hex/prosody
1
0
Fork 0
forked from mirror/prosody
Code Pull requests Activity

Compare commits

base: hex:dev
Branches Tags
hex:dev
hex:storage
hex:invites
hex:mod_pastebin
hex:v1.3.1
hex:v1.3.0
hex:v1.2.10
hex:v1.2.9
hex:v1.2.8
hex:v1.2.7
hex:v1.2.6
hex:v1.2.5
hex:v1.2.4
hex:v1.2.3
hex:v1.2.2
hex:v1.2.1
hex:v1.2.0
hex:v1.1.4
hex:v1.1.3
hex:v1.1.2
hex:v1.1.1
hex:v1.1.0
hex:v1.0.0
..
compare: hex:storage
Branches Tags
hex:dev
hex:storage
hex:invites
hex:mod_pastebin
mirror:dev
mirror:storage
mirror:invites
mirror:mod_pastebin
hex:v1.3.1
hex:v1.3.0
hex:v1.2.10
hex:v1.2.9
hex:v1.2.8
hex:v1.2.7
hex:v1.2.6
hex:v1.2.5
hex:v1.2.4
hex:v1.2.3
hex:v1.2.2
hex:v1.2.1
hex:v1.2.0
hex:v1.1.4
hex:v1.1.3
hex:v1.1.2
hex:v1.1.1
hex:v1.1.0
hex:v1.0.0
mirror:v1.1.0
mirror:v1.0.0
mirror:v1.1.1
mirror:v1.1.2
mirror:v1.1.3
mirror:v1.1.4
mirror:v1.2.0
mirror:v1.2.1
mirror:v1.2.10
mirror:v1.2.2
mirror:v1.2.3
mirror:v1.2.4
mirror:v1.2.5
mirror:v1.2.6
mirror:v1.2.7
mirror:v1.2.8
mirror:v1.2.9
mirror:v1.3.0
mirror:v1.3.1
mirror:v1.3.2

4 commits
dev ... storage

Author SHA1 Message Date
Sara Aimée Smiseth
8d068580ea Update luarocks to 3.9.1 2022-09-02 09:07:43 +02:00
Sara Aimée Smiseth
4fd9603a56 Update CHANGELOG.md 2022-08-24 17:54:17 +02:00
Sara Aimée Smiseth
bce67be67d Renamed STORAGE to DEFAULT_STORAGE. Added ARCHIVE_STORE and STORAGE_ARCHIVE2. 2022-08-24 17:10:54 +02:00
Sara Aimée Smiseth
eb572d8180 * New environment variable STORAGE was added. Defaults to sql like before. See [prosody docs](https://prosody.im/doc/storage). This fixes [#38](https://github.com/SaraSmiseth/prosody/issues/38). 
* New tests for a container with STORAGE set to `internal`.
 2022-08-19 10:10:00 +02:00
22 changed files with 351 additions and 427 deletions
Show stats Expand all files Collapse all files

108
CHANGELOG.md
View file

@ -2,70 +2,44 @@
## Unreleased ## Unreleased
### Adjust config - Nothing
* Replace deprecated legacy_ssl with c2s_direct_tls.
* Removed use_libevent = true. This means the default is now used which is epoll.
### Test
Added a test to check that no deprecated config settings are used.
## v1.3.0
* Updated to Prosody version [0.12.4](https://blog.prosody.im/prosody-0.12.4-released/)
### Breaking Change
Switched from [http_upload](https://modules.prosody.im/mod_http_upload) to [http_file_share](https://prosody.im/doc/modules/mod_http_file_share).
This means that previous uploads will NOT work after upgrading.
ENV variable `HTTP_UPLOAD_FILE_SIZE_LIMIT` was removed.
The new module uses the following variables:
* HTTP_FILE_SHARE_SIZE_LIMIT
* HTTP_FILE_SHARE_DAILY_QUOTA
See [readme.md](readme.md) for explanations and defaults.
## v1.2.10
* Update docker base image to debian bookworm
* [Add LDAP authentication support](https://github.com/SaraSmiseth/prosody/pull/50)
* Add environment variable HTTP_MAX_CONTENT_SIZE for setting http_max_content_size.
* Add environment variable HTTP_UPLOAD_FILE_SIZE_LIMIT for setting http_upload_file_size_limit.
* Add domain_http_upload to disco_items to support http_upload on some clients and if http_upload is not a subdomain.
## v1.2.9 ## v1.2.9
* Update prosody to version 0.12.3 - New environment variables to configure storage were added.
* Update luarocks to version 3.9.2 Added DEFAULT_STORAGE and STORAGE_ARCHIVE2 which default to `sql` for backward compatibility.
Added ARCHIVE_STORE which defaults to `archive2` for backward compatibility.
See [prosody docs](https://prosody.im/doc/storage) for information on prosody storage.
This fixes [#38](https://github.com/SaraSmiseth/prosody/issues/38).
- New tests for a container with DEFAULT_STORAGE set to `internal`.
New tests for a container with DEFAULT_STORAGE set to `internal` and ARCHIVE_STORE set to `archive`.
- Updated luarocks to version 3.9.1.
## v1.2.8 ## v1.2.8
* Updated to Prosody version [0.12.1](https://blog.prosody.im/prosody-0.12.1-released/). - Updated to Prosody version [0.12.1](https://blog.prosody.im/prosody-0.12.1-released/).
## v1.2.7 ## v1.2.7
* Updated to Prosody version [0.12.0](https://blog.prosody.im/prosody-0.12.0-released/). - Updated to Prosody version [0.12.0](https://blog.prosody.im/prosody-0.12.0-released/).
* Updated luarocks to version 3.9.0. - Updated luarocks to version 3.9.0.
## v1.2.6 ## v1.2.6
* Updated to Prosody version [0.11.13](https://blog.prosody.im/prosody-0.11.13-released/). - Updated to Prosody version [0.11.13](https://blog.prosody.im/prosody-0.11.13-released/).
## v1.2.5 ## v1.2.5
* Updated to Prosody version [0.11.12](https://blog.prosody.im/prosody-0.11.12-released/). - Updated to Prosody version [0.11.12](https://blog.prosody.im/prosody-0.11.12-released/).
## v1.2.4 ## v1.2.4
* Updated to Prosody version [0.11.11](https://blog.prosody.im/prosody-0.11.11-released/). - Updated to Prosody version [0.11.11](https://blog.prosody.im/prosody-0.11.11-released/).
* Updated luarocks to version 3.8.0. - Updated luarocks to version 3.8.0.
## v1.2.3 ## v1.2.3
* Updated to Prosody version [0.11.10](https://blog.prosody.im/prosody-0.11.10-released/). - Updated to Prosody version [0.11.10](https://blog.prosody.im/prosody-0.11.10-released/).
## v1.2.2 ## v1.2.2
@ -73,81 +47,81 @@ See [readme.md](readme.md) for explanations and defaults.
## v1.2.1 ## v1.2.1
* Updated to Prosody version [0.11.9](https://blog.prosody.im/prosody-0.11.9-released/). - Updated to Prosody version [0.11.9](https://blog.prosody.im/prosody-0.11.9-released/).
## v1.2.0 ## v1.2.0
### New features ### New features
* New environment variables for database settings. It is now possible to use MariaDB or Postgres instead of SQLite. SQLite is the default. See [README](https://github.com/SaraSmiseth/prosody#environment-variables). - New environment variables for database settings. It is now possible to use MariaDB or Postgres instead of SQLite. SQLite is the default. See [README](https://github.com/SaraSmiseth/prosody#environment-variables).
### Updates ### Updates
* Updated luarocks to version 3.7.0. - Updated luarocks to version 3.7.0.
## v1.1.4 ## v1.1.4
### Updates ### Updates
* Updated to Prosody version [0.11.8](https://blog.prosody.im/prosody-0.11.8-released/). - Updated to Prosody version [0.11.8](https://blog.prosody.im/prosody-0.11.8-released/).
* Updated luarocks to version 3.5.0. - Updated luarocks to version 3.5.0.
## v1.1.3 ## v1.1.3
### New features ### New features
* Set pidfile in prosody.cfg.lua. - Set pidfile in prosody.cfg.lua.
* Created a tests folder which contains pytest and bats tests. - Created a tests folder which contains pytest and bats tests.
### Bug fixes ### Bug fixes
* Fixed using list ENV variables with multiple values. - Fixed using list ENV variables with multiple values.
## v1.1.2 ## v1.1.2
### Updates ### Updates
* Updated to Prosody version [0.11.7](https://blog.prosody.im/prosody-0.11.7-released/). - Updated to Prosody version [0.11.7](https://blog.prosody.im/prosody-0.11.7-released/).
* Updated luarocks to version 3.4.0. - Updated luarocks to version 3.4.0.
### New features ### New features
* Made 04-server_contact_info.cfg.lua configurable with ENV variables. Fixes [#4](https://github.com/SaraSmiseth/prosody/issues/4). - Made 04-server_contact_info.cfg.lua configurable with ENV variables. Fixes [#4](https://github.com/SaraSmiseth/prosody/issues/4).
* Made 03-e2e-policy.cfg.lua configurable with ENV variables. Fixes [#9](https://github.com/SaraSmiseth/prosody/issues/9). - Made 03-e2e-policy.cfg.lua configurable with ENV variables. Fixes [#9](https://github.com/SaraSmiseth/prosody/issues/9).
* Added E2E_POLICY_WHITELIST ENV variable to configure e2e_policy_whitelist. Fixes [#10](https://github.com/SaraSmiseth/prosody/issues/10). - Added E2E_POLICY_WHITELIST ENV variable to configure e2e_policy_whitelist. Fixes [#10](https://github.com/SaraSmiseth/prosody/issues/10).
### Bug fixes ### Bug fixes
* Cherry picked [commit](https://github.com/zipizap/prosody/commit/fa13a990a1b87745ae5f5fe8297cb0669f9e8779) from [zipizap/prosody](https://github.com/zipizap/prosody) which fixes a bug with env-vars not beeing initialized. - Cherry picked [commit](https://github.com/zipizap/prosody/commit/fa13a990a1b87745ae5f5fe8297cb0669f9e8779) from [zipizap/prosody](https://github.com/zipizap/prosody) which fixes a bug with env-vars not beeing initialized.
### Other changes ### Other changes
* Changed hashing of downloaded packages in Dockerfile to sha256. - Changed hashing of downloaded packages in Dockerfile to sha256.
## v1.1.1 ## v1.1.1
* Updated to Prosody version [0.11.6](https://blog.prosody.im/prosody-0.11.6-released/). - Updated to Prosody version [0.11.6](https://blog.prosody.im/prosody-0.11.6-released/).
* Replace "master" with "dev". - Replace "master" with "dev".
## v1.1.0 ## v1.1.0
### New features ### New features
* Enable "announce" and "lastactivity" modules. - Enable "announce" and "lastactivity" modules.
* Add PROSODY_ADMINS to specify who is an administrator. Fixes #7 - Add PROSODY_ADMINS to specify who is an administrator. Fixes #7
### Breaking changes ### Breaking changes
* Move global ssl section to https_ssl and legacy_ssl_ssl section. It is only needed there. #3 - Move global ssl section to https_ssl and legacy_ssl_ssl section. It is only needed there. #3
* <https://prosody.im/doc/ports#ssl_configuration> - <https://prosody.im/doc/ports#ssl_configuration>
As explained in the [README](https://github.com/SaraSmiseth/prosody#ssl-certificates) this setup uses automatic location to find your certs. This did not work correctly before this change. It just always used the main certificate defined with the global `ssl` config setting. This setting was removed and for the [services](https://prosody.im/doc/certificates#service_certificates) that do not use automatic location new global settings were introduced. These are `legacy_ssl_ssl` and `https_ssl`. As explained in the [README](https://github.com/SaraSmiseth/prosody#ssl-certificates) this setup uses automatic location to find your certs. This did not work correctly before this change. It just always used the main certificate defined with the global `ssl` config setting. This setting was removed and for the [services](https://prosody.im/doc/certificates#service_certificates) that do not use automatic location new global settings were introduced. These are `legacy_ssl_ssl` and `https_ssl`.
### Other changes ### Other changes
* Add badges to README. Fixes #5. - Add badges to README. Fixes #5.
* Add link to official documentation on certificate permissions to README. Related to #3 - Add link to official documentation on certificate permissions to README. Related to #3
## v1.0.0 ## v1.0.0
* First version - First version

