGE** | Select the storage backend to load with the 'storage' configuration option. See [here](https://prosody.im/doc/storage). | _optional_ | "sql" |
|
||||
| **ARCHIVE_STORE** | Select the archive store. 'archive' or 'archive2'. See [here](https://prosody.im/doc/storage). | _optional_ | "archive2" |
|
||||
| **STORAGE_ARCHIVE2** | Select the storage backend to load with the 'storage.archive2' configuration option. See [here](https://prosody.im/doc/storage). | _optional_ | "sql" |
|
||||
|
||||
#### DNS
|
||||
|
||||
You need these DNS record pointing to your server:
|
||||
|
||||
* domain.tld
|
||||
* conference.domain.tld
|
||||
* proxy.domain.tld
|
||||
* pubsub.domain.tld
|
||||
* upload.domain.tld
|
||||
* A SRV record for _xmpps-client._tcp.domain.tld for port 5223.
|
||||
- domain.tld
|
||||
- conference.domain.tld
|
||||
- proxy.domain.tld
|
||||
- pubsub.domain.tld
|
||||
- upload.domain.tld
|
||||
- A SRV record for \_xmpps-client.\_tcp.domain.tld for port 5223.
|
||||
|
||||
where domain.tld is the environment variable DOMAIN.
|
||||
|
||||
### Extend
|
||||
|
||||
There is a helper script that eases installing additional prosody modules: ```docker-prosody-module-install```
|
||||
There is a helper script that eases installing additional prosody modules: `docker-prosody-module-install`
|
||||
|
||||
It downloads the current [prosody-modules](https://hg.prosody.im/prosody-modules/) repository. The specified modules are copied and its name is added to the ```modules_enabled``` variable within ```conf.d/01-modules.cfg.lua```.
|
||||
It downloads the current [prosody-modules](https://hg.prosody.im/prosody-modules/) repository. The specified modules are copied and its name is added to the `modules_enabled` variable within `conf.d/01-modules.cfg.lua`.
|
||||
|
||||
There is also ```docker-prosody-module-copy``` which copies the specified modules but does not add them to the ```modules_enabled``` variable within ```conf.d/01-modules.cfg.lua```.
|
||||
There is also `docker-prosody-module-copy` which copies the specified modules but does not add them to the `modules_enabled` variable within `conf.d/01-modules.cfg.lua`.
|
||||
|
||||
If you need additional configuration just overwrite the respective _cfg.lua_ file or add new ones.
|
||||
|
||||
|
@ -262,5 +265,5 @@ prosodyctl mod_storage_sql upgrade
|
|||
|
||||
You can test your server with these websites:
|
||||
|
||||
* [IM Observatory](https://www.xmpp.net/)
|
||||
* [XMPP Compliance Tester](https://compliance.conversations.im/)
|
||||
- [IM Observatory](https://www.xmpp.net/)
|
||||
- [XMPP Compliance Tester](https://compliance.conversations.im/)
|
||||
|
|
|
@ -18,6 +18,44 @@ services:
|
|||
volumes:
|
||||
- ./certs:/usr/local/etc/prosody/certs
|
||||
|
||||
prosody_internal_storage:
|
||||
image: prosody
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "5000:5000"
|
||||
- "5222:5222"
|
||||
- "5223:5223"
|
||||
- "5269:5269"
|
||||
- "5281:5281"
|
||||
environment:
|
||||
DOMAIN: localhost
|
||||
E2E_POLICY_WHITELIST: "admin@localhost, user1@localhost"
|
||||
LOG_LEVEL: debug
|
||||
PROSODY_ADMINS: "admin@localhost, admin2@localhost"
|
||||
DEFAULT_STORAGE: "internal"
|
||||
STORAGE_ARCHIVE2: "internal"
|
||||
volumes:
|
||||
- ./certs:/usr/local/etc/prosody/certs
|
||||
|
||||
prosody_internal_storage_archive:
|
||||
image: prosody
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "5000:5000"
|
||||
- "5222:5222"
|
||||
- "5223:5223"
|
||||
- "5269:5269"
|
