From eb572d818015558e0791cf2dc8e46457654961be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Fri, 19 Aug 2022 10:01:29 +0200 Subject: [PATCH 1/4] * New environment variable STORAGE was added. Defaults to `sql` like before. See [prosody docs](https://prosody.im/doc/storage). This fixes [#38](https://github.com/SaraSmiseth/prosody/issues/38). * New tests for a container with STORAGE set to `internal`. --- CHANGELOG.md | 5 + conf.d/02-storage.cfg.lua | 4 +- docker-entrypoint.bash | 1 + readme.md | 157 +++++++++++----------- tests/docker-compose.yml | 20 ++- tests/test.bash | 6 + tests/tests-prosody_internal_storage.bats | 21 +++ 7 files changed, 133 insertions(+), 81 deletions(-) create mode 100644 tests/tests-prosody_internal_storage.bats diff --git a/CHANGELOG.md b/CHANGELOG.md index 60f5c54..ffb3143 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,11 @@ * Nothing +## v1.2.9 + +* New environment variable STORAGE was added. Defaults to `sql` like before. See [prosody docs](https://prosody.im/doc/storage). This fixes [#38](https://github.com/SaraSmiseth/prosody/issues/38). +* New tests for a container with STORAGE set to `internal`. + ## v1.2.8 * Updated to Prosody version [0.12.1](https://blog.prosody.im/prosody-0.12.1-released/). diff --git a/conf.d/02-storage.cfg.lua b/conf.d/02-storage.cfg.lua index 549573a..05cdb2d 100644 --- a/conf.d/02-storage.cfg.lua +++ b/conf.d/02-storage.cfg.lua @@ -1,4 +1,4 @@ -default_storage = "sql" +default_storage = os.getenv("STORAGE") sql = { driver = os.getenv("DB_DRIVER"); @@ -14,7 +14,7 @@ archive_store = "archive2" -- Use the same data store as prosody-modules mod_mam storage = { -- this makes mod_mam use the sql storage backend - archive2 = "sql"; + archive2 = os.getenv("STORAGE"); } -- https://modules.prosody.im/mod_mam.html diff --git a/docker-entrypoint.bash b/docker-entrypoint.bash index dd317e0..2f20e9b 100755 --- a/docker-entrypoint.bash +++ b/docker-entrypoint.bash @@ -21,6 +21,7 @@ export SERVER_CONTACT_INFO_FEEDBACK=${SERVER_CONTACT_INFO_FEEDBACK:-"xmpp:feedba export SERVER_CONTACT_INFO_SALES=${SERVER_CONTACT_INFO_SALES:-"xmpp:sales@$DOMAIN"} export SERVER_CONTACT_INFO_SECURITY=${SERVER_CONTACT_INFO_SECURITY:-"xmpp:security@$DOMAIN"} export SERVER_CONTACT_INFO_SUPPORT=${SERVER_CONTACT_INFO_SUPPORT:-"xmpp:support@$DOMAIN"} +export STORAGE=${STORAGE:-"sql"} export PROSODY_ADMINS=${PROSODY_ADMINS:-""} if [[ "$1" != "prosody" ]]; then diff --git a/readme.md b/readme.md index c127e4a..6c1208f 100644 --- a/readme.md +++ b/readme.md @@ -15,10 +15,10 @@ Multiple [architectures](https://hub.docker.com/r/sarasmiseth/prosody/tags) are While Conversations got everything set-up out-of-the-box, Gajim was used with the following extensions: -* HttpUpload -* Off-The-Record Encryption -* OMEMO (requires _python-axolotl_ to be installed) -* Url Image preview +- HttpUpload +- Off-The-Record Encryption +- OMEMO (requires _python-axolotl_ to be installed) +- Url Image preview ## Table of Contents @@ -49,17 +49,17 @@ While Conversations got everything set-up out-of-the-box, Gajim was used with th ## Features -* Secure by default - * SSL certificate required - * End-to-end encryption required (using [OMEMO](https://conversations.im/omemo/) or [OTR](https://en.wikipedia.org/wiki/Off-the-Record_Messaging)) -* Data storage - * SQLite message store - * Configured file upload and image sharing -* Multi-user chat (MUC) +- Secure by default + - SSL certificate required + - End-to-end encryption required (using [OMEMO](https://conversations.im/omemo/) or [OTR](https://en.wikipedia.org/wiki/Off-the-Record_Messaging)) +- Data storage + - SQLite message store + - Configured file upload and image sharing +- Multi-user chat (MUC) ## Requirements -* You need a SSL certificate. I recommend [LetsEncrypt](https://letsencrypt.org/) for that. +- You need a SSL certificate. I recommend [LetsEncrypt](https://letsencrypt.org/) for that. ## Image Details @@ -67,54 +67,54 @@ While Conversations got everything set-up out-of-the-box, Gajim was used with th The following ports are exposed: -* 5000: proxy65 port used for file sharing -* 5222: c2s port (client to server) -* 5223: c2s legacy ssl port (client to server) -* 5269: s2s port (server to server) -* 5347: XMPP component port -* 5280: BOSH / websocket port -* 5281: Secure BOSH / websocket port +- 5000: proxy65 port used for file sharing +- 5222: c2s port (client to server) +- 5223: c2s legacy ssl port (client to server) +- 5269: s2s port (server to server) +- 5347: XMPP component port +- 5280: BOSH / websocket port +- 5281: Secure BOSH / websocket port ### Directories #### Data -Path: ```/usr/local/var/lib/prosody/```. +Path: `/usr/local/var/lib/prosody/`. + +- used for SQLite file +- used for HTTP uploads +- this is exposed as docker volume -* used for SQLite file -* used for HTTP uploads -* this is exposed as docker volume - #### Bundled modules -Path: ```/usr/local/lib/prosody/modules/```. +Path: `/usr/local/lib/prosody/modules/`. #### Additionally installed prosody modules -Path: ```/usr/local/lib/prosody/custom-modules/```. +Path: `/usr/local/lib/prosody/custom-modules/`. #### Config -Path: ```/usr/local/etc/prosody/```. +Path: `/usr/local/etc/prosody/`. -* containing the main config file called ```prosody.cfg.lua``` -* containing additional config files within ```conf.d/``` +- containing the main config file called `prosody.cfg.lua` +- containing additional config files within `conf.d/` #### SSL certificates -Path: ```/usr/local/etc/prosody/certs/```. +Path: `/usr/local/etc/prosody/certs/`. Uses [automatic location](https://prosody.im/doc/certificates#automatic_location) to find your certs. The http_upload module and the legacy_ssl module do not use the same search algorithm for the certificates. See [service certificates](https://prosody.im/doc/certificates#service_certificates). -The settings https_ssl and legacy_ssl_ssl in [05-vhost.cfg.lua](./conf.d/05-vhost.cfg.lua) configures the certificates to ```certs/domain.tld/fullchain.pem``` and ```certs/domain.tld/privkey.pem``` for legacy_ssl and to ```certs/DOMAIN_HTTP_UPLOAD/fullchain.pem``` and ```certs/DOMAIN_HTTP_UPLOAD/privkey.pem``` for http_upload where DOMAIN_HTTP_UPLOAD is an environtment variable. +The settings https_ssl and legacy_ssl_ssl in [05-vhost.cfg.lua](./conf.d/05-vhost.cfg.lua) configures the certificates to `certs/domain.tld/fullchain.pem` and `certs/domain.tld/privkey.pem` for legacy_ssl and to `certs/DOMAIN_HTTP_UPLOAD/fullchain.pem` and `certs/DOMAIN_HTTP_UPLOAD/privkey.pem` for http_upload where DOMAIN_HTTP_UPLOAD is an environtment variable. ##### Folder structure An example certificate folder structure could look like this: -``` zsh +```zsh certs ├── conference.domain.tld │   ├── fullchain.pem @@ -136,9 +136,9 @@ Thats how Let's encrypt certbot does it out of the box. certbot creates the structure and uses symlinks to the actual certificates. If you mount them like that prosody somehow does not find them. -I copied them to a folder named ```certs``` next to my ```docker-compose.yml``` and made sure to use the ```-L``` flag of ```cp```. +I copied them to a folder named `certs` next to my `docker-compose.yml` and made sure to use the `-L` flag of `cp`. This makes cp follow symbolic links when copying from them. -For example ```cp -L src dest```. +For example `cp -L src dest`. ##### Permissions @@ -147,7 +147,7 @@ Check [Volumes permissions](#volumes-permissions) as well. ### Run -I recommend using a ```docker-compose.yml``` file: +I recommend using a `docker-compose.yml` file: ```yaml version: '3.7' @@ -169,15 +169,15 @@ services: - ./data:/usr/local/var/lib/prosody ``` -Boot it via: ```docker-compose up -d```. +Boot it via: `docker-compose up -d`. -Inspect logs: ```docker-compose logs -f```. +Inspect logs: `docker-compose logs -f`. ### Volumes permissions The prosody user inside the container has the `uid=999` and `gid=999`. If you use the example `docker-compose.yml` from above make sure, that the `./data` folder and the `./certs` folder have the correct permissions. -``` shell +```shell sudo chown 999:999 ./certs sudo chown 999:999 ./data ``` @@ -191,61 +191,62 @@ sudo chown 999:999 ./data | edge | This tag points to the latest version build from the newest [commit](https://github.com/SaraSmiseth/prosody/commits/dev) in the dev branch. | | nightly | This tag points to the latest version build from the newest [commit](https://github.com/SaraSmiseth/prosody/commits/dev) in the dev branch. It gets rebuild every night. | | latest | This tag points to the latest version build from the latest commit that is tagged in git. See [releases](https://github.com/SaraSmiseth/prosody/releases). | -| *vX.Y.Z* | There is a tag for each [release](https://github.com/SaraSmiseth/prosody/releases). | +| _vX.Y.Z_ | There is a tag for each [release](https://github.com/SaraSmiseth/prosody/releases). | ### Configuration #### Environment variables -| Variable | Description | Type | Default value | -| -------------------------------- | -------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------- | -| **ALLOW_REGISTRATION** | Whether to allow registration of new accounts via Jabber clients | *optional* | true | -| **DOMAIN** | domain | **required** | null | -| **DOMAIN_HTTP_UPLOAD** | Domain which lets clients upload files over HTTP | *optional* | upload.**DOMAIN** | -| **DOMAIN_MUC** | Domain for Multi-user chat (MUC) for allowing you to create hosted chatrooms/conferences for XMPP users | *optional* | conference.**DOMAIN** | -| **DOMAIN_PROXY** | Domain for SOCKS5 bytestream proxy for server-proxied file transfers | *optional* | proxy.**DOMAIN** | -| **DOMAIN_PUBSUB** | Domain for a XEP-0060 pubsub service | *optional* | pubsub.