24
Dockerfile
View file

@ -1,14 +1,14 @@
FROM debian:bookworm-slim FROM debian:bullseye-slim
ARG BUILD_DATE ARG BUILD_DATE
ARG VCS_REF ARG VCS_REF
ARG VERSION ARG VERSION
ARG LUAROCKS_VERSION=3.11.1 ARG LUAROCKS_VERSION=3.9.1
ARG PROSODY_VERSION=0.12.4 ARG PROSODY_VERSION=0.12.1
ARG LUAROCKS_SHA256="c3fb3d960dffb2b2fe9de7e3cb004dc4d0b34bb3d342578af84f84325c669102" ARG LUAROCKS_SHA256=ffafd83b1c42aa38042166a59ac3b618c838ce4e63f4ace9d961a5679ef58253
ARG PROSODY_DOWNLOAD_SHA256="47d712273c2f29558c412f6cdaec073260bbc26b7dda243db580330183d65856" ARG PROSODY_DOWNLOAD_SHA256=a7ecbbe41f01a4251805593ac6d15dbc6cb75d9c7a876c76b456cf74ff4b90e5
LABEL luarocks.version="${LUAROCKS_VERSION}" LABEL luarocks.version="${LUAROCKS_VERSION}"
LABEL org.opencontainers.image.authors="Sara Smiseth" LABEL org.opencontainers.image.authors="Sara Smiseth"
@ -26,17 +26,15 @@ LABEL prosody.version="${PROSODY_VERSION}"
RUN apt-get update \ RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y \ && DEBIAN_FRONTEND=noninteractive apt-get install -y \
libevent-dev `# this is no build dependency, but needed for luaevent` \ libevent-dev `# this is no build dependency, but needed for luaevent` \
libicu72 \ libicu67 \
libidn2-0 \ libidn11 \
libpq-dev \ libpq-dev \
libsqlite3-0 \ libsqlite3-0 \
lua5.2 \ lua5.2 \
lua-bitop \ lua-bitop \
lua-dbi-mysql \ lua-dbi-mysql \
lua-dbi-postgresql \
lua-expat \ lua-expat \
lua-filesystem \ lua-filesystem \
lua-ldap \
lua-socket \ lua-socket \
lua-sec \ lua-sec \
lua-unbound \ lua-unbound \
@ -44,7 +42,7 @@ RUN apt-get update \
&& apt-get clean \ && apt-get clean \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
RUN buildDeps='gcc git libc6-dev libidn2-dev liblua5.2-dev libsqlite3-dev libssl-dev libicu-dev make unzip' \ RUN buildDeps='gcc git libc6-dev libidn11-dev liblua5.2-dev libsqlite3-dev libssl-dev libicu-dev make unzip' \
&& set -x \ && set -x \
&& apt-get update && apt-get install -y $buildDeps --no-install-recommends \ && apt-get update && apt-get install -y $buildDeps --no-install-recommends \
&& rm -rf /var/lib/apt/lists/* \ && rm -rf /var/lib/apt/lists/* \
@ -72,6 +70,7 @@ RUN buildDeps='gcc git libc6-dev libidn2-dev liblua5.2-dev libsqlite3-dev libssl
&& luarocks install luaevent \ && luarocks install luaevent \
&& luarocks install luadbi \ && luarocks install luadbi \
`#&& luarocks install luadbi-mysql MYSQL_INCDIR=/usr/include/mariadb/` \ `#&& luarocks install luadbi-mysql MYSQL_INCDIR=/usr/include/mariadb/` \
&& luarocks install luadbi-postgresql POSTGRES_INCDIR=/usr/include/postgresql/ \
&& luarocks install luadbi-sqlite3 \ && luarocks install luadbi-sqlite3 \
&& luarocks install stringy \ && luarocks install stringy \
\ \
@ -99,10 +98,15 @@ COPY *.bash /usr/local/bin/
RUN download-prosody-modules.bash \ RUN download-prosody-modules.bash \
&& docker-prosody-module-install.bash \ && docker-prosody-module-install.bash \
bookmarks `# XEP-0411: Bookmarks Conversion` \
carbons `# message carbons (XEP-0280)` \
cloud_notify `# XEP-0357: Push Notifications` \ cloud_notify `# XEP-0357: Push Notifications` \
csi `# client state indication (XEP-0352)` \
e2e_policy `# require end-2-end encryption` \ e2e_policy `# require end-2-end encryption` \
filter_chatstates `# disable "X is typing" type messages` \ filter_chatstates `# disable "X is typing" type messages` \
smacks `# stream management (XEP-0198)` \
throttle_presence `# presence throttling in CSI` \ throttle_presence `# presence throttling in CSI` \
http_upload `# file sharing (XEP-0363)` \
vcard_muc `# XEP-0153: vCard-Based Avatar (MUC)` \ vcard_muc `# XEP-0153: vCard-Based Avatar (MUC)` \
&& rm -rf "/usr/src/prosody-modules" && rm -rf "/usr/src/prosody-modules"

1
conf.d/01-modules.cfg.lua
View file

@ -24,7 +24,6 @@ modules_enabled = {
"ping"; -- Replies to XMPP pings with pongs "ping"; -- Replies to XMPP pings with pongs
"pep"; -- Enables users to publish their mood, activity, playing music and more "pep"; -- Enables users to publish their mood, activity, playing music and more
"register"; -- Allow users to register on this server using a client and change passwords "register"; -- Allow users to register on this server using a client and change passwords
"turn_external"; -- Allow users to make voice/video calls
--"muc"; -- [Loaded as component, therefore commented here] Multi-user chats (XEP-0045) --"muc"; -- [Loaded as component, therefore commented here] Multi-user chats (XEP-0045)
-- Admin interfaces -- Admin interfaces

12
conf.d/02-storage.cfg.lua
View file

@ -1,23 +1,21 @@
default_storage = "sql" default_storage = os.getenv("DEFAULT_STORAGE")
sql = { sql = {
driver = os.getenv("DB_DRIVER") or "SQLite3"; driver = os.getenv("DB_DRIVER");
database = os.getenv("DB_DATABASE") or "prosody.sqlite"; database = os.getenv("DB_DATABASE");
host = os.getenv("DB_HOST"); host = os.getenv("DB_HOST");
port = os.getenv("DB_PORT"); port = os.getenv("DB_PORT");
username = os.getenv("DB_USERNAME"); username = os.getenv("DB_USERNAME");
password = os.getenv("DB_PASSWORD"); password = os.getenv("DB_PASSWORD");
} }
-- make 0.10-distributed mod_mam use sql store archive_store = os.getenv("ARCHIVE_STORE")
archive_store = "archive2" -- Use the same data store as prosody-modules mod_mam
storage = { storage = {
-- this makes mod_mam use the sql storage backend -- this makes mod_mam use the sql storage backend
archive2 = "sql"; archive2 = os.getenv("STORAGE_ARCHIVE2");
} }
-- https://modules.prosody.im/mod_mam.html -- https://modules.prosody.im/mod_mam.html
archive_expires_after = "1y" archive_expires_after = "1y"
http_max_content_size = os.getenv("HTTP_MAX_CONTENT_SIZE") or 1024 * 1024 * 10 -- Default is 10MB

9
conf.d/03-e2e-policy.cfg.lua
View file

@ -1,11 +1,8 @@
local stringy = require "stringy" local stringy = require "stringy"
e2e_policy_chat = os.getenv("E2E_POLICY_CHAT") or "required" e2e_policy_chat = os.getenv("E2E_POLICY_CHAT")
e2e_policy_muc = os.getenv("E2E_POLICY_MUC") or "required" e2e_policy_muc = os.getenv("E2E_POLICY_MUC")
e2e_policy_whitelist = stringy.split(os.getenv("E2E_POLICY_WHITELIST"), ", ")
local whitelist = os.getenv("E2E_POLICY_WHITELIST") or ""
e2e_policy_whitelist = stringy.split(whitelist, ", ")
e2e_policy_message_optional_chat = "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for conversations on this server." e2e_policy_message_optional_chat = "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for conversations on this server."
e2e_policy_message_required_chat = "For security reasons, OMEMO, OTR or PGP encryption is required for conversations on this server." e2e_policy_message_required_chat = "For security reasons, OMEMO, OTR or PGP encryption is required for conversations on this server."
e2e_policy_message_optional_muc = "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for MUC on this server." e2e_policy_message_optional_muc = "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for MUC on this server."

20
conf.d/04-server_contact_info.cfg.lua
View file

@ -1,18 +1,10 @@
local stringy = require "stringy" local stringy = require "stringy"
local domain = os.getenv("DOMAIN")
local abuse = os.getenv("SERVER_CONTACT_INFO_ABUSE") or "xmpp:abuse@" .. domain
local admin = os.getenv("SERVER_CONTACT_INFO_ADMIN") or "xmpp:admin@" .. domain
local feedback = os.getenv("SERVER_CONTACT_INFO_FEEDBACK") or "xmpp:feedback@" .. domain
local sales = os.getenv("SERVER_CONTACT_INFO_SALES") or "xmpp:sales@" .. domain
local security = os.getenv("SERVER_CONTACT_INFO_SECURITY") or "xmpp:security@" .. domain
local support = os.getenv("SERVER_CONTACT_INFO_SUPPORT") or "xmpp:support@" .. domain
contact_info = { contact_info = {
abuse = stringy.split(abuse, ", "); abuse = stringy.split(os.getenv("SERVER_CONTACT_INFO_ABUSE"), ", ");
admin = stringy.split(admin, ", "); admin = stringy.split(os.getenv("SERVER_CONTACT_INFO_ADMIN"), ", ");
feedback = stringy.split(feedback, ", "); feedback = stringy.split(os.getenv("SERVER_CONTACT_INFO_FEEDBACK"), ", ");
sales = stringy.split(sales, ", "); sales = stringy.split(os.getenv("SERVER_CONTACT_INFO_SALES"), ", ");
security = stringy.split(security, ", "); security = stringy.split(os.getenv("SERVER_CONTACT_INFO_SECURITY"), ", ");
support = stringy.split(support, ", "); support = stringy.split(os.getenv("SERVER_CONTACT_INFO_SUPPORT"), ", ");
} }

30
conf.d/05-vhost.cfg.lua
View file

@ -1,16 +1,16 @@
local domain = os.getenv("DOMAIN") local domain = os.getenv("DOMAIN")
local domain_http_upload = os.getenv("DOMAIN_HTTP_UPLOAD") or "upload." .. domain local domain_http_upload = os.getenv("DOMAIN_HTTP_UPLOAD")
local domain_muc = os.getenv("DOMAIN_MUC") or "conference." .. domain local domain_muc = os.getenv("DOMAIN_MUC")
local domain_proxy = os.getenv("DOMAIN_PROXY") or "proxy." .. domain local domain_proxy = os.getenv("DOMAIN_PROXY")
local domain_pubsub = os.getenv("DOMAIN_PUBSUB") or "pubsub." .. domain local domain_pubsub = os.getenv("DOMAIN_PUBSUB")
-- XEP-0368: SRV records for XMPP over TLS -- XEP-0368: SRV records for XMPP over TLS
-- https://compliance.conversations.im/test/xep0368/ -- https://compliance.conversations.im/test/xep0368/
c2s_direct_tls_ssl = { legacy_ssl_ssl = {
certificate = "certs/" .. domain .. "/fullchain.pem"; certificate = "certs/" .. domain .. "/fullchain.pem";
key = "certs/" .. domain .. "/privkey.pem"; key = "certs/" .. domain .. "/privkey.pem";
} }
c2s_direct_tls_ports = { 5223 } legacy_ssl_ports = { 5223 }
-- https://prosody.im/doc/certificates#service_certificates -- https://prosody.im/doc/certificates#service_certificates
-- https://prosody.im/doc/ports#ssl_configuration -- https://prosody.im/doc/ports#ssl_configuration
@ -21,20 +21,9 @@ https_ssl = {
VirtualHost (domain) VirtualHost (domain)
turn_external_host = os.getenv("TURN_EXTERNAL_HOST") or "turn" .. domain;
turn_external_port = os.getenv("TURN_EXTERNAL_PORT") or 3478;
turn_external_secret = os.getenv("TURN_EXTERNAL_SECRET");
disco_items = {
{ domain_http_upload },
}
-- Set up a http file upload because proxy65 is not working in muc -- Set up a http file upload because proxy65 is not working in muc
Component (domain_http_upload) "http_file_share" Component (domain_http_upload) "http_upload"
http_file_share_expires_after = 60 * 60 * 24 * 7 -- a week in seconds http_upload_expire_after = 60 * 60 * 24 * 7 -- a week in seconds
local size_limit = os.getenv("HTTP_FILE_SHARE_SIZE_LIMIT") or 10 * 1024 * 1024 -- Default is 10MB
http_file_share_size_limit = size_limit
http_file_share_daily_quota = os.getenv("HTTP_FILE_SHARE_DAILY_QUOTA") or 10 * size_limit -- Default is 10x the size limit
Component (domain_muc) "muc" Component (domain_muc) "muc"
name = "Prosody Chatrooms" name = "Prosody Chatrooms"
@ -52,6 +41,3 @@ Component (domain_proxy) "proxy65"
-- Implements a XEP-0060 pubsub service. -- Implements a XEP-0060 pubsub service.
Component (domain_pubsub) "pubsub" Component (domain_pubsub) "pubsub"
-- Set TURN server information.

25
docker-entrypoint.bash
View file

@ -1,6 +1,31 @@
#!/bin/bash #!/bin/bash
set -e set -e
export ALLOW_REGISTRATION=${ALLOW_REGISTRATION:-true}
export ARCHIVE_STORE=${ARCHIVE_STORE:-"archive2"}
export DEFAULT_STORAGE=${DEFAULT_STORAGE:-"sql"}
export DOMAIN_HTTP_UPLOAD=${DOMAIN_HTTP_UPLOAD:-"upload.$DOMAIN"}
export DOMAIN_MUC=${DOMAIN_MUC:-"conference.$DOMAIN"}
export DOMAIN_PROXY=${DOMAIN_PROXY:-"proxy.$DOMAIN"}
export DOMAIN_PUBSUB=${DOMAIN_PUBSUB:-"pubsub.$DOMAIN"}
export DB_DRIVER=${DB_DRIVER:-"SQLite3"}
export DB_DATABASE=${DB_DATABASE:-"prosody.sqlite"}
export E2E_POLICY_CHAT=${E2E_POLICY_CHAT:-"required"}
export E2E_POLICY_MUC=${E2E_POLICY_MUC:-"required"}
export E2E_POLICY_WHITELIST=${E2E_POLICY_WHITELIST:-""}
export LOG_LEVEL=${LOG_LEVEL:-"info"}
export C2S_REQUIRE_ENCRYPTION=${C2S_REQUIRE_ENCRYPTION:-true}
export S2S_REQUIRE_ENCRYPTION=${S2S_REQUIRE_ENCRYPTION:-true}
export S2S_SECURE_AUTH=${S2S_SECURE_AUTH:-true}
export SERVER_CONTACT_INFO_ABUSE=${SERVER_CONTACT_INFO_ABUSE:-"xmpp:abuse@$DOMAIN"}
export SERVER_CONTACT_INFO_ADMIN=${SERVER_CONTACT_INFO_ADMIN:-"xmpp:admin@$DOMAIN"}
export SERVER_CONTACT_INFO_FEEDBACK=${SERVER_CONTACT_INFO_FEEDBACK:-"xmpp:feedback@$DOMAIN"}
export SERVER_CONTACT_INFO_SALES=${SERVER_CONTACT_INFO_SALES:-"xmpp:sales@$DOMAIN"}
export SERVER_CONTACT_INFO_SECURITY=${SERVER_CONTACT_INFO_SECURITY:-"xmpp:security@$DOMAIN"}
export SERVER_CONTACT_INFO_SUPPORT=${SERVER_CONTACT_INFO_SUPPORT:-"xmpp:support@$DOMAIN"}
export STORAGE_ARCHIVE2=${STORAGE_ARCHIVE2:-"sql"}
export PROSODY_ADMINS=${PROSODY_ADMINS:-""}
if [[ "$1" != "prosody" ]]; then if [[ "$1" != "prosody" ]]; then
exec prosodyctl $* exec prosodyctl $*
exit 0; exit 0;

25
prosody.cfg.lua
View file

@ -3,31 +3,22 @@
local stringy = require "stringy" local stringy = require "stringy"
local prosody_admins = os.getenv("PROSODY_ADMINS") or ""; admins = stringy.split(os.getenv("PROSODY_ADMINS"), ", ");
admins = stringy.split(prosody_admins, ", ");
pidfile = "/var/run/prosody/prosody.pid" pidfile = "/var/run/prosody/prosody.pid"
allow_registration = os.getenv("ALLOW_REGISTRATION") or "true"; use_libevent = true; -- improves performance
c2s_require_encryption = os.getenv("C2S_REQUIRE_ENCRYPTION") or "true"; allow_registration = os.getenv("ALLOW_REGISTRATION");
s2s_require_encryption = os.getenv("S2S_REQUIRE_ENCRYPTION") or "true";
s2s_secure_auth = os.getenv("S2S_SECURE_AUTH") or "true";
authentication = os.getenv("AUTHENTICATION") or "internal_hashed"; c2s_require_encryption = os.getenv("C2S_REQUIRE_ENCRYPTION");
s2s_require_encryption = os.getenv("S2S_REQUIRE_ENCRYPTION");
s2s_secure_auth = os.getenv("S2S_SECURE_AUTH");
ldap_base = os.getenv("LDAP_BASE"); authentication = "internal_hashed";
ldap_server = os.getenv("LDAP_SERVER") or "localhost";
ldap_rootdn = os.getenv("LDAP_ROOTDN") or "";
ldap_password = os.getenv("LDAP_PASSWORD") or "";
ldap_filter = os.getenv("LDAP_FILTER") or "(uid=$user)";
ldap_scope = os.getenv("LDAP_SCOPE") or "subtree";
ldap_tls = os.getenv("LDAP_TLS") or "false";
ldap_mode = os.getenv("LDAP_MODE") or "bind";
ldap_admin_filter = os.getenv("LDAP_ADMIN_FILTER") or "";
log = { log = {
{levels = {min = os.getenv("LOG_LEVEL") or "info"}, to = "console"}; {levels = {min = os.getenv("LOG_LEVEL")}, to = "console"};
}; };
Include "conf.d/*.cfg.lua"; Include "conf.d/*.cfg.lua";

