├── docker-entrypoint ├── 00prosody.cfg.lua ├── Dockerfile └── README.md /docker-entrypoint: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -euo pipefail 3 | 4 | CERTS_DIR=/etc/prosody/certs 5 | 6 | mkdir -p /var/run/prosody 7 | chown prosody /var/run/prosody /var/lib/prosody 8 | 9 | (while inotifywait -r -e close_write "$CERTS_DIR"; do 10 | prosodyctl reload 11 | done) & 12 | 13 | exec $* 14 | -------------------------------------------------------------------------------- /00prosody.cfg.lua: -------------------------------------------------------------------------------- 1 | --use_libevent = true 2 | 3 | -- https://prosody.im/doc/certificates#automatic_location 4 | --ssl = { 5 | -- key = "/etc/prosody/certs/ssl.key"; 6 | -- certificate = "/etc/prosody/certs/ssl.cert"; 7 | --} 8 | 9 | daemonize = false 10 | 11 | log = "*console" 12 | 13 | local hostname = os.getenv("XMPP_DOMAIN") 14 | if not hostname then 15 | hostname = io.input(io.popen("hostname --fqdn")):read() 16 | end 17 | 18 | VirtualHost(hostname) 19 | modules_enabled = { "mam"; "http"; } -- pep_vcard_avatar ? 20 | 21 | local conference_hostname = "conference." .. hostname 22 | Component(conference_hostname) "muc" 23 | 24 | local upload_hostname = "upload." .. hostname 25 | local upload_url = "https://" .. upload_hostname 26 | Component(upload_hostname) "http_upload" 27 | http_external_url = upload_url 28 | http_upload_file_size_limit = 10 * 1024 * 1024 -- 10 MB 29 | http_upload_expire_after = 60 * 60 * 24 * 7 -- a week in seconds 30 | http_upload_quota = 100 * 1024 * 1024 -- 100 MB 31 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:16.04 2 | 3 | RUN apt-get update \ 4 | && apt-get install -y --no-install-recommends ca-certificates inotify-tools wget \ 5 | && echo deb http://packages.prosody.im/debian wheezy main | tee -a /etc/apt/sources.list.d/prosody.list \ 6 | && wget --no-check-certificate https://prosody.im/files/prosody-debian-packages.key -O- | apt-key add - \ 7 | && apt-get update \ 8 | && apt-get install -y --no-install-recommends lua-bitop lua-sec-prosody prosody \ 9 | && apt-get clean && rm -rf /var/lib/apt/lists/* 10 | 11 | # Add modules 12 | RUN cd /usr/lib/prosody/modules \ 13 | && wget https://hg.prosody.im/prosody-modules/raw-file/tip/mod_http_upload/mod_http_upload.lua 14 | 15 | # Add custom config 16 | RUN echo include \"/etc/prosody/conf.d/*.cfg.lua\" >>/etc/prosody/prosody.cfg.lua 17 | COPY 00prosody.cfg.lua /etc/prosody/conf.d/ 18 | 19 | #ENV __FLUSH_LOG 1 20 | COPY docker-entrypoint / 21 | ENTRYPOINT ["/docker-entrypoint"] 22 | CMD ["prosodyctl", "start"] 23 | 24 | EXPOSE 5222 5269 5280 5347 25 | VOLUME "/var/lib/prosody" 26 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [Prosody][1] XMPP server with full-featured and secure setup, running in a [docker][2] 2 | container. 3 | 4 | Features supported out of the box: 5 | 6 | * conferences 7 | * file transfer 8 | * smacks and carbon modules 9 | * PFS (Perfect Forward Secrecy) for message security 10 | 11 | ## Prerequisites 12 | 13 | Install [docker][2]. 14 | 15 | ## Building the image 16 | 17 | In order to create your own server, create a new directory. Inside, create a _Dockerfile_ which inherits from this image. Example: 18 | 19 | FROM mazzolino/prosody 20 | CMD chown prosody /var/lib/prosody && prosodyctl start 21 | 22 | (Note: The CMD line is needed because of a [weird behaviour in Docker][3].) 23 | 24 | Then, create two subfolders: 25 | 26 | mkdir certs conf.d 27 | 28 | Get an SSL certificate (e.g. from StartSSL) and put the cert and key into the certs folder: 29 | 30 | cp my-domain.crt certs/ssl.cert 31 | cp my-domain.key certs/ssl.key 32 | 33 | (NOTE: The certificate file (`ssl.cert`) should contain the complete SSL certificate chain as needed. 34 | E.g. for StartSSL, you have to concatenate your certificate, the class1 or class2 sub certificate and the CA certificate into it.) 35 | 36 | Now you can build the final container image. Choose a name for your container image instead of `xmpp.example.com`. Also, replace `example.com` with your own domain. 37 | 38 | docker build -t xmpp.example.com . 39 | 40 | ## Running 41 | 42 | Start your server like this. Replace `xmpp.example.com` with the name of the image you built in the last step. Replace `example.com` with your own domain. 43 | 44 | docker run -d -p 5222:5222 -p 5269:5269 -p 5280:5280 -p 5347:5347 -v $(pwd)/.prosody:/var/lib/prosody -e "XMPP_DOMAIN=example.com" xmpp.example.com 45 | 46 | You need to forward the above ports in your firewall to this machine. 47 | 48 | Prosody's data will be stored in the directory _.prosody_ inside the current directory, so make sure to keep that. 49 | 50 | ## Adding users 51 | 52 | You can add user logins like this. Replace `xmpp.example.com` with the name of your image. Also, replace `username`, `example.com` and `password` accordingly: 53 | 54 | docker run --rm -v $(pwd)/.prosody:/var/lib/prosody xmpp.example.com prosodyctl register username example.com password 55 | 56 | ## Add DNS records 57 | 58 | You need to add SRV records to your domain so your server can be connected by other clients and servers correctly. See [DNS configuration in Jabber/XMPP][4]. 59 | 60 | ## Customization 61 | 62 | Prosody's main configuration file _prosody.cfg.lua_ is not customizable from inherited images. You can add custom configuration files in the _conf.d_ subdirectory instead. 63 | 64 | See the [configuration documentation][5] for possible values. 65 | 66 | 67 | [1]: https://prosody.im/ 68 | [2]: https://www.docker.io/ 69 | [3]: https://github.com/dotcloud/docker/issues/5147#issuecomment-43572198 70 | [4]: https://prosody.im/doc/dns 71 | [5]: https://prosody.im/doc/configure 72 | --------------------------------------------------------------------------------