**DOMAIN** | -| **DB_DRIVER** | May also be "PostgreSQL" or "MySQL" or "SQLite3" (case sensitive!) | *optional* | SQLite3 | -| **DB_DATABASE** | The database name to use. For SQLite3 this the database filename (relative to the data storage directory). | *optional* | prosody.sqlite | -| **DB_HOST** | The address of the database server | *optional* | | -| **DB_PORT** | Port on which the database is listening | *optional* | | -| **DB_USERNAME** | The username to authenticate to the database | *optional* | | -| **DB_PASSWORD** | The password to authenticate to the database | *optional* | | -| **E2E_POLICY_CHAT** | Policy for chat messages. Possible values: "none", "optional" and "required". | *optional* | "required" | -| **E2E_POLICY_MUC** | Policy for MUC messages. Possible values: "none", "optional" and "required". | *optional* | "required" | -| **E2E_POLICY_WHITELIST** | Make this module ignore messages sent to and from this JIDs or MUCs. | *optional* | "" | -| **LOG_LEVEL** | Min log level. Change to debug for more information | *optional* | info | -| **C2S_REQUIRE_ENCRYPTION** | Whether to force all client-to-server connections to be encrypted or not | *optional* | true | -| **S2S_REQUIRE_ENCRYPTION** | Whether to force all server-to-server connections to be encrypted or not | *optional* | true | -| **S2S_SECURE_AUTH** | Require encryption and certificate authentication | *optional* | true | -| **SERVER_CONTACT_INFO_ABUSE** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:abuse@**DOMAIN**" | -| **SERVER_CONTACT_INFO_ADMIN** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:admin@**DOMAIN**" | -| **SERVER_CONTACT_INFO_FEEDBACK** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:feedback@**DOMAIN**" | -| **SERVER_CONTACT_INFO_SALES** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:sales@**DOMAIN**" | -| **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:security@**DOMAIN**" | -| **SERVER_CONTACT_INFO_SUPPORT** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:support@**DOMAIN**" | -| **PROSODY_ADMINS** | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net" | *optional* | "" | +| Variable | Description | Type | Default value | +| -------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------- | +| **ALLOW_REGISTRATION** | Whether to allow registration of new accounts via Jabber clients | _optional_ | true | +| **DOMAIN** | domain | **required** | null | +| **DOMAIN_HTTP_UPLOAD** | Domain which lets clients upload files over HTTP | _optional_ | upload.**DOMAIN** | +| **DOMAIN_MUC** | Domain for Multi-user chat (MUC) for allowing you to create hosted chatrooms/conferences for XMPP users | _optional_ | conference.**DOMAIN** | +| **DOMAIN_PROXY** | Domain for SOCKS5 bytestream proxy for server-proxied file transfers | _optional_ | proxy.**DOMAIN** | +| **DOMAIN_PUBSUB** | Domain for a XEP-0060 pubsub service | _optional_ | pubsub.**DOMAIN** | +| **DB_DRIVER** | May also be "PostgreSQL" or "MySQL" or "SQLite3" (case sensitive!) | _optional_ | SQLite3 | +| **DB_DATABASE** | The database name to use. For SQLite3 this the database filename (relative to the data storage directory). | _optional_ | prosody.sqlite | +| **DB_HOST** | The address of the database server | _optional_ | | +| **DB_PORT** | Port on which the database is listening | _optional_ | | +| **DB_USERNAME** | The username to authenticate to the database | _optional_ | | +| **DB_PASSWORD** | The password to authenticate to the database | _optional_ | | +| **E2E_POLICY_CHAT** | Policy for chat messages. Possible values: "none", "optional" and "required". | _optional_ | "required" | +| **E2E_POLICY_MUC** | Policy for MUC messages. Possible values: "none", "optional" and "required". | _optional_ | "required" | +| **E2E_POLICY_WHITELIST** | Make this module ignore messages sent to and from this JIDs or MUCs. | _optional_ | "" | +| **LOG_LEVEL** | Min log level. Change to debug for more information | _optional_ | info | +| **C2S_REQUIRE_ENCRYPTION** | Whether to force all client-to-server connections to be encrypted or not | _optional_ | true | +| **S2S_REQUIRE_ENCRYPTION** | Whether to force all server-to-server connections to be encrypted or not | _optional_ | true | +| **S2S_SECURE_AUTH** | Require encryption and certificate authentication | _optional_ | true | +| **SERVER_CONTACT_INFO_ABUSE** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:abuse@**DOMAIN**" | +| **SERVER_CONTACT_INFO_ADMIN** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:admin@**DOMAIN**" | +| **SERVER_CONTACT_INFO_FEEDBACK** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:feedback@**DOMAIN**" | +| **SERVER_CONTACT_INFO_SALES** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:sales@**DOMAIN**" | +| **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:security@**DOMAIN**" | +| **SERVER_CONTACT_INFO_SUPPORT** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:support@**DOMAIN**" | +| **PROSODY_ADMINS** | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net" | _optional_ | "" | +| **STORAGE** | Select the storage backend to load with the 'storage' configuration option. See [here](https://prosody.im/doc/storage). | _optional_ | "sql" | #### DNS You need these DNS record pointing to your server: -* domain.tld -* conference.domain.tld -* proxy.domain.tld -* pubsub.domain.tld -* upload.domain.tld -* A SRV record for _xmpps-client._tcp.domain.tld for port 5223. +- domain.tld +- conference.domain.tld +- proxy.domain.tld +- pubsub.domain.tld +- upload.domain.tld +- A SRV record for \_xmpps-client.\_tcp.domain.tld for port 5223. where domain.tld is the environment variable DOMAIN. ### Extend -There is a helper script that eases installing additional prosody modules: ```docker-prosody-module-install``` +There is a helper script that eases installing additional prosody modules: `docker-prosody-module-install` -It downloads the current [prosody-modules](https://hg.prosody.im/prosody-modules/) repository. The specified modules are copied and its name is added to the ```modules_enabled``` variable within ```conf.d/01-modules.cfg.lua```. +It downloads the current [prosody-modules](https://hg.prosody.im/prosody-modules/) repository. The specified modules are copied and its name is added to the `modules_enabled` variable within `conf.d/01-modules.cfg.lua`. -There is also ```docker-prosody-module-copy``` which copies the specified modules but does not add them to the ```modules_enabled``` variable within ```conf.d/01-modules.cfg.lua```. +There is also `docker-prosody-module-copy` which copies the specified modules but does not add them to the `modules_enabled` variable within `conf.d/01-modules.cfg.lua`. If you need additional configuration just overwrite the respective _cfg.lua_ file or add new ones. @@ -262,5 +263,5 @@ prosodyctl mod_storage_sql upgrade You can test your server with these websites: -* [IM Observatory](https://www.xmpp.net/) -* [XMPP Compliance Tester](https://compliance.conversations.im/) +- [IM Observatory](https://www.xmpp.net/) +- [XMPP Compliance Tester](https://compliance.conversations.im/) diff --git a/tests/docker-compose.yml b/tests/docker-compose.yml index f854381..5cfbc65 100644 --- a/tests/docker-compose.yml +++ b/tests/docker-compose.yml @@ -18,6 +18,24 @@ services: volumes: - ./certs:/usr/local/etc/prosody/certs + prosody_internal_storage: + image: prosody + restart: unless-stopped + ports: + - "5000:5000" + - "5222:5222" + - "5223:5223" + - "5269:5269" + - "5281:5281" + environment: + DOMAIN: localhost + E2E_POLICY_WHITELIST: "admin@localhost, user1@localhost" + LOG_LEVEL: debug + PROSODY_ADMINS: "admin@localhost, admin2@localhost" + STORAGE: "internal" + volumes: + - ./certs:/usr/local/etc/prosody/certs + prosody_postgres: image: prosody restart: unless-stopped @@ -45,7 +63,7 @@ services: - postgres postgres: - image: postgres:13-alpine + image: postgres:14-alpine restart: unless-stopped environment: POSTGRES_DB: prosody diff --git a/tests/test.bash b/tests/test.bash index 9646ab5..d16373f 100755 --- a/tests/test.bash +++ b/tests/test.bash @@ -69,3 +69,9 @@ sudo docker-compose up -d prosody registerTestUsers prosody runTests prosody sudo docker-compose down + +# Run tests for third container with internal storage +sudo docker-compose up -d prosody_internal_storage +registerTestUsers prosody_internal_storage +runTests prosody_internal_storage +sudo docker-compose down diff --git a/tests/tests-prosody_internal_storage.bats b/tests/tests-prosody_internal_storage.bats new file mode 100644 index 0000000..d7bc232 --- /dev/null +++ b/tests/tests-prosody_internal_storage.bats @@ -0,0 +1,21 @@ +# For tests with pipes see: https://github.com/sstephenson/bats/issues/10 + +load 'bats/bats-support/load' +load 'bats/bats-assert/load' + +# TODO +#@test "Should use internal storage" { +# run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\"" +# assert_failure +# assert_output +#} + +@test "Should not use sqlite" { + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\"" + assert_failure +} + +@test "Should not use postgres" { + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[PostgreSQL\] prosody\.\.\.\"" + assert_failure +} From bce67be67d9afb2e477ebece026a39de6fab566b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Wed, 24 Aug 2022 17:10:54 +0200 Subject: [PATCH 2/4] Renamed STORAGE to DEFAULT_STORAGE. Added ARCHIVE_STORE and STORAGE_ARCHIVE2. --- conf.d/02-storage.cfg.lua | 7 +-- docker-entrypoint.bash | 4 +- readme.md | 62 ++++++++++--------- tests/docker-compose.yml | 22 ++++++- tests/test.bash | 10 ++- ...ests-prosody_internal_storage_archive.bats | 21 +++++++ tests/tests.bats | 5 ++ 7 files changed, 93 insertions(+), 38 deletions(-) create mode 100644 tests/tests-prosody_internal_storage_archive.bats diff --git a/conf.d/02-storage.cfg.lua b/conf.d/02-storage.cfg.lua index 05cdb2d..f03f0bd 100644 --- a/conf.d/02-storage.cfg.lua +++ b/conf.d/02-storage.cfg.lua @@ -1,4 +1,4 @@ -default_storage = os.getenv("STORAGE") +default_storage = os.getenv("DEFAULT_STORAGE") sql = { driver = os.getenv("DB_DRIVER"); @@ -9,12 +9,11 @@ sql = { password = os.getenv("DB_PASSWORD"); } --- make 0.10-distributed mod_mam use sql store -archive_store = "archive2" -- Use the same data store as prosody-modules mod_mam +archive_store = os.getenv("ARCHIVE_STORE") storage = { -- this makes mod_mam use the sql storage backend - archive2 = os.getenv("STORAGE"); + archive2 = os.getenv("STORAGE_ARCHIVE2"); } -- https://modules.prosody.im/mod_mam.html diff --git a/docker-entrypoint.bash b/docker-entrypoint.bash index 2f20e9b..b4f0035 100755 --- a/docker-entrypoint.bash +++ b/docker-entrypoint.bash @@ -2,6 +2,8 @@ set -e export ALLOW_REGISTRATION=${ALLOW_REGISTRATION:-true} +export ARCHIVE_STORE=${ARCHIVE_STORE:-"archive2"} +export DEFAULT_STORAGE=${DEFAULT_STORAGE:-"sql"} export DOMAIN_HTTP_UPLOAD=${DOMAIN_HTTP_UPLOAD:-"upload.$DOMAIN"} export DOMAIN_MUC=${DOMAIN_MUC:-"conference.$DOMAIN"} export DOMAIN_PROXY=${DOMAIN_PROXY:-"proxy.$DOMAIN"} @@ -21,7 +23,7 @@ export SERVER_CONTACT_INFO_FEEDBACK=${SERVER_CONTACT_INFO_FEEDBACK:-"xmpp:feedba export SERVER_CONTACT_INFO_SALES=${SERVER_CONTACT_INFO_SALES:-"xmpp:sales@$DOMAIN"} export SERVER_CONTACT_INFO_SECURITY=${SERVER_CONTACT_INFO_SECURITY:-"xmpp:security@$DOMAIN"} export SERVER_CONTACT_INFO_SUPPORT=${SERVER_CONTACT_INFO_SUPPORT:-"xmpp:support@$DOMAIN"} -export STORAGE=${STORAGE:-"sql"} +export STORAGE_ARCHIVE2=${STORAGE_ARCHIVE2:-"sql"} export PROSODY_ADMINS=${PROSODY_ADMINS:-""} if [[ "$1" != "prosody" ]]; then diff --git a/readme.md b/readme.md index 6c1208f..3a2880a 100644 --- a/readme.md +++ b/readme.md @@ -150,7 +150,7 @@ Check [Volumes permissions](#volumes-permissions) as well. I recommend using a `docker-compose.yml` file: ```yaml -version: '3.7' +version: "3.7" services: server: @@ -197,35 +197,37 @@ sudo chown 999:999 ./data #### Environment variables -| Variable | Description | Type | Default value | -| -------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------- | -| **ALLOW_REGISTRATION** | Whether to allow registration of new accounts via Jabber clients | _optional_ | true | -| **DOMAIN** | domain | **required** | null | -| **DOMAIN_HTTP_UPLOAD** | Domain which lets clients upload files over HTTP | _optional_ | upload.**DOMAIN** | -| **DOMAIN_MUC** | Domain for Multi-user chat (MUC) for allowing you to create hosted chatrooms/conferences for XMPP users | _optional_ | conference.**DOMAIN** | -| **DOMAIN_PROXY** | Domain for SOCKS5 bytestream proxy for server-proxied file transfers | _optional_ | proxy.**DOMAIN** | -| **DOMAIN_PUBSUB** | Domain for a XEP-0060 pubsub service | _optional_ | pubsub.**DOMAIN** | -| **DB_DRIVER** | May also be "PostgreSQL" or "MySQL" or "SQLite3" (case sensitive!) | _optional_ | SQLite3 | -| **DB_DATABASE** | The database name to use. For SQLite3 this the database filename (relative to the data storage directory). | _optional_ | prosody.sqlite | -| **DB_HOST** | The address of the database server | _optional_ | | -| **DB_PORT** | Port on which the database is listening | _optional_ | | -| **DB_USERNAME** | The username to authenticate to the database | _optional_ | | -| **DB_PASSWORD** | The password to authenticate to the database | _optional_ | | -| **E2E_POLICY_CHAT** | Policy for chat messages. Possible values: "none", "optional" and "required". | _optional_ | "required" | -| **E2E_POLICY_MUC** | Policy for MUC messages. Possible values: "none", "optional" and "required". | _optional_ | "required" | -| **E2E_POLICY_WHITELIST** | Make this module ignore messages sent to and from this JIDs or MUCs. | _optional_ | "" | -| **LOG_LEVEL** | Min log level. Change to debug for more information | _optional_ | info | -| **C2S_REQUIRE_ENCRYPTION** | Whether to force all client-to-server connections to be encrypted or not | _optional_ | true | -| **S2S_REQUIRE_ENCRYPTION** | Whether to force all server-to-server connections to be encrypted or not | _optional_ | true | -| **S2S_SECURE_AUTH** | Require encryption and certificate authentication | _optional_ | true | -| **SERVER_CONTACT_INFO_ABUSE** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:abuse@**DOMAIN**" | -| **SERVER_CONTACT_INFO_ADMIN** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:admin@**DOMAIN**" | -| **SERVER_CONTACT_INFO_FEEDBACK** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:feedback@**DOMAIN**" | -| **SERVER_CONTACT_INFO_SALES** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:sales@**DOMAIN**" | -| **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:security@**DOMAIN**" | -| **SERVER_CONTACT_INFO_SUPPORT** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:support@**DOMAIN**" | -| **PROSODY_ADMINS** | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net" | _optional_ | "" | -| **STORAGE** | Select the storage backend to load with the 'storage' configuration option. See [here](https://prosody.im/doc/storage). | _optional_ | "sql" | +| Variable | Description | Type | Default value | +| -------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------- | +| **ALLOW_REGISTRATION** | Whether to allow registration of new accounts via Jabber clients | _optional_ | true | +| **DOMAIN** | domain | **required** | null | +| **DOMAIN_HTTP_UPLOAD** | Domain which lets clients upload files over HTTP | _optional_ | upload.**DOMAIN** | +| **DOMAIN_MUC** | Domain for Multi-user chat (MUC) for allowing you to create hosted chatrooms/conferences for XMPP users | _optional_ | conference.**DOMAIN** | +| **DOMAIN_PROXY** | Domain for SOCKS5 bytestream proxy for server-proxied file transfers | _optional_ | proxy.**DOMAIN** | +| **DOMAIN_PUBSUB** | Domain for a XEP-0060 pubsub service | _optional_ | pubsub.**DOMAIN** | +| **DB_DRIVER** | May also be "PostgreSQL" or "MySQL" or "SQLite3" (case sensitive!) | _optional_ | SQLite3 | +| **DB_DATABASE** | The database name to use. For SQLite3 this the database filename (relative to the data storage directory). | _optional_ | prosody.sqlite | +| **DB_HOST** | The address of the database server | _optional_ | | +| **DB_PORT** | Port on which the database is listening | _optional_ | | +| **DB_USERNAME** | The username to authenticate to the database | _optional_ | | +| **DB_PASSWORD** | The password to authenticate to the database | _optional_ | | +| **E2E_POLICY_CHAT** | Policy for chat messages. Possible values: "none", "optional" and "required". | _optional_ | "required" | +| **E2E_POLICY_MUC** | Policy for MUC messages. Possible values: "none", "optional" and "required". | _optional_ | "required" | +| **E2E_POLICY_WHITELIST** | Make this module ignore messages sent to and from this JIDs or MUCs. | _optional_ | "" | +| **LOG_LEVEL** | Min log level. Change to debug for more information | _optional_ | info | +| **C2S_REQUIRE_ENCRYPTION** | Whether to force all client-to-server connections to be encrypted or not | _optional_ | true | +| **S2S_REQUIRE_ENCRYPTION** | Whether to force all server-to-server connections to be encrypted or not | _optional_ | true | +| **S2S_SECURE_AUTH** | Require encryption and certificate authentication | _optional_ | true | +| **SERVER_CONTACT_INFO_ABUSE** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:abuse@**DOMAIN**" | +| **SERVER_CONTACT_INFO_ADMIN** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:admin@**DOMAIN**" | +| **SERVER_CONTACT_INFO_FEEDBACK** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:feedback@**DOMAIN**" | +| **SERVER_CONTACT_INFO_SALES** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:sales@**DOMAIN**" | +| **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:security@**DOMAIN**" | +| **SERVER_CONTACT_INFO_SUPPORT** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | _optional_ | "xmpp:support@**DOMAIN**" | +| **PROSODY_ADMINS** | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net" | _optional_ | "" | +| **DEFAULT_STORAGE** | Select the storage backend to load with the 'storage' configuration option. See [here](https://prosody.im/doc/storage). | _optional_ | "sql" | +| **ARCHIVE_STORE** | Select the archive store. 'archive' or 'archive2'. See [here](https://prosody.im/doc/storage). | _optional_ | "archive2" | +| **STORAGE_ARCHIVE2** | Select the storage backend to load with the 'storage.archive2' configuration option. See [here](https://prosody.im/doc/storage). | _optional_ | "sql" | #### DNS diff --git a/tests/docker-compose.yml b/tests/docker-compose.yml index 5cfbc65..fff9c10 100644 --- a/tests/docker-compose.yml +++ b/tests/docker-compose.yml @@ -32,7 +32,27 @@ services: E2E_POLICY_WHITELIST: "admin@localhost, user1@localhost" LOG_LEVEL: debug PROSODY_ADMINS: "admin@localhost, admin2@localhost" - STORAGE: "internal" + DEFAULT_STORAGE: "internal" + STORAGE_ARCHIVE2: "internal" + volumes: + - ./certs:/usr/local/etc/prosody/certs + + prosody_internal_storage_archive: + image: prosody + restart: unless-stopped + ports: + - "5000:5000" + - "5222:5222" + - "5223:5223" + - "5269:5269" + - "5281:5281" + environment: + DOMAIN: localhost + E2E_POLICY_WHITELIST: "admin@localhost, user1@localhost" + LOG_LEVEL: debug + PROSODY_ADMINS: "admin@localhost, admin2@localhost" + DEFAULT_STORAGE: "internal" + ARCHIVE_STORE: "archive" volumes: - ./certs:/usr/local/etc/prosody/certs diff --git a/tests/test.bash b/tests/test.bash index d16373f..c74c561 100755 --- a/tests/test.bash +++ b/tests/test.bash @@ -64,14 +64,20 @@ registerTestUsers prosody_postgres runTests prosody_postgres sudo docker-compose down -# Run tests for second container with SQLite +# Run tests for container with SQLite sudo docker-compose up -d prosody registerTestUsers prosody runTests prosody sudo docker-compose down -# Run tests for third container with internal storage +# Run tests for container with internal storage and archive store archive2 sudo docker-compose up -d prosody_internal_storage registerTestUsers prosody_internal_storage runTests