||||
- "5281:5281"
|
||||
environment:
|
||||
DOMAIN: localhost
|
||||
E2E_POLICY_WHITELIST: "admin@localhost, user1@localhost"
|
||||
LOG_LEVEL: debug
|
||||
PROSODY_ADMINS: "admin@localhost, admin2@localhost"
|
||||
DEFAULT_STORAGE: "internal"
|
||||
ARCHIVE_STORE: "archive"
|
||||
volumes:
|
||||
- ./certs:/usr/local/etc/prosody/certs
|
||||
|
||||
prosody_postgres:
|
||||
image: prosody
|
||||
restart: unless-stopped
|
||||
|
@ -45,7 +83,7 @@ services:
|
|||
- postgres
|
||||
|
||||
postgres:
|
||||
image: postgres:13-alpine
|
||||
image: postgres:14-alpine
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
POSTGRES_DB: prosody
|
||||
|
|
|
@ -64,8 +64,20 @@ registerTestUsers prosody_postgres
|
|||
runTests prosody_postgres
|
||||
sudo docker-compose down
|
||||
|
||||
# Run tests for second container with SQLite
|
||||
# Run tests for container with SQLite
|
||||
sudo docker-compose up -d prosody
|
||||
registerTestUsers prosody
|
||||
runTests prosody
|
||||
sudo docker-compose down
|
||||
|
||||
# Run tests for container with internal storage and archive store archive2
|
||||
sudo docker-compose up -d prosody_internal_storage
|
||||
registerTestUsers prosody_internal_storage
|
||||
runTests prosody_internal_storage
|
||||
sudo docker-compose down
|
||||
|
||||
# Run tests for container with internal storage and archive store archive
|
||||
sudo docker-compose up -d prosody_internal_storage_archive
|
||||
registerTestUsers prosody_internal_storage_archive
|
||||
runTests prosody_internal_storage_archive
|
||||
sudo docker-compose down
|
||||
|
|
21
tests/tests-prosody_internal_storage.bats
Normal file
21
tests/tests-prosody_internal_storage.bats
Normal file
|
@ -0,0 +1,21 @@
|
|||
# For tests with pipes see: https://github.com/sstephenson/bats/issues/10
|
||||
|
||||
load 'bats/bats-support/load'
|
||||
load 'bats/bats-assert/load'
|
||||
|
||||
# TODO
|
||||
#@test "Should use internal storage" {
|
||||
# run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\""
|
||||
# assert_failure
|
||||
# assert_output
|
||||
#}
|
||||
|
||||
@test "Should not use sqlite" {
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\""
|
||||
assert_failure
|
||||
}
|
||||
|
||||
@test "Should not use postgres" {
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[PostgreSQL\] prosody\.\.\.\""
|
||||
assert_failure
|
||||
}
|
21
tests/tests-prosody_internal_storage_archive.bats
Normal file
21
tests/tests-prosody_internal_storage_archive.bats
Normal file
|
@ -0,0 +1,21 @@
|
|||
# For tests with pipes see: https://github.com/sstephenson/bats/issues/10
|
||||
|
||||
load 'bats/bats-support/load'
|
||||
load 'bats/bats-assert/load'
|
||||
|
||||
# TODO
|
||||
#@test "Should use internal storage" {
|
||||
# run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\""
|
||||
# assert_failure
|
||||
# assert_output
|
||||
#}
|
||||
|
||||
@test "Should not use sqlite" {
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\""
|
||||
assert_failure
|
||||
}
|
||||
|
||||
@test "Should not use postgres" {
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[PostgreSQL\] prosody\.\.\.\""
|
||||
assert_failure
|
||||
}
|
|
@ -86,3 +86,8 @@ load 'bats/bats-assert/load'
|
|||
assert_success
|
||||
assert_output
|
||||
}
|
||||
|
||||
@test "Should not have any sql errors" {
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep --ignore-case Error in SQL transaction"
|
||||
assert_failure
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue