├── .gitignore ├── prosody_packages.gpg ├── entrypoint.sh ├── Dockerfile ├── README.md └── configs ├── prosody-13.0.cfg.lua ├── prosody-trunk.cfg.lua └── prosody-0.12.cfg.lua /.gitignore: -------------------------------------------------------------------------------- 1 | prosody.deb 2 | -------------------------------------------------------------------------------- /prosody_packages.gpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/prosody/prosody-docker/HEAD/prosody_packages.gpg -------------------------------------------------------------------------------- /entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | set -e 3 | 4 | data_dir_owner="$(stat -c %u "/var/lib/prosody/")" 5 | if [[ "$(id -u prosody)" != "$data_dir_owner" ]]; then 6 | # FIXME this fails if owned by root 7 | usermod -u "$data_dir_owner" prosody 8 | fi 9 | if [[ "$(stat -c %u /var/run/prosody/)" != "$data_dir_owner" ]]; then 10 | chown "$data_dir_owner" /var/run/prosody/ 11 | fi 12 | 13 | if [[ "$1" != "prosody" ]]; then 14 | exec prosodyctl "$@" 15 | exit 0; 16 | fi 17 | 18 | if [[ "$LOCAL" && "$PASSWORD" && "$DOMAIN" ]]; then 19 | prosodyctl register "$LOCAL" "$DOMAIN" "$PASSWORD" 20 | fi 21 | 22 | exec runuser -u prosody -- "$@" 23 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:bookworm-slim 2 | 3 | MAINTAINER Prosody Developers 4 | 5 | ARG PROSODY_PACKAGE=prosody-0.12 6 | ARG LUA_PACKAGE=lua5.4 7 | ARG BUILD_ID= 8 | 9 | # Install dependencies 10 | RUN apt-get update \ 11 | && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ 12 | extrepo tini \ 13 | && extrepo enable prosody \ 14 | && apt-get update \ 15 | && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ 16 | ${PROSODY_PACKAGE} \ 17 | ${LUA_PACKAGE} \ 18 | lua-unbound \ 19 | lua-sec \ 20 | lua-readline \ 21 | lua-dbi-sqlite3 \ 22 | lua-dbi-postgresql \ 23 | lua-dbi-mysql \ 24 | luarocks \ 25 | lib${LUA_PACKAGE}-dev \ 26 | && update-alternatives --set lua-interpreter /usr/bin/${LUA_PACKAGE} \ 27 | && rm -rf /var/lib/apt/lists/* 28 | 29 | RUN mkdir -p /etc/prosody/conf.d /var/run/prosody \ 30 | && chown prosody:prosody /etc/prosody/conf.d /var/run/prosody 31 | 32 | COPY ./entrypoint.sh /entrypoint.sh 33 | RUN chmod 755 /entrypoint.sh 34 | ENTRYPOINT ["/usr/bin/tini", "--", "/entrypoint.sh"] 35 | 36 | COPY ./configs/${PROSODY_PACKAGE}.cfg.lua /etc/prosody/prosody.cfg.lua 37 | 38 | EXPOSE 80 443 5222 5269 5347 5280 5281 39 | ENV __FLUSH_LOG yes 40 | CMD ["prosody", "-F"] 41 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Docker build scripts for Prosody build server 2 | 3 | This is the Prosody Docker image building repository. It is used by our build server to build and publish Docker images for stable releases and nightly builds. 4 | 5 | There are many alternative Dockerfiles for Prosody available if this one 6 | does not suit your needs: 7 | 8 | - [OpusVL/prosody-docker](https://github.com/OpusVL/prosody-docker/) 9 | - [unclev/prosody-docker-extended](https://github.com/unclev/prosody-docker-extended) 10 | 11 | ## Published images 12 | 13 | For images please see here: [Prosody on Docker](https://hub.docker.com/r/prosody/prosody/). 14 | 15 | ## Running 16 | 17 | It works by enabling the [prosody package repository](https://prosody.im/download/package_repository) and installing the selected Prosody package from there based on the `PROSODY_PACKAGE` build argument. 18 | 19 | Docker images are built off an __Debian 12 (bookworm)__ base. 20 | 21 | ```bash 22 | docker run -d --name prosody -p 5222:5222 prosody/prosody 23 | ``` 24 | 25 | A user can be created by using environment variables `LOCAL`, `DOMAIN`, and `PASSWORD`. This performs the following action on startup: 26 | 27 | prosodyctl register *local* *domain* *password* 28 | 29 | Any error from this script is ignored. Prosody will not check the user exists before running the command (i.e. existing users will be overwritten). It is expected that [mod_admin_adhoc](http://prosody.im/doc/modules/mod_admin_adhoc) will then be in place for managing users (and the server). 