prosody_internal_storage sudo docker-compose down + +# Run tests for container with internal storage and archive store archive +sudo docker-compose up -d prosody_internal_storage_archive +registerTestUsers prosody_internal_storage_archive +runTests prosody_internal_storage_archive +sudo docker-compose down diff --git a/tests/tests-prosody_internal_storage_archive.bats b/tests/tests-prosody_internal_storage_archive.bats new file mode 100644 index 0000000..d7bc232 --- /dev/null +++ b/tests/tests-prosody_internal_storage_archive.bats @@ -0,0 +1,21 @@ +# For tests with pipes see: https://github.com/sstephenson/bats/issues/10 + +load 'bats/bats-support/load' +load 'bats/bats-assert/load' + +# TODO +#@test "Should use internal storage" { +# run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\"" +# assert_failure +# assert_output +#} + +@test "Should not use sqlite" { + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\"" + assert_failure +} + +@test "Should not use postgres" { + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[PostgreSQL\] prosody\.\.\.\"" + assert_failure +} diff --git a/tests/tests.bats b/tests/tests.bats index bbac09d..3dc1760 100644 --- a/tests/tests.bats +++ b/tests/tests.bats @@ -86,3 +86,8 @@ load 'bats/bats-assert/load' assert_success assert_output } + +@test "Should not have any sql errors" { + run bash -c "sudo docker-compose logs $batsContainerName | grep --ignore-case Error in SQL transaction" + assert_failure +} From 4fd9603a56c21a2f4b1b8f7712848b22e781fff2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Wed, 24 Aug 2022 17:54:17 +0200 Subject: [PATCH 3/4] Update CHANGELOG.md --- CHANGELOG.md | 75 ++++++++++++++++++++++++++++------------------------ 1 file changed, 40 insertions(+), 35 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ffb3143..1a88e34 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,38 +2,43 @@ ## Unreleased -* Nothing +- Nothing ## v1.2.9 -* New environment variable STORAGE was added. Defaults to `sql` like before. See [prosody docs](https://prosody.im/doc/storage). This fixes [#38](https://github.com/SaraSmiseth/prosody/issues/38). -* New tests for a container with STORAGE set to `internal`. +- New environment variables to configure storage were added. + Added DEFAULT_STORAGE and STORAGE_ARCHIVE2 which default to `sql` for backward compatibility. + Added ARCHIVE_STORE which defaults to `archive2` for backward compatibility. + See [prosody docs](https://prosody.im/doc/storage) for information on prosody storage. + This fixes [#38](https://github.com/SaraSmiseth/prosody/issues/38). +- New tests for a container with DEFAULT_STORAGE set to `internal`. + New tests for a container with DEFAULT_STORAGE set to `internal` and ARCHIVE_STORE set to `archive`. ## v1.2.8 -* Updated to Prosody version [0.12.1](https://blog.prosody.im/prosody-0.12.1-released/). +- Updated to Prosody version [0.12.1](https://blog.prosody.im/prosody-0.12.1-released/). ## v1.2.7 -* Updated to Prosody version [0.12.0](https://blog.prosody.im/prosody-0.12.0-released/). -* Updated luarocks to version 3.9.0. +- Updated to Prosody version [0.12.0](https://blog.prosody.im/prosody-0.12.0-released/). +- Updated luarocks to version 3.9.0. ## v1.2.6 -* Updated to Prosody version [0.11.13](https://blog.prosody.im/prosody-0.11.13-released/). +- Updated to Prosody version [0.11.13](https://blog.prosody.im/prosody-0.11.13-released/). ## v1.2.5 -* Updated to Prosody version [0.11.12](https://blog.prosody.im/prosody-0.11.12-released/). +- Updated to Prosody version [0.11.12](https://blog.prosody.im/prosody-0.11.12-released/). ## v1.2.4 -* Updated to Prosody version [0.11.11](https://blog.prosody.im/prosody-0.11.11-released/). -* Updated luarocks to version 3.8.0. +- Updated to Prosody version [0.11.11](https://blog.prosody.im/prosody-0.11.11-released/). +- Updated luarocks to version 3.8.0. ## v1.2.3 -* Updated to Prosody version [0.11.10](https://blog.prosody.im/prosody-0.11.10-released/). +- Updated to Prosody version [0.11.10](https://blog.prosody.im/prosody-0.11.10-released/). ## v1.2.2 @@ -41,81 +46,81 @@ ## v1.2.1 -* Updated to Prosody version [0.11.9](https://blog.prosody.im/prosody-0.11.9-released/). +- Updated to Prosody version [0.11.9](https://blog.prosody.im/prosody-0.11.9-released/). ## v1.2.0 ### New features -* New environment variables for database settings. It is now possible to use MariaDB or Postgres instead of SQLite. SQLite is the default. See [README](https://github.com/SaraSmiseth/prosody#environment-variables). +- New environment variables for database settings. It is now possible to use MariaDB or Postgres instead of SQLite. SQLite is the default. See [README](https://github.com/SaraSmiseth/prosody#environment-variables). ### Updates -* Updated luarocks to version 3.7.0. +- Updated luarocks to version 3.7.0. ## v1.1.4 ### Updates -* Updated to Prosody version [0.11.8](https://blog.prosody.im/prosody-0.11.8-released/). -* Updated