184
readme.md
View file

@ -2,21 +2,23 @@
![Docker](https://github.com/SaraSmiseth/prosody/workflows/Docker/badge.svg?branch=dev) ![Docker](https://github.com/SaraSmiseth/prosody/workflows/Docker/badge.svg?branch=dev)
![Git repository size](https://img.shields.io/github/repo-size/SaraSmiseth/prosody) ![Git repository size](https://img.shields.io/github/repo-size/SaraSmiseth/prosody)
[![Docker image](https://images.microbadger.com/badges/image/sarasmiseth/prosody:latest.svg)](https://microbadger.com/images/sarasmiseth/prosody:latest)
[![Docker version](https://images.microbadger.com/badges/version/sarasmiseth/prosody.svg)](https://microbadger.com/images/sarasmiseth/prosody:latest)
[![Docker pulls](https://img.shields.io/docker/pulls/sarasmiseth/prosody.svg)](https://hub.docker.com/r/sarasmiseth/prosody/) [![Docker pulls](https://img.shields.io/docker/pulls/sarasmiseth/prosody.svg)](https://hub.docker.com/r/sarasmiseth/prosody/)
[![Docker stars](https://img.shields.io/docker/stars/sarasmiseth/prosody.svg)](https://hub.docker.com/r/sarasmiseth/prosody/) [![Docker stars](https://img.shields.io/docker/stars/sarasmiseth/prosody.svg)](https://hub.docker.com/r/sarasmiseth/prosody/)
[![Github open issues](https://img.shields.io/github/issues-raw/SaraSmiseth/prosody)](https://github.com/SaraSmiseth/prosody/issues) [![Github open issues](https://img.shields.io/github/issues-raw/SaraSmiseth/prosody)](https://github.com/SaraSmiseth/prosody/issues)
[![Github open pull requests](https://img.shields.io/github/issues-pr-raw/SaraSmiseth/prosody)](https://github.com/SaraSmiseth/prosody/pulls) [![Github open pull requests](https://img.shields.io/github/issues-pr-raw/SaraSmiseth/prosody)](https://github.com/SaraSmiseth/prosody/pulls)
This docker image provides you with a configured [Prosody](https://prosody.im/) XMPP server. The image is based on `debian:bookworm-slim`. This docker image provides you with a configured [Prosody](https://prosody.im/) XMPP server. The image is based on `debian:bullseye-slim`.
The server was tested using the Android App [Conversations](https://conversations.im/) and the Desktop client [Gajim](https://gajim.org). The server was tested using the Android App [Conversations](https://conversations.im/) and the Desktop client [Gajim](https://gajim.org).
Multiple [architectures](https://hub.docker.com/r/sarasmiseth/prosody/tags) are supported. I use it on my raspberry pi 4. Multiple [architectures](https://hub.docker.com/r/sarasmiseth/prosody/tags) are supported. I use it on my raspberry pi 4.
While Conversations got everything set-up out-of-the-box, Gajim was used with the following extensions: While Conversations got everything set-up out-of-the-box, Gajim was used with the following extensions:
* HttpUpload - HttpUpload
* Off-The-Record Encryption - Off-The-Record Encryption
* OMEMO (requires _python-axolotl_ to be installed) - OMEMO (requires _python-axolotl_ to be installed)
* Url Image preview - Url Image preview
## Table of Contents ## Table of Contents
@ -47,17 +49,17 @@ While Conversations got everything set-up out-of-the-box, Gajim was used with th
## Features ## Features
* Secure by default - Secure by default
* SSL certificate required - SSL certificate required
* End-to-end encryption required (using [OMEMO](https://conversations.im/omemo/) or [OTR](https://en.wikipedia.org/wiki/Off-the-Record_Messaging)) - End-to-end encryption required (using [OMEMO](https://conversations.im/omemo/) or [OTR](https://en.wikipedia.org/wiki/Off-the-Record_Messaging))
* Data storage - Data storage
* SQLite message store - SQLite message store
* Configured file upload and image sharing - Configured file upload and image sharing
* Multi-user chat (MUC) - Multi-user chat (MUC)
## Requirements ## Requirements
* You need a SSL certificate. I recommend [LetsEncrypt](https://letsencrypt.org/) for that. - You need a SSL certificate. I recommend [LetsEncrypt](https://letsencrypt.org/) for that.
## Image Details ## Image Details
@ -65,54 +67,54 @@ While Conversations got everything set-up out-of-the-box, Gajim was used with th
The following ports are exposed: The following ports are exposed:
* 5000: proxy65 port used for file sharing - 5000: proxy65 port used for file sharing
* 5222: c2s port (client to server) - 5222: c2s port (client to server)
* 5223: c2s legacy ssl port (client to server) - 5223: c2s legacy ssl port (client to server)
* 5269: s2s port (server to server) - 5269: s2s port (server to server)
* 5347: XMPP component port - 5347: XMPP component port
* 5280: BOSH / websocket port - 5280: BOSH / websocket port
* 5281: Secure BOSH / websocket port - 5281: Secure BOSH / websocket port
### Directories ### Directories
#### Data #### Data
Path: ```/usr/local/var/lib/prosody/```. Path: `/usr/local/var/lib/prosody/`.
- used for SQLite file
- used for HTTP uploads
- this is exposed as docker volume
* used for SQLite file
* used for HTTP uploads
* this is exposed as docker volume
#### Bundled modules #### Bundled modules
Path: ```/usr/local/lib/prosody/modules/```. Path: `/usr/local/lib/prosody/modules/`.
#### Additionally installed prosody modules #### Additionally installed prosody modules
Path: ```/usr/local/lib/prosody/custom-modules/```. Path: `/usr/local/lib/prosody/custom-modules/`.
#### Config #### Config
Path: ```/usr/local/etc/prosody/```. Path: `/usr/local/etc/prosody/`.
* containing the main config file called ```prosody.cfg.lua``` - containing the main config file called `prosody.cfg.lua`
* containing additional config files within ```conf.d/``` - containing additional config files within `conf.d/`
#### SSL certificates #### SSL certificates
Path: ```/usr/local/etc/prosody/certs/```. Path: `/usr/local/etc/prosody/certs/`.
Uses [automatic location](https://prosody.im/doc/certificates#automatic_location) to find your certs. Uses [automatic location](https://prosody.im/doc/certificates#automatic_location) to find your certs.
The http_upload module and the legacy_ssl module do not use the same search algorithm for the certificates. See [service certificates](https://prosody.im/doc/certificates#service_certificates). The http_upload module and the legacy_ssl module do not use the same search algorithm for the certificates. See [service certificates](https://prosody.im/doc/certificates#service_certificates).
The settings https_ssl and legacy_ssl_ssl in [05-vhost.cfg.lua](./conf.d/05-vhost.cfg.lua) configures the certificates to ```certs/domain.tld/fullchain.pem``` and ```certs/domain.tld/privkey.pem``` for legacy_ssl and to ```certs/DOMAIN_HTTP_UPLOAD/fullchain.pem``` and ```certs/DOMAIN_HTTP_UPLOAD/privkey.pem``` for http_upload where DOMAIN_HTTP_UPLOAD is an environtment variable. The settings https_ssl and legacy_ssl_ssl in [05-vhost.cfg.lua](./conf.d/05-vhost.cfg.lua) configures the certificates to `certs/domain.tld/fullchain.pem` and `certs/domain.tld/privkey.pem` for legacy_ssl and to `certs/DOMAIN_HTTP_UPLOAD/fullchain.pem` and `certs/DOMAIN_HTTP_UPLOAD/privkey.pem` for http_upload where DOMAIN_HTTP_UPLOAD is an environtment variable.
##### Folder structure ##### Folder structure
An example certificate folder structure could look like this: An example certificate folder structure could look like this:
``` zsh ```zsh
certs certs
├── conference.domain.tld ├── conference.domain.tld
│   ├── fullchain.pem │   ├── fullchain.pem
@ -134,9 +136,9 @@ Thats how Let's encrypt certbot does it out of the box.
certbot creates the structure and uses symlinks to the actual certificates. certbot creates the structure and uses symlinks to the actual certificates.
If you mount them like that prosody somehow does not find them. If you mount them like that prosody somehow does not find them.
I copied them to a folder named ```certs``` next to my ```docker-compose.yml``` and made sure to use the ```-L``` flag of ```cp```. I copied them to a folder named `certs` next to my `docker-compose.yml` and made sure to use the `-L` flag of `cp`.
This makes cp follow symbolic links when copying from them. This makes cp follow symbolic links when copying from them.
For example ```cp -L src dest```. For example `cp -L src dest`.
##### Permissions ##### Permissions
@ -145,10 +147,10 @@ Check [Volumes permissions](#volumes-permissions) as well.
### Run ### Run
I recommend using a ```docker-compose.yml``` file: I recommend using a `docker-compose.yml` file:
```yaml ```yaml
version: '3.7' version: "3.7"
services: services:
server: server:
@ -167,15 +169,15 @@ services:
- ./data:/usr/local/var/lib/prosody - ./data:/usr/local/var/lib/prosody
``` ```
Boot it via: ```docker compose up -d```. Boot it via: `docker-compose up -d`.
Inspect logs: ```docker compose logs -f```. Inspect logs: `docker-compose logs -f`.
### Volumes permissions ### Volumes permissions
The prosody user inside the container has the `uid=999` and `gid=999`. If you use the example `docker-compose.yml` from above make sure, that the `./data` folder and the `./certs` folder have the correct permissions. The prosody user inside the container has the `uid=999` and `gid=999`. If you use the example `docker-compose.yml` from above make sure, that the `./data` folder and the `./certs` folder have the correct permissions.
``` shell ```shell
sudo chown 999:999 ./certs sudo chown 999:999 ./certs
sudo chown 999:999 ./data sudo chown 999:999 ./data
``` ```
@ -189,78 +191,64 @@ sudo chown 999:999 ./data
| edge | This tag points to the latest version build from the newest [commit](https://github.com/SaraSmiseth/prosody/commits/dev) in the dev branch. | | edge | This tag points to the latest version build from the newest [commit](https://github.com/SaraSmiseth/prosody/commits/dev) in the dev branch. |
| nightly | This tag points to the latest version build from the newest [commit](https://github.com/SaraSmiseth/prosody/commits/dev) in the dev branch. It gets rebuild every night. | | nightly | This tag points to the latest version build from the newest [commit](https://github.com/SaraSmiseth/prosody/commits/dev) in the dev branch. It gets rebuild every night. |
| latest | This tag points to the latest version build from the latest commit that is tagged in git. See [releases](https://github.com/SaraSmiseth/prosody/releases). | | latest | This tag points to the latest version build from the latest commit that is tagged in git. See [releases](https://github.com/SaraSmiseth/prosody/releases). |
| *vX.Y.Z* | There is a tag for each [release](https://github.com/SaraSmiseth/prosody/releases). | | _vX.Y.Z_ | There is a tag for each [release](https://github.com/SaraSmiseth/prosody/releases). |
### Configuration ### Configuration
#### Environment variables #### Environment variables
| Variable | Description | Type | Default value | | Variable | Description | Type | Default value |
| -------------------------------- | -------------------------------------------------------------------------------------------------------------------- | -------------------------------------------- | -------------------------- | | -------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------- |
| **ALLOW_REGISTRATION** | Whether to allow registration of new accounts via Jabber clients | *optional* | true | | **ALLOW_REGISTRATION** | Whether to allow registration of new accounts via Jabber clients | _optional_ | true |
| **DOMAIN** | domain | **required** | null | | **DOMAIN** | domain | **required** | null |
| **DOMAIN_HTTP_UPLOAD** | Domain which lets clients upload files over HTTP | *optional* | upload.**DOMAIN** | | **DOMAIN_HTTP_UPLOAD** | Domain which lets clients upload files over HTTP | _optional_ | upload.**DOMAIN** |
| **DOMAIN_MUC** | Domain for Multi-user chat (MUC) for allowing you to create hosted chatrooms/conferences for XMPP users | *optional* | conference.**DOMAIN** | | **DOMAIN_MUC** | Domain for Multi-user chat (MUC) for allowing you to create hosted chatrooms/conferences for XMPP users | _optional_ | conference.**DOMAIN** |
| **DOMAIN_PROXY** | Domain for SOCKS5 bytestream proxy for server-proxied file transfers | *optional* | proxy.**DOMAIN** | | **DOMAIN_PROXY** | Domain for SOCKS5 bytestream proxy for server-proxied file transfers | _optional_ | proxy.**DOMAIN** |
| **DOMAIN_PUBSUB** | Domain for a XEP-0060 pubsub service | *optional* | pubsub.**DOMAIN** | | **DOMAIN_PUBSUB** | Domain for a XEP-0060 pubsub service | _optional_ | pubsub.**DOMAIN** |
| **AUTHENTICATION** | authentication | *optional* | "internal_hashed" | | **DB_DRIVER** | May also be "PostgreSQL" or "MySQL" or "SQLite3" (case sensitive!) | _optional_ | SQLite3 |
| **LDAP_BASE** | LDAP base directory which stores user accounts | **required** if **AUTHENTICATION** is "ldap" | | | **DB_DATABASE** | The database name to use. For SQLite3 this the database filename (relative to the data storage directory). | _optional_ | prosody.sqlite |
| **LDAP_SERVER** | Space-separated list of hostnames or IPs, optionally with port numbers (e.g. “localhost:8389”) | *optional* | "localhost" | | **DB_HOST** | The address of the database server | _optional_ | |
| **LDAP_ROOTDN** | The distinguished name to auth against | *optional* | "" | | **DB_PORT** | Port on which the database is listening | _optional_ | |
| **LDAP_PASSWORD** | Password for rootdn | *optional* | "" | | **DB_USERNAME** | The username to authenticate to the database | _optional_ | |
| **LDAP_FILTER** | Search filter, with $user and $host substituted for user- and hostname | *optional* | "(uid=$user)" | | **DB_PASSWORD** | The password to authenticate to the database | _optional_ | |
| **LDAP_SCOPE** | Search scope. other values: “base” and “onelevel” | *optional* | "subtree" | | **E2E_POLICY_CHAT** | Policy for chat messages. Possible values: "none", "optional" and "required". | _optional_ | "required" |
| **LDAP_TLS** | Enable TLS (StartTLS) to connect to LDAP (can be true or false). The non-standard LDAPS protocol is not supported. | *optional* | "false" | | **E2E_POLICY_MUC** | Policy for MUC messages. Possible values: "none", "optional" and "required". | _optional_ | "required" |
| **LDAP_MODE** | How passwords are validated. | *optional* | "bind" | | **E2E_POLICY_WHITELIST** | Make this module ignore messages sent to and from this JIDs or MUCs. | _optional_ | "" |
| **LDAP_ADMIN_FILTER** | Search filter to match admins, works like ldap_filter | *optional* | "" | | **LOG_LEVEL** | Min log level. Change to debug for more information | _optional_ | info |
| **DB_DRIVER** | May also be "PostgreSQL" or "MySQL" or "SQLite3" (case sensitive!) | *optional* | SQLite3 | | **C2S_REQUIRE_ENCRYPTION** | Whether to force all client-to-server connections to be encrypted or not | _optional_ | true |
| **DB_DATABASE** | The database name to use. For SQLite3 this the database filename (relative to the data storage directory). | *optional* | prosody.sqlite | | **S2S_REQUIRE_ENCRYPTION** | Whether to force all server-to-server connections to be encrypted or not | _optional_ | true |
| **DB_HOST** | The address of the database server | *optional* | | | **S2S_SECURE_AUTH** | Require encryption and certificate authentication | _optional_ | true |
| **DB_PORT** | Port on which the database is listening | *optional* | | | **SERVER_CONTACT_INFO_ABUSE** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:abuse@**DOMAIN**" |
| **DB_USERNAME** | The username to authenticate to the database | *optional* | | | **SERVER_CONTACT_INFO_ADMIN** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:admin@**DOMAIN**" |
| **DB_PASSWORD** | The password to authenticate to the database | *optional* | | | **SERVER_CONTACT_INFO_FEEDBACK** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:feedback@**DOMAIN**" |
| **HTTP_MAX_CONTENT_SIZE** | Max http content size in bytes | *optional* | 10485760 | | **SERVER_CONTACT_INFO_SALES** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:sales@**DOMAIN**" |
| **HTTP_FILE_SHARE_SIZE_LIMIT** | Max http file share size in bytes | *optional* | 10485760 | | **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:security@**DOMAIN**" |
| **HTTP_FILE_SHARE_DAILY_QUOTA** | Daily quota in bytes | *optional* | 10 times share size limit | | **SERVER_CONTACT_INFO_SUPPORT** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:support@**DOMAIN**" |
| **E2E_POLICY_CHAT** | Policy for chat messages. Possible values: "none", "optional" and "required". | *optional* | "required" | | **PROSODY_ADMINS** | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net" | _optional_ | "" |
| **E2E_POLICY_MUC** | Policy for MUC messages. Possible values: "none", "optional" and "required". | *optional* | "required" | | **DEFAULT_STORAGE** | Select the storage backend to load with the 'storage' configuration option. See [here](https://prosody.im/doc/storage). | _optional_ | "sql" |
| **E2E_POLICY_WHITELIST** | Make this module ignore messages sent to and from this JIDs or MUCs. | *optional* | "" | | **ARCHIVE_STORE** | Select the archive store. 'archive' or 'archive2'. See [here](https://prosody.im/doc/storage). | _optional_ | "archive2" |
| **LOG_LEVEL** | Min log level. Change to debug for more information | *optional* | info | | **STORAGE_ARCHIVE2** | Select the storage backend to load with the 'storage.archive2' configuration option. See [here](https://prosody.im/doc/storage). | _optional_ | "sql" |
| **C2S_REQUIRE_ENCRYPTION** | Whether to force all client-to-server connections to be encrypted or not | *optional* | true |
| **S2S_REQUIRE_ENCRYPTION** | Whether to force all server-to-server connections to be encrypted or not | *optional* | true |
| **S2S_SECURE_AUTH** | Require encryption and certificate authentication | *optional* | true |
| **SERVER_CONTACT_INFO_ABUSE** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:abuse@**DOMAIN**" |
| **SERVER_CONTACT_INFO_ADMIN** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:admin@**DOMAIN**" |
| **SERVER_CONTACT_INFO_FEEDBACK** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:feedback@**DOMAIN**" |
| **SERVER_CONTACT_INFO_SALES** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:sales@**DOMAIN**" |
| **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:security@**DOMAIN**" |
| **SERVER_CONTACT_INFO_SUPPORT** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:support@**DOMAIN**" |
| **TURN_EXTERNAL_HOST** | The external hostname for the TURN server. | *optional* | "turn.**DOMAIN**" |
| **TURN_EXTERNAL_PORT** | The external port for the TURN server. | *optional* | "3478" |
| **TURN_EXTERNAL_SECRET** | The external secret for the TURN server. | *optional* | "" |
| **PROSODY_ADMINS** | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net" | *optional* | "" |
#### DNS #### DNS
You need these DNS record pointing to your server: You need these DNS record pointing to your server:
* domain.tld - domain.tld
* conference.domain.tld - conference.domain.tld
* proxy.domain.tld - proxy.domain.tld
* pubsub.domain.tld - pubsub.domain.tld
* upload.domain.tld - upload.domain.tld
* turn.domain.tld - A SRV record for \_xmpps-client.\_tcp.domain.tld for port 5223.
* A SRV record for _xmpps-client._tcp.domain.tld for port 5223.
where domain.tld is the environment variable DOMAIN. where domain.tld is the environment variable DOMAIN.
### Extend ### Extend
There is a helper script that eases installing additional prosody modules: ```docker-prosody-module-install``` There is a helper script that eases installing additional prosody modules: `docker-prosody-module-install`
It downloads the current [prosody-modules](https://hg.prosody.im/prosody-modules/) repository. The specified modules are copied and its name is added to the ```modules_enabled``` variable within ```conf.d/01-modules.cfg.lua```. It downloads the current [prosody-modules](https://hg.prosody.im/prosody-modules/) repository. The specified modules are copied and its name is added to the `modules_enabled` variable within `conf.d/01-modules.cfg.lua`.
There is also ```docker-prosody-module-copy``` which copies the specified modules but does not add them to the ```modules_enabled``` variable within ```conf.d/01-modules.cfg.lua```. There is also `docker-prosody-module-copy` which copies the specified modules but does not add them to the `modules_enabled` variable within `conf.d/01-modules.cfg.lua`.
If you need additional configuration just overwrite the respective _cfg.lua_ file or add new ones. If you need additional configuration just overwrite the respective _cfg.lua_ file or add new ones.
@ -269,7 +257,7 @@ If you need additional configuration just overwrite the respective _cfg.lua_ fil
When migrating from prosody 0.10, you need to update the database once: When migrating from prosody 0.10, you need to update the database once:
```bash ```bash
docker compose exec server bash docker-compose exec server bash
prosodyctl mod_storage_sql upgrade prosodyctl mod_storage_sql upgrade
``` ```
@ -277,5 +265,5 @@ prosodyctl mod_storage_sql upgrade
You can test your server with these websites: You can test your server with these websites:
* [IM Observatory](https://www.xmpp.net/) - [IM Observatory](https://www.xmpp.net/)
* [XMPP Compliance Tester](https://compliance.conversations.im/) - [XMPP Compliance Tester](https://compliance.conversations.im/)

83
tests/docker-compose.yml
View file

@ -1,3 +1,5 @@
version: '3.9'
services: services:
prosody: prosody:
image: prosody image: prosody
@ -9,10 +11,48 @@ services:
- "5269:5269" - "5269:5269"
- "5281:5281" - "5281:5281"
environment: environment:
DOMAIN: example.com DOMAIN: localhost
E2E_POLICY_WHITELIST: "admin@example.com, user1@example.com" E2E_POLICY_WHITELIST: "admin@localhost, user1@localhost"
LOG_LEVEL: debug LOG_LEVEL: debug
PROSODY_ADMINS: "admin@example.com, admin2@example.com" PROSODY_ADMINS: "admin@localhost, admin2@localhost"
volumes:
- ./certs:/usr/local/etc/prosody/certs
prosody_internal_storage:
image: prosody
restart: unless-stopped
ports:
- "5000:5000"
- "5222:5222"
- "5223:5223"
- "5269:5269"
- "5281:5281"
environment:
DOMAIN: localhost
E2E_POLICY_WHITELIST: "admin@localhost, user1@localhost"
LOG_LEVEL: debug
PROSODY_ADMINS: "admin@localhost, admin2@localhost"
DEFAULT_STORAGE: "internal"
STORAGE_ARCHIVE2: "internal"
volumes:
- ./certs:/usr/local/etc/prosody/certs
prosody_internal_storage_archive:
image: prosody
restart: unless-stopped
ports:
- "5000:5000"
- "5222:5222"
- "5223:5223"
- "5269:5269"
- "5281:5281"
environment:
DOMAIN: localhost
E2E_POLICY_WHITELIST: "admin@localhost, user1@localhost"
LOG_LEVEL: debug
PROSODY_ADMINS: "admin@localhost, admin2@localhost"
DEFAULT_STORAGE: "internal"
ARCHIVE_STORE: "archive"
volumes: volumes:
- ./certs:/usr/local/etc/prosody/certs - ./certs:/usr/local/etc/prosody/certs
@ -26,10 +66,10 @@ services:
- "5269:5269" - "5269:5269"
- "5281:5281" - "5281:5281"
environment: environment:
DOMAIN: example.com DOMAIN: localhost
E2E_POLICY_WHITELIST: "admin@example.com, user1@example.com" E2E_POLICY_WHITELIST: "admin@localhost, user1@localhost"
LOG_LEVEL: debug LOG_LEVEL: debug
PROSODY_ADMINS: "admin@example.com, admin2@example.com" PROSODY_ADMINS: "admin@localhost, admin2@localhost"
#DB_DRIVER: "MySQL" #DB_DRIVER: "MySQL"
DB_DRIVER: "PostgreSQL" DB_DRIVER: "PostgreSQL"
DB_DATABASE: "prosody" DB_DATABASE: "prosody"
@ -43,38 +83,9 @@ services:
- postgres - postgres
postgres: postgres:
image: postgres:16-alpine image: postgres:14-alpine
restart: unless-stopped restart: unless-stopped
environment: environment:
POSTGRES_DB: prosody POSTGRES_DB: prosody
POSTGRES_USER: prosody POSTGRES_USER: prosody
POSTGRES_PASSWORD: prosody POSTGRES_PASSWORD: prosody
prosody_ldap:
image: prosody
restart: unless-stopped
ports:
- "5000:5000"
- "5222:5222"
- "5223:5223"
- "5269:5269"
- "5281:5281"
environment:
DOMAIN: example.com
E2E_POLICY_WHITELIST: "admin@example.com, user1@example.com"
LOG_LEVEL: debug
PROSODY_ADMINS: "admin@example.com, admin2@example.com"
AUTHENTICATION: "ldap"
LDAP_BASE: "dc=example,dc=com"
LDAP_SERVER: "glauth"
LDAP_ROOTDN: "cn=svc,dc=example,dc=com"
LDAP_PASSWORD: "12345678"
volumes:
- ./certs:/usr/local/etc/prosody/certs
depends_on:
- glauth
glauth:
image: glauth/glauth
volumes:
- "./glauth/config.cfg:/app/config/config.cfg"

52
tests/glauth/config.cfg
View file

@ -1,52 +0,0 @@
[ldap]
enabled = true
listen = "0.0.0.0:389"
[ldaps]
enabled = false
[backend]
datastore = "config"
baseDN = "dc=example,dc=com"
[[groups]]
name = "svc"
gidnumber = 5500
[[groups]]
name = "people"
gidnumber = 5501
[[users]]
name = "svc"
uidnumber = 5000
primarygroup = 5500
passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f"
[[users.capabilities]]
action = "search"
object = "*"
[[users]]
name = "admin"
uidnumber = 5001
primarygroup = 5501
passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f"
[[users]]
name = "user1"
uidnumber = 5002
primarygroup = 5501
passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f"
[[users]]
name = "user2"
uidnumber = 5003
primarygroup = 5501
passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f"
[[users]]
name = "user3"
uidnumber = 5004
primarygroup = 5501
passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f"

7
tests/requirements.txt
View file

@ -1,4 +1,3 @@
aioxmpp==0.13.3 aioxmpp==0.13.2
pip-chill==1.0.3 pip-chill==1.0.1
pytest-asyncio==0.21.0 pytest-asyncio==0.18.3
pytz==2023.3

48
tests/test.bash
View file

@ -5,7 +5,7 @@ set -e
# generate certs for testing # generate certs for testing
generateCert() { generateCert() {
local DOMAIN="$1" DOMAIN="$1"
if [[ ! -d certs/"$DOMAIN" ]] ; then if [[ ! -d certs/"$DOMAIN" ]] ; then
mkdir -p certs/"$DOMAIN" mkdir -p certs/"$DOMAIN"
cd certs/"$DOMAIN" cd certs/"$DOMAIN"
@ -18,8 +18,7 @@ generateCert() {
registerTestUser() { registerTestUser() {
local userName="$1" local userName="$1"
local containerName="$2" local containerName="$2"
echo "Registering TestUser '$userName' in container '$containerName'" sudo docker compose exec "$containerName" /bin/bash -c "/entrypoint.bash register $userName localhost 12345678"
sudo docker compose exec "$containerName" /bin/bash -c "prosodyctl register $userName example.com 12345678"
} }
registerTestUsers() { registerTestUsers() {
@ -42,36 +41,43 @@ runTests() {
&& pytest \ && pytest \
&& deactivate \ && deactivate \
&& sleep 5 \ && sleep 5 \
&& sudo docker compose logs "$containerName" \ && sudo docker-compose logs "$containerName" \
&& export batsContainerName="$containerName" \ && export batsContainerName="$containerName" \
&& ./bats/bats-core/bin/bats tests.bats \ && ./bats/bats-core/bin/bats tests.bats \
&& ./bats/bats-core/bin/bats tests-"$containerName".bats && ./bats/bats-core/bin/bats tests-"$containerName".bats
} }
generateCert "example.com" generateCert "localhost"
generateCert "conference.example.com" generateCert "conference.localhost"
generateCert "proxy.example.com" generateCert "proxy.localhost"
generateCert "pubsub.example.com" generateCert "pubsub.localhost"
generateCert "upload.example.com" generateCert "upload.localhost"
# Run tests for first container with postgres # Run tests for first container with postgres
# Start postgres first and wait for 10 seconds before starting prosody. # Start postgres first and wait for 10 seconds before starting prosody.
sudo docker compose down sudo docker-compose down \
sudo docker compose up -d postgres && sudo docker-compose up -d postgres \
sleep 10 && sleep 10 \
sudo docker compose up -d prosody_postgres && sudo docker-compose up -d prosody_postgres
registerTestUsers prosody_postgres registerTestUsers prosody_postgres
runTests prosody_postgres runTests prosody_postgres
sudo docker compose down sudo docker-compose down
# Run tests for second container with SQLite # Run tests for container with SQLite
sudo docker compose up -d prosody sudo docker-compose up -d prosody
registerTestUsers prosody registerTestUsers prosody
runTests prosody runTests prosody
sudo docker compose down sudo docker-compose down
# Run tests for prosody with ldap # Run tests for container with internal storage and archive store archive2
sudo docker compose up -d prosody_ldap sudo docker-compose up -d prosody_internal_storage
runTests prosody_ldap registerTestUsers prosody_internal_storage
sudo docker compose down runTests prosody_internal_storage
sudo docker-compose down
# Run tests for container with internal storage and archive store archive
sudo docker-compose up -d prosody_internal_storage_archive
registerTestUsers prosody_internal_storage_archive
runTests prosody_internal_storage_archive
sudo docker-compose down

25
tests/test_prosody.py
View file

@ -15,7 +15,6 @@ def client(client_username, password):
password, password,
no_verify=True no_verify=True
), ),
override_peer=[("localhost", 5222, aioxmpp.connector.STARTTLSConnector())],
) )
return client return client
@ -40,9 +39,9 @@ def client_with_message_dispatcher(client):
return client return client
@pytest.mark.asyncio @pytest.mark.asyncio
@pytest.mark.parametrize("client_username, password", [("admin@example.com", "12345678")]) @pytest.mark.parametrize("client_username, password", [("admin@localhost", "12345678")])
async def test_send_message_from_admin_to_user1(client): async def test_send_message_from_admin_to_user1(client):
recipient_jid = aioxmpp.JID.fromstr("user1@example.com") recipient_jid = aioxmpp.JID.fromstr("user1@localhost")
async with client.connected() as stream: async with client.connected() as stream:
msg = aioxmpp.Message( msg = aioxmpp.Message(
to=recipient_jid, to=recipient_jid,
@ -54,9 +53,9 @@ async def test_send_message_from_admin_to_user1(client):
await client.send(msg) await client.send(msg)
@pytest.mark.asyncio @pytest.mark.asyncio
@pytest.mark.parametrize("client_username, password", [("admin@example.com", "12345678")]) @pytest.mark.parametrize("client_username, password", [("admin@localhost", "12345678")])
async def test_send_message_from_admin_to_user2(client): async def test_send_message_from_admin_to_user2(client):
recipient_jid = aioxmpp.JID.fromstr("user2@example.com") recipient_jid = aioxmpp.JID.fromstr("user2@localhost")
async with client.connected() as stream: async with client.connected() as stream:
msg = aioxmpp.Message( msg = aioxmpp.Message(
to=recipient_jid, to=recipient_jid,
@ -67,9 +66,9 @@ async def test_send_message_from_admin_to_user2(client):
await client.send(msg) await client.send(msg)
@pytest.mark.asyncio @pytest.mark.asyncio
@pytest.mark.parametrize("client_username, password", [("user1@example.com", "12345678")]) @pytest.mark.parametrize("client_username, password", [("user1@localhost", "12345678")])
async def test_send_message_from_user1_to_user2(client): async def test_send_message_from_user1_to_user2(client):
recipient_jid = aioxmpp.JID.fromstr("user2@example.com") recipient_jid = aioxmpp.JID.fromstr("user2@localhost")
async with client.connected() as stream: async with client.connected() as stream:
msg = aioxmpp.Message( msg = aioxmpp.Message(
to=recipient_jid, to=recipient_jid,
@ -80,9 +79,9 @@ async def test_send_message_from_user1_to_user2(client):
await client.send(msg) await client.send(msg)
@pytest.mark.asyncio @pytest.mark.asyncio
@pytest.mark.parametrize("client_username, password", [("user2@example.com", "12345678")]) @pytest.mark.parametrize("client_username, password", [("user2@localhost", "12345678")])
async def test_send_message_from_user2_to_user3(client): async def test_send_message_from_user2_to_user3(client):
recipient_jid = aioxmpp.JID.fromstr("user3@example.com") recipient_jid = aioxmpp.JID.fromstr("user3@localhost")
async with client.connected() as stream: async with client.connected() as stream:
msg = aioxmpp.Message( msg = aioxmpp.Message(
to=recipient_jid, to=recipient_jid,
@ -93,9 +92,9 @@ async def test_send_message_from_user2_to_user3(client):
await client.send(msg) await client.send(msg)
@pytest.mark.asyncio @pytest.mark.asyncio
@pytest.mark.parametrize("client_username, password", [("user2@example.com", "12345678")]) @pytest.mark.parametrize("client_username, password", [("user2@localhost", "12345678")])
async def test_send_message_from_user2_to_nonexisting(client): async def test_send_message_from_user2_to_nonexisting(client):
recipient_jid = aioxmpp.JID.fromstr("nonexisting@example.com") recipient_jid = aioxmpp.JID.fromstr("nonexisting@localhost")
async with client.connected() as stream: async with client.connected() as stream:
msg = aioxmpp.Message( msg = aioxmpp.Message(
to=recipient_jid, to=recipient_jid,
@ -106,10 +105,10 @@ async def test_send_message_from_user2_to_nonexisting(client):
await client.send(msg) await client.send(msg)
@pytest.mark.asyncio @pytest.mark.asyncio
@pytest.mark.parametrize("client_username, password", [("user2@example.com", "wrong password")]) @pytest.mark.parametrize("client_username, password", [("user2@localhost", "wrong password")])
async def test_can_not_log_in_with_wrong_password(client): async def test_can_not_log_in_with_wrong_password(client):
with pytest.raises(aiosasl.AuthenticationFailure): with pytest.raises(aiosasl.AuthenticationFailure):
recipient_jid = aioxmpp.JID.fromstr("nonexisting@example.com") recipient_jid = aioxmpp.JID.fromstr("nonexisting@localhost")
async with client.connected() as stream: async with client.connected() as stream:
msg = aioxmpp.Message( msg = aioxmpp.Message(
to=recipient_jid, to=recipient_jid,

2
tests/tests-prosody.bats
View file

@ -4,7 +4,7 @@ load 'bats/bats-support/load'
load 'bats/bats-assert/load' load 'bats/bats-assert/load'
@test "Should use sqlite" { @test "Should use sqlite" {
run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\"" run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\""
assert_success assert_success
assert_output assert_output
} }

21
tests/tests-prosody_internal_storage.bats Normal file
View file

@ -0,0 +1,21 @@
# For tests with pipes see: https://github.com/sstephenson/bats/issues/10
load 'bats/bats-support/load'
load 'bats/bats-assert/load'
# TODO
#@test "Should use internal storage" {
# run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\""
# assert_failure
# assert_output
#}
@test "Should not use sqlite" {
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\""
assert_failure
}
@test "Should not use postgres" {
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[PostgreSQL\] prosody\.\.\.\""
assert_failure
}

21
tests/tests-prosody_internal_storage_archive.bats Normal file
View file

@ -0,0 +1,21 @@
# For tests with pipes see: https://github.com/sstephenson/bats/issues/10
load 'bats/bats-support/load'
load 'bats/bats-assert/load'
# TODO
#@test "Should use internal storage" {
# run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\""
# assert_failure
# assert_output
#}
@test "Should not use sqlite" {
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\""
assert_failure
}
@test "Should not use postgres" {
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[PostgreSQL\] prosody\.\.\.\""
assert_failure
}

16
tests/tests-prosody_ldap.bats
View file

@ -1,16 +0,0 @@
# For tests with pipes see: https://github.com/sstephenson/bats/issues/10
load 'bats/bats-support/load'
load 'bats/bats-assert/load'
@test "Should use sqlite" {
run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\""
assert_success
assert_output
}
@test "Should use ldap" {
run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Host 'example.com' now set to use user provider 'ldap'\""
assert_success
assert_output
}

2
tests/tests-prosody_postgres.bats
View file

@ -4,7 +4,7 @@ load 'bats/bats-support/load'
load 'bats/bats-assert/load' load 'bats/bats-assert/load'
@test "Should use postgres" { @test "Should use postgres" {
run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Connecting to \[PostgreSQL\] prosody\.\.\.\"" run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[PostgreSQL\] prosody\.\.\.\""
assert_success assert_success
assert_output assert_output
} }

49
tests/tests.bats
View file

@ -4,95 +4,90 @@ load 'bats/bats-support/load'
load 'bats/bats-assert/load' load 'bats/bats-assert/load'
@test "Should send 5 messages" { @test "Should send 5 messages" {
run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Received\[c2s\]: <message\" | wc -l" run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Received\[c2s\]: <message\" | wc -l"
assert_success assert_success
assert_output "5" assert_output "5"
} }
@test "Should select certificate for example.com" { @test "Should select certificate for localhost" {
run bash -c "sudo docker compose logs $batsContainerName | grep \"Certificates loaded\" | grep \" example.com:tls\" | wc -l" run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \" localhost:tls\" | wc -l"
assert_success assert_success
assert_output "1" assert_output "1"
} }
@test "Should select certificate for conference.example.com" { @test "Should select certificate for conference.localhost" {
run bash -c "sudo docker compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"conference.example.com:tls\" | wc -l" run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"conference.localhost:tls\" | wc -l"
assert_success assert_success
assert_output "1" assert_output "1"
} }
@test "Should select certificate for proxy.example.com" { @test "Should select certificate for proxy.localhost" {
run bash -c "sudo docker compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"proxy.example.com:tls\" | wc -l" run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"proxy.localhost:tls\" | wc -l"
assert_success assert_success
assert_output "1" assert_output "1"
} }
@test "Should select certificate for pubsub.example.com" { @test "Should select certificate for pubsub.localhost" {
run bash -c "sudo docker compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"pubsub.example.com:tls\" | wc -l" run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"pubsub.localhost:tls\" | wc -l"
assert_success assert_success
assert_output "1" assert_output "1"
} }
@test "Should select certificate for upload.example.com" { @test "Should select certificate for upload.localhost" {
run bash -c "sudo docker compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"upload.example.com:tls\" | wc -l" run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"upload.localhost:tls\" | wc -l"
assert_success assert_success
assert_output "1" assert_output "1"
} }
@test "Should log error for user with wrong password" { @test "Should log error for user with wrong password" {
run bash -c "sudo docker compose logs $batsContainerName | grep \"Session closed by remote with error: undefined-condition (user intervention: authentication failed: authentication aborted by user)\"" run bash -c "sudo docker-compose logs $batsContainerName | grep \"Session closed by remote with error: undefined-condition (user intervention: authentication failed: authentication aborted by user)\""
assert_success assert_success
assert_output assert_output
} }
@test "Should activate s2s" { @test "Should activate s2s" {
run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Activated service 's2s' on (\[::\]:5269|\[\*\]:5269), (\[::\]:5269|\[\*\]:5269)\"" run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 's2s' on (\[::\]:5269|\[\*\]:5269), (\[::\]:5269|\[\*\]:5269)\""
assert_success assert_success
assert_output assert_output
} }
@test "Should activate c2s" { @test "Should activate c2s" {
run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Activated service 'c2s' on (\[::\]:5222|\[\*\]:5222), (\[::\]:5222|\[\*\]:5222)\"" run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'c2s' on (\[::\]:5222|\[\*\]:5222), (\[::\]:5222|\[\*\]:5222)\""
assert_success assert_success
assert_output assert_output
} }
@test "Should activate c2s_direct_tls" { @test "Should activate legacy_ssl" {
run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Activated service 'c2s_direct_tls' on (\[::\]:5223|\[\*\]:5223), (\[::\]:5223|\[\*\]:5223)\"" run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'legacy_ssl' on (\[::\]:5223|\[\*\]:5223), (\[::\]:5223|\[\*\]:5223)\""
assert_success assert_success
assert_output assert_output
} }
@test "Should activate proxy65" { @test "Should activate proxy65" {
run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Activated service 'proxy65' on (\[::\]:5000|\[\*\]:5000), (\[::\]:5000|\[\*\]:5000)\"" run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'proxy65' on (\[::\]:5000|\[\*\]:5000), (\[::\]:5000|\[\*\]:5000)\""
assert_success assert_success
assert_output assert_output
} }
@test "Should activate https" { @test "Should activate https" {
run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Activated service 'https' on (\[::\]:5281|\[\*\]:5281), (\[::\]:5281|\[\*\]:5281)\"" run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'https' on (\[::\]:5281|\[\*\]:5281), (\[::\]:5281|\[\*\]:5281)\""
assert_success assert_success
assert_output assert_output
} }
@test "Should load module cloud_notify" { @test "Should load module cloud_notify" {
run bash -c "sudo docker compose logs $batsContainerName | grep \"example.com:cloud_notify.*info.*Module loaded\"" run bash -c "sudo docker-compose logs $batsContainerName | grep \"localhost:cloud_notify.*info.*Module loaded\""
assert_success assert_success
assert_output assert_output
} }
@test "Should show upload URL" { @test "Should show upload URL" {
run bash -c "sudo docker compose logs $batsContainerName | grep \"Serving 'file_share' at https:\/\/upload.example.com:5281\/file_share\"" run bash -c "sudo docker-compose logs $batsContainerName | grep \"URL: <https:\/\/upload.localhost:5281\/upload> - Ensure this can be reached by users\""
assert_success assert_success
assert_output assert_output
} }
@test "Should not use deprecated config" { @test "Should not have any sql errors" {
run bash -c "sudo docker compose exec $batsContainerName /bin/bash -c \"/entrypoint.bash check\" | grep 'deprecated' -A 3" run bash -c "sudo docker-compose logs $batsContainerName | grep --ignore-case Error in SQL transaction"
assert_failure
}
@test "Should not have warnings in log" {
run bash -c "sudo docker compose logs $batsContainerName | grep -E \"warn\""
assert_failure assert_failure
} }

14
update-dependencies.sh
View file

@ -1,14 +0,0 @@
#!/bin/zsh
update_luarocks() {
# Get latest luarocks version and calculate sha256 hash of the tarball
local LUAROCKS_VER=$(wget -q -O - 'https://api.github.com/repos/luarocks/luarocks/tags' | jq -r ".[0].name")
local LUAROCKS_VER=${LUAROCKS_VER#v}
local LUAROCKS_SHA256_HASH=$(wget -q -O - "https://luarocks.org/releases/luarocks-$LUAROCKS_VER.tar.gz" | sha256sum --zero | perl -lane 'print $F[0]')
# Update Dockerfile
perl -pi -e "s/LUAROCKS_VERSION=\K.*/$LUAROCKS_VER/" Dockerfile
perl -pi -e "s/LUAROCKS_SHA256=\K.*/\"$LUAROCKS_SHA256_HASH\"/" Dockerfile
}
update_luarocks