30 | 31 | ### Ports 32 | 33 | The image exposes the following ports to the docker host: 34 | 35 | * __80__: HTTP port 36 | * __443__: HTTPS port 37 | * __5222__: c2s port 38 | * __5269__: s2s port 39 | * __5347__: XMPP component port 40 | * __5280__: BOSH / websocket port 41 | * __5281__: Secure BOSH / websocket port 42 | 43 | Note: These default ports can be changed in your configuration file. Therefore if you change these ports will not be exposed. 44 | 45 | ### Volumes 46 | 47 | Volumes can be mounted at the following locations for adding in files: 48 | 49 | * __/etc/prosody__: 50 | * Prosody configuration file(s) 51 | * __/etc/prosody/certs__: 52 | * SSL certificates 53 | * __/etc/prosody/modules__: 54 | * Location for including additional modules 55 | 56 | ### Environment Variables 57 | 58 | * `DOMAIN`, `LOCAL`, `PASSWORD` - These three are used by `entrypoint.sh` to create an initial account `$LOCAL@$DOMAIN` with `$PASSWORD` as password. 59 | * `PROSODY_PLUGIN_PATHS` - Comma-separated list of additional paths to search for plugins. Defaults to `/etc/prosody/modules`. 60 | * `PROSODY_ADMINS` - Comma-separated list of user addresses treated as admins. 61 | * `PROSODY_ENABLE_MODULES` - Comma-separated list of additional plugins to load. 62 | * `PROSODY_DISABLE_MODULES` - Comma-separated list of modules to disable, e.g. for auto-enabled modules. 63 | * `PROSODY_TURN_HOST` - Hostname of TURN server 64 | * `PROSODY_TURN_PORT` - Port number of TURN server 65 | * `PROSODY_TURN_SECRET` - Shared secret for TURN 66 | * `PROSODY_TURN_TLS_PORT` - Port number for STUN over TLS 67 | * `PROSODY_RETENTION_DAYS` - How many days worth of message archives and shared file to keep. 68 | * `PROSODY_S2S_SECURE_AUTH` - Whether to require that remote servers present valid certificates. Enabled by default. 69 | * `PROSODY_C2S_RATE_LIMIT` - Rate limit for client-to-server connections. Defaults to `10kb/s`. 70 | * `PROSODY_S2S_RATE_LIMIT` - Rate limit for server-to-server connections. Defaults to `30kb/s`. 71 | * `PROSODY_STORAGE` - [Storage driver](https://prosody.im/doc/storage) to use. Defaults to `internal`. 72 | * `PROSODY_SQL_DRIVER` - One of `SQLite3`, `PostgreSQL` or `MySQL`. Selects SQL backend when `PROSODY_STORAGE` is set to `sql`. 73 | * `PROSODY_SQL_DB` - Name of SQL database to use. 74 | * `PROSODY_SQL_HOST` - Hostname of SQL database to connect to (PostgreSQL and MySQL only). 75 | * `PROSODY_SQL_USERNAME`, `PROSODY_SQL_PASSWORD` - Credentials for connecting to SQL database. 76 | * `PROSODY_ARCHIVE_EXPIRY_DAYS` - When set, overrides `PROSODY_RETENTION_DAYS` for message archives. 77 | * `PROSODY_LOGLEVEL` - Log level, one of `debug`, `info`, `warn`, `error`. Defaults to `info`. 78 | * `PROSODY_STATISTICS` - [Statistics provider](https://prosody.im/doc/statistics) to use, e.g. `internal`. Default disabled. 79 | * `PROSODY_STATISTICS_INTERVAL` - Statistics collection interval. A number or the string `manual` for OpenMetrics-triggered collection. Defaults to `60`. 80 | * `PROSODY_CERTIFICATES` - Path to TLS certificates and private keys, relative to the config file. Defaults to `certs`, i.e. 81 | * `PROSODY_VIRTUAL_HOSTS` - Comma-separated list of domain names to initialize as hosts that provide user accounts. Defaults to the hostname of the container. `/etc/prosody/certs`. 82 | * `PROSODY_NETWORK_HOSTNAME` - Public domain name for use with e.g. HTTP. Defaults to the first entry in `PROSODY_VIRTUAL_HOSTS`. 83 | * `PROSODY_COMPONENTS` - Comma-separated list of _internal_ components in the form `name.example.com:type` where `type` can be e.g. `muc`, `http_file_share`. 84 | * `PROSODY_MUC_MODULES` - Comma-separated list of additional modules to enable on a MUC component. 85 | * `PROSODY_UPLOAD_EXPIRY_DAYS` - When set, overrides `PROSODY_RETENTION_DAYS` for uploaded files. 