luarocks to version 3.5.0. +- Updated to Prosody version [0.11.8](https://blog.prosody.im/prosody-0.11.8-released/). +- Updated luarocks to version 3.5.0. ## v1.1.3 ### New features -* Set pidfile in prosody.cfg.lua. -* Created a tests folder which contains pytest and bats tests. +- Set pidfile in prosody.cfg.lua. +- Created a tests folder which contains pytest and bats tests. ### Bug fixes -* Fixed using list ENV variables with multiple values. +- Fixed using list ENV variables with multiple values. ## v1.1.2 ### Updates -* Updated to Prosody version [0.11.7](https://blog.prosody.im/prosody-0.11.7-released/). -* Updated luarocks to version 3.4.0. +- Updated to Prosody version [0.11.7](https://blog.prosody.im/prosody-0.11.7-released/). +- Updated luarocks to version 3.4.0. ### New features -* Made 04-server_contact_info.cfg.lua configurable with ENV variables. Fixes [#4](https://github.com/SaraSmiseth/prosody/issues/4). -* Made 03-e2e-policy.cfg.lua configurable with ENV variables. Fixes [#9](https://github.com/SaraSmiseth/prosody/issues/9). -* Added E2E_POLICY_WHITELIST ENV variable to configure e2e_policy_whitelist. Fixes [#10](https://github.com/SaraSmiseth/prosody/issues/10). +- Made 04-server_contact_info.cfg.lua configurable with ENV variables. Fixes [#4](https://github.com/SaraSmiseth/prosody/issues/4). +- Made 03-e2e-policy.cfg.lua configurable with ENV variables. Fixes [#9](https://github.com/SaraSmiseth/prosody/issues/9). +- Added E2E_POLICY_WHITELIST ENV variable to configure e2e_policy_whitelist. Fixes [#10](https://github.com/SaraSmiseth/prosody/issues/10). ### Bug fixes -* Cherry picked [commit](https://github.com/zipizap/prosody/commit/fa13a990a1b87745ae5f5fe8297cb0669f9e8779) from [zipizap/prosody](https://github.com/zipizap/prosody) which fixes a bug with env-vars not beeing initialized. +- Cherry picked [commit](https://github.com/zipizap/prosody/commit/fa13a990a1b87745ae5f5fe8297cb0669f9e8779) from [zipizap/prosody](https://github.com/zipizap/prosody) which fixes a bug with env-vars not beeing initialized. ### Other changes -* Changed hashing of downloaded packages in Dockerfile to sha256. +- Changed hashing of downloaded packages in Dockerfile to sha256. ## v1.1.1 -* Updated to Prosody version [0.11.6](https://blog.prosody.im/prosody-0.11.6-released/). -* Replace "master" with "dev". +- Updated to Prosody version [0.11.6](https://blog.prosody.im/prosody-0.11.6-released/). +- Replace "master" with "dev". ## v1.1.0 ### New features -* Enable "announce" and "lastactivity" modules. -* Add PROSODY_ADMINS to specify who is an administrator. Fixes #7 +- Enable "announce" and "lastactivity" modules. +- Add PROSODY_ADMINS to specify who is an administrator. Fixes #7 ### Breaking changes -* Move global ssl section to https_ssl and legacy_ssl_ssl section. It is only needed there. #3 - * +- Move global ssl section to https_ssl and legacy_ssl_ssl section. It is only needed there. #3 + - As explained in the [README](https://github.com/SaraSmiseth/prosody#ssl-certificates) this setup uses automatic location to find your certs. This did not work correctly before this change. It just always used the main certificate defined with the global `ssl` config setting. This setting was removed and for the [services](https://prosody.im/doc/certificates#service_certificates) that do not use automatic location new global settings were introduced. These are `legacy_ssl_ssl` and `https_ssl`. ### Other changes -* Add badges to README. Fixes #5. -* Add link to official documentation on certificate permissions to README. Related to #3 +- Add badges to README. Fixes #5. +- Add link to official documentation on certificate permissions to README. Related to #3 ## v1.0.0 -* First version +- First version From 8d068580ea6073b9d8d71f886c52e1c753ed3c42 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Fri, 2 Sep 2022 09:07:43 +0200 Subject: [PATCH 4/4] Update luarocks to 3.9.1 --- CHANGELOG.md | 1 + Dockerfile | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1a88e34..983d906 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ This fixes [#38](https://github.com/SaraSmiseth/prosody/issues/38). - New tests for a container with DEFAULT_STORAGE set to `internal`. New tests for a container with DEFAULT_STORAGE set to `internal` and ARCHIVE_STORE set to `archive`. +- Updated luarocks to version 3.9.1. ## v1.2.8 diff --git a/Dockerfile b/Dockerfile index 5219e99..62c4fb5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,10 +4,10 @@ ARG BUILD_DATE ARG VCS_REF ARG VERSION -ARG LUAROCKS_VERSION=3.9.0 +ARG LUAROCKS_VERSION=3.9.1 ARG PROSODY_VERSION=0.12.1 -ARG LUAROCKS_SHA256=5e840f0224891de96be4139e9475d3b1de7af3a32b95c1bdf05394563c60175f +ARG LUAROCKS_SHA256=ffafd83b1c42aa38042166a59ac3b618c838ce4e63f4ace9d961a5679ef58253 ARG PROSODY_DOWNLOAD_SHA256=a7ecbbe41f01a4251805593ac6d15dbc6cb75d9c7a876c76b456cf74ff4b90e5 LABEL luarocks.version="${LUAROCKS_VERSION}"