Change global ssl section to http_upload and legacy_ssl sections. It is only needed there.

CHANGELOG.md

@@ -3,9 +3,11 @@
 ## Unreleased
 
 * Enable "announce" and "lastactivity" modules.
-* Add badges to README. Fixes #5.
-* Update readme. Fixes #2
 * Add PROSODY_ADMINS to specify who is an administrator. Fixes #7
+* Move global ssl section to https_ssl and legacy_ssl_ssl section. It is only needed there. #3
+  * <https://prosody.im/doc/ports#ssl_configuration>
+* Add badges to README. Fixes #5.
+* Update README. Add information for certificate permissions.
 
 ## v1.0.0
 

conf.d/05-vhost.cfg.lua

@@ -4,17 +4,21 @@ local domain_muc = os.getenv("DOMAIN_MUC")
 local domain_proxy = os.getenv("DOMAIN_PROXY")
 local domain_pubsub = os.getenv("DOMAIN_PUBSUB")
 
--- This is a fallback just for http_upload because service certificates are searched differently
--- https://prosody.im/doc/certificates#service_certificates
-ssl = {
+-- XEP-0368: SRV records for XMPP over TLS
+-- https://compliance.conversations.im/test/xep0368/
+legacy_ssl_ssl = {
 	certificate = "certs/" .. domain .. "/fullchain.pem";
 	key = "certs/" .. domain .. "/privkey.pem";
 }
-
--- XEP-0368: SRV records for XMPP over TLS
--- https://compliance.conversations.im/test/xep0368/
 legacy_ssl_ports = { 5223 }
 
+-- https://prosody.im/doc/certificates#service_certificates
+-- https://prosody.im/doc/ports#ssl_configuration
+https_ssl = {
+	certificate = "certs/" .. domain_http_upload .. "/fullchain.pem";
+	key = "certs/" .. domain_http_upload .. "/privkey.pem";
+}
+
 VirtualHost (domain)
 
 -- Set up a http file upload because proxy65 is not working in muc

readme.md

@@ -7,7 +7,7 @@
 
 This docker image provides you with a configured [Prosody](https://prosody.im/) XMPP server. The image is based on `debian:buster-slim`.
 The server was tested using the Android App [Conversations](https://conversations.im/) and the Desktop client [Gajim](https://gajim.org).
-Multiple [architectures](https://hub.docker.com/r/sarasmiseth/prosody/tags) are supported.
+Multiple [architectures](https://hub.docker.com/r/sarasmiseth/prosody/tags) are supported. I use it on my raspberry pi 4.
 
 While Conversations got everything set-up out-of-the-box, Gajim was used with the following extensions:
 
@@ -102,11 +102,9 @@ Path: ```/usr/local/etc/prosody/certs/```.
 
 Uses [automatic location](https://prosody.im/doc/certificates#automatic_location) to find your certs.
 
-The http_upload module does not use the same search algorithm for the certificates. See [service certificates](https://prosody.im/doc/certificates#service_certificates).
+The http_upload module and the legacy_ssl module do not use the same search algorithm for the certificates. See [service certificates](https://prosody.im/doc/certificates#service_certificates).
 
-The setting ssl in [05-vhost.cfg.lua](./conf.d/05-vhost.cfg.lua) configures certificates globally as a fallback.
-
-Which defaults to ```cert/domain.tld/fullchain.pem``` and ```cert/domain.tld/privkey.pem```.
+The settings https_ssl and legacy_ssl_ssl in [05-vhost.cfg.lua](./conf.d/05-vhost.cfg.lua) configures the certificates to ```certs/domain.tld/fullchain.pem``` and ```certs/domain.tld/privkey.pem``` for legacy_ssl and to ```certs/DOMAIN_HTTP_UPLOAD/fullchain.pem``` and ```certs/DOMAIN_HTTP_UPLOAD/privkey.pem``` for http_upload where DOMAIN_HTTP_UPLOAD is an environtment variable.
 
 ##### Folder structure