86 | * `PROSODY_UPLOAD_LIMIT_MB` - Size limit in MiB for individual uploaded files. 87 | * `PROSODY_UPLOAD_STORAGE_GB` - Total amount of storage available for file uploads. 88 | * `PROSODY_EXTERNAL_COMPONENTS` - Comma-separated list of _external_ components, in the form of `name.example.com:secret`. 89 | * `PROSODY_COMPONENT_SECRET` - Component shared secret if not provided as part of `PROSODY_EXTERNAL_COMPONENTS`. 90 | * `PROSODY_EXTRA_CONFIG` - Path to additional configuration file. Can contain wildcards. Defaults to `/etc/prosody/conf.d/*.cfg.lua`. 91 | 92 | 93 | ### Example 94 | 95 | ```bash 96 | docker run -it \ 97 | -p 5222:5222 \ 98 | -p 5269:5269 \ 99 | -e LOCAL=romeo \ 100 | -e DOMAIN=shakespeare.lit \ 101 | -e PASSWORD=juliet4ever \ 102 | -v /data/prosody/configuration:/etc/prosody \ 103 | -v /logs/prosody:/var/log/prosody \ 104 | -v /data/prosody/modules:/usr/lib/prosody-modules \ 105 | prosody/prosody:0.12 106 | ``` 107 | 108 | ## Building 109 | 110 | ```bash 111 | docker build --build-arg PROSODY_PACKAGE=prosody-0.12 -t prosody/prosody:0.12 . 112 | ``` 113 | -------------------------------------------------------------------------------- /configs/prosody-13.0.cfg.lua: -------------------------------------------------------------------------------- 1 | -- Prosody Configuration File 2 | -- 3 | -- Information on configuring Prosody can be found on our 4 | -- website at https://prosody.im/doc/configure 5 | -- 6 | -- Tip: You can check that the syntax of this file is correct 7 | -- when you have finished by running this command: 8 | -- prosodyctl check config 9 | -- If there are any errors, it will let you know what and where 10 | -- they are, otherwise it will keep quiet. 11 | -- 12 | -- The only thing left to do is rename this file to remove the .dist ending, and fill in the 13 | -- blanks. Good luck, and happy Jabbering! 14 | 15 | local _unpack = Lua.table.unpack; 16 | local function _split(s, sep) 17 | if not s then return nil; end 18 | sep = sep or ","; 19 | local parts = {}; 20 | for part in s:gmatch("[^"..sep.."]+") do 21 | parts[#parts+1] = part; 22 | end 23 | return parts; 24 | end 25 | 26 | 27 | ---------- Server-wide settings ---------- 28 | -- Settings in this section apply to the whole server and are the default settings 29 | -- for any virtual hosts 30 | 31 | plugin_paths = _split(ENV_PROSODY_PLUGIN_PATHS or "/etc/prosody/modules") 32 | 33 | -- This is a (by default, empty) list of accounts that are admins 34 | -- for the server. Note that you must create the accounts separately 35 | -- (see https://prosody.im/doc/creating_accounts for info) 36 | -- Example: admins = { "user1@example.com", "user2@example.net" } 37 | admins = _split(ENV_PROSODY_ADMINS) 38 | 39 | -- This option allows you to specify additional locations where Prosody 40 | -- will search first for modules. For additional modules you can install, see 41 | -- the community module repository at https://modules.prosody.im/ 42 | --plugin_paths = {} 43 | 44 | -- This is the list of modules Prosody will load on startup. 45 | -- Documentation for bundled modules can be found at: https://prosody.im/doc/modules 46 | modules_enabled = { 47 | 48 | -- Generally required 49 | "disco"; -- Service discovery 50 | "roster"; -- Allow users to have a roster. Recommended ;) 51 | "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. 52 | "tls"; -- Add support for secure TLS on c2s/s2s connections 53 | 54 | -- Not essential, but recommended 55 | "blocklist"; -- Allow users to block communications with other users 56 | "bookmarks"; -- Synchronise the list of open rooms between clients 57 | "carbons"; -- Keep multiple online clients in sync 58 | "dialback"; -- Support for verifying remote servers using DNS 59 | "limits"; -- Enable bandwidth limiting for XMPP connections 60 | "pep"; -- Allow users to store public and private data in their account 61 | "private"; -- Legacy account storage mechanism (XEP-0049) 62 | "smacks"; -- Stream management and resumption (XEP-0198) 63 | "vcard4"; -- User profiles (stored in PEP) 64 | "vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard 65 | 66 | -- Nice to have 67 | "csi_simple"; -- Simple but effective traffic optimizations for mobile devices 68 | "invites"; -- Create and manage invites 69 | "invites_adhoc"; -- Allow admins/users to create invitations via their client 70 | "invites_register"; -- Allows invited users to create accounts 71 | "ping"; -- Replies to XMPP pings with pongs 72 | "register"; -- Allow users to register on this server using a client and change passwords 73 | "time"; -- Let others know the time here on this server 74 | "uptime"; -- Report how long server has been running 75 | "version"; -- Replies to server version requests 76 | --"mam"; -- Store recent messages to allow multi-device synchronization 77 | --"turn_external"; -- Provide external STUN/TURN service for e.g. audio/video calls 78 | 79 | -- Admin interfaces 80 | "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands 81 | "admin_shell"; -- Allow secure administration via 'prosodyctl shell' 82 | 83 | -- HTTP modules 84 | --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" 85 | --"http_openmetrics"; -- for exposing metrics to stats collectors 86 | --"websocket"; -- XMPP over WebSockets 87 | 88 | -- Other specific functionality 89 | --"announce"; -- Send announcement to all online users 90 | --"groups"; -- Shared roster support 91 | --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. 92 | --"mimicking"; -- Prevent address spoofing 93 | --"motd"; -- Send a message to users when they log in 94 | --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use 95 | --"s2s_bidi"; -- Bi-directional server-to-server (XEP-0288) 96 | --"server_contact_info"; -- Publish contact information for this service 97 | --"tombstones"; -- Prevent registration of deleted accounts 98 | --"watchregistrations"; -- Alert admins of registrations 99 | --"welcome"; -- Welcome users who register accounts 100 | } 101 | 102 | if ENV_PROSODY_ENABLE_MODULES then 103 | modules_enabled:append(_split(ENV_PROSODY_ENABLE_MODULES)) 104 | end 105 | 106 | if ENV_PROSODY_TURN_SECRET then 107 | modules_enabled:append{ "turn_external" }; 108 | turn_external_secret = ENV_PROSODY_TURN_SECRET 109 | turn_external_host = ENV_PROSODY_TURN_HOST 110 | turn_external_port = ENV_PROSODY_TURN_PORT 111 | turn_external_tls_port = ENV_PROSODY_TURN_TLS_PORT 112 | end 113 | 114 | if ENV_PROSODY_RETENTION_DAYS or ENV_PROSODY_ARCHIVE_EXPIRY_DAYS then 115 | modules_enabled:append{ "mam" } 116 | end 117 | 118 | modules_disabled = _split(ENV_PROSODY_DISABLE_MODULES) 119 | 120 | 121 | -- Server-to-server authentication 122 | -- Require valid certificates for server-to-server connections? 123 | -- If false, other methods such as dialback (DNS) may be used instead. 124 | 125 | s2s_secure_auth = ENV_PROSODY_S2S_SECURE_AUTH ~= "0" 126 | 127 | -- Some servers have invalid or self-signed certificates. You can list 128 | -- remote domains here that will not be required to authenticate using 129 | -- certificates. They will be authenticated using other methods instead, 130 | -- even when s2s_secure_auth is enabled. 131 | 132 | --s2s_insecure_domains = { "insecure.example" } 133 | 134 | -- Even if you disable s2s_secure_auth, you can still require valid 135 | -- certificates for some domains by specifying a list here. 136 | 137 | --s2s_secure_domains = { "jabber.org" } 138 | 139 | 140 | -- Rate limits 141 | -- Enable rate limits for incoming client and server connections. These help 142 | -- protect from excessive resource consumption and denial-of-service attacks. 143 | 144 | limits = { 145 | c2s = { 146 | rate = ENV_PROSODY_C2S_RATE_LIMIT or "10kb/s"; 147 | }; 148 | s2sin = { 149 | rate = ENV_PROSODY_S2S_RATE_LIMIT or "30kb/s"; 150 | }; 151 | } 152 | 153 | -- Authentication 154 | -- Select the authentication backend to use. The 'internal' providers 155 | -- use Prosody's configured data storage to store the authentication data. 156 | -- For more information see https://prosody.im/doc/authentication 157 | 158 | authentication = "internal_hashed" 159 | 160 | -- Many authentication providers, including the default one, allow you to 161 | -- create user accounts via Prosody's admin interfaces. For details, see the 162 | -- documentation at https://prosody.im/doc/creating_accounts 163 | 164 | 165 | -- Storage 166 | -- Select the storage backend to use. By default Prosody uses flat files 167 | -- in its configured data directory, but it also supports more backends 168 | -- through modules. An "sql" backend is included by default, but requires 169 | -- additional dependencies. See https://prosody.im/doc/storage for more info. 170 | 171 | storage = ENV_PROSODY_SQL_DRIVER and "sql" or ENV_PROSODY_STORAGE or "internal" 172 | 173 | -- For the "sql" backend, you can uncomment *one* of the below to configure: 174 | 175 | if ENV_PROSODY_SQL_DRIVER then 176 | sql = { 177 | driver = ENV_PROSODY_SQL_DRIVER; 178 | database = ENV_PROSODY_SQL_DB; 179 | username = ENV_PROSODY_SQL_USERNAME; 180 | password = ENV_PROSODY_SQL_PASSWORD; 181 | host = ENV_PROSODY_SQL_HOST; 182 | } 183 | end 184 | --sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename. 185 | --sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } 186 | --sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } 187 | 188 | 189 | -- Archiving configuration 190 | -- If mod_mam is enabled, Prosody will store a copy of every message. This 191 | -- is used to synchronize conversations between multiple clients, even if 192 | -- they are offline. This setting controls how long Prosody will keep 193 | -- messages in the archive before removing them. 194 | 195 | archive_expires_after = (ENV_PROSODY_ARCHIVE_EXPIRY_DAYS or ENV_PROSODY_RETENTION_DAYS or "7").."d" -- Remove archived messages after 1 week 196 | 197 | -- You can also configure messages to be stored in-memory only. For more 198 | -- archiving options, see https://prosody.im/doc/modules/mod_mam 199 | 200 | 201 | -- Audio/video call relay (STUN/TURN) 202 | -- To ensure clients connected to the server can establish connections for 203 | -- low-latency media streaming (such as audio and video calls), it is 204 | -- recommended to run a STUN/TURN server for clients to use. If you do this, 205 | -- specify the details here so clients can discover it. 206 | -- Find more information at https://prosody.im/doc/turn 207 | 208 | -- Specify the address of the TURN service (you may use the same domain as XMPP) 209 | --turn_external_host = "turn.example.com" 210 | 211 | -- This secret must be set to the same value in both Prosody and the TURN server 212 | --turn_external_secret = "your-secret-turn-access-token" 213 | 214 | 215 | -- Logging configuration 216 | -- For advanced logging see https://prosody.im/doc/logging 217 | log = { 218 | [ENV_PROSODY_LOGLEVEL or "info"] = "*console"; 219 | } 220 | 221 | 222 | -- For more info see https://prosody.im/doc/statistics 223 | statistics = ENV_PROSODY_STATISTICS 224 | statistics_interval = Lua.tonumber(ENV_PROSODY_STATISTICS_INTERVAL) or ENV_PROSODY_STATISTICS_INTERVAL 225 | 226 | 227 | -- Certificates 228 | -- Every virtual host and component needs a certificate so that clients and 229 | -- servers can securely verify its identity. Prosody will automatically load 230 | -- certificates/keys from the directory specified here. 231 | -- For more information, including how to use 'prosodyctl' to auto-import certificates 232 | -- (from e.g. Let's Encrypt) see https://prosody.im/doc/certificates 233 | 234 | -- Location of directory to find certificates in (relative to main config file): 235 | certificates = ENV_PROSODY_CERTIFICATES or "certs" 236 | 237 | ----------- Virtual hosts ----------- 238 | -- You need to add a VirtualHost entry for each domain you wish Prosody to serve. 239 | -- Settings under each VirtualHost entry apply *only* to that host. 240 | 241 | local pp = Lua.require "prosody.util.pposix"; 242 | local vhosts = _split(ENV_PROSODY_VIRTUAL_HOSTS) or {pp.uname().nodename}; 243 | 244 | local network_hostname = ENV_PROSODY_NETWORK_HOSTNAME or #vhosts == 1 and vhosts[1]; 245 | if network_hostname then 246 | http_host = network_hostname 247 | proxy65_address = network_hostname 248 | if ENV_PROSODY_TURN_SECRET and not ENV_PROSODY_TURN_HOST then 249 | turn_external_host = network_hostname 250 | end 251 | end 252 | 253 | for _, vhost in Lua.ipairs(vhosts) do 254 | VirtualHost (vhost) 255 | end 256 | 257 | ------ Components ------ 258 | -- You can specify components to add hosts that provide special services, 259 | -- like multi-user conferences, and transports. 260 | -- For more information on components, see https://prosody.im/doc/components 261 | 262 | for _, component_def in Lua.ipairs(_split(ENV_PROSODY_COMPONENTS) or {}) do 263 | local c_name, c_type = _unpack(_split(component_def, ":")); 264 | Component (c_name) (c_type) 265 | 266 | if c_type == "muc" then 267 | modules_enabled = _split(ENV_PROSODY_MUC_MODULES) 268 | elseif c_type == "http_file_share" then 269 | http_file_share_expire_after = 60 * 60 * 24 * tonumber(ENV_PROSODY_UPLOAD_EXPIRY_DAYS or ENV_PROSODY_RETENTION_DAYS or "7") 270 | if ENV_PROSODY_UPLOAD_LIMIT_MB then 271 | http_file_share_size_limit = (1024 * 1024 * tonumber(ENV_PROSODY_UPLOAD_LIMIT_MB)) + 16 272 | end 273 | if ENV_PROSODY_UPLOAD_STORAGE_GB then 274 | http_file_share_global_quota = 1024 * 1024 * 1024 * tonumber(ENV_PROSODY_UPLOAD_STORAGE_GB) 275 | end 276 | http_paths = { 277 | file_share = "/share"; 278 | } 279 | end 280 | end 281 | 282 | for _, component_def in Lua.ipairs(_split(ENV_PROSODY_EXTERNAL_COMPONENTS) or {}) do 283 | local c_name, c_secret = _unpack(_split(component_def, ":")); 284 | Component (c_name) 285 | component_secret = c_secret or ENV_PROSODY_COMPONENT_SECRET 286 | end 287 | 288 | ---Set up a MUC (multi-user chat) room server on conference.example.com: 289 | --Component "conference.example.com" "muc" 290 | --- Store MUC messages in an archive and allow users to access it 291 | --modules_enabled = { "muc_mam" } 292 | 293 | ---Set up a file sharing component 294 | --Component "share.example.com" "http_file_share" 295 | 296 | ---Set up an external component (default component port is 5347) 297 | -- 298 | -- External components allow adding various services, such as gateways/ 299 | -- bridges to non-XMPP networks and services. For more info 300 | -- see: https://prosody.im/doc/components#adding_an_external_component 301 | -- 302 | --Component "gateway.example.com" 303 | -- component_secret = "password" 304 | 305 | 306 | ---------- End of the Prosody Configuration file ---------- 307 | -- You usually **DO NOT** want to add settings here at the end, as they would 308 | -- only apply to the last defined VirtualHost or Component. 309 | -- 310 | -- Settings for the global section should go higher up, before the first 311 | -- VirtualHost or Component line, while settings intended for specific hosts 312 | -- should go under the corresponding VirtualHost or Component line. 313 | -- 314 | -- For more information see https://prosody.im/doc/configure 315 | 316 | Include (ENV_PROSODY_EXTRA_CONFIG or "/etc/prosody/conf.d/*.cfg.lua") 317 | -------------------------------------------------------------------------------- /configs/prosody-trunk.cfg.lua: -------------------------------------------------------------------------------- 1 | -- Prosody Configuration File 2 | -- 3 | -- Information on configuring Prosody can be found on our 4 | -- website at https://prosody.im/doc/configure 5 | -- 6 | -- Tip: You can check that the syntax of this file is correct 7 | -- when you have finished by running this command: 8 | -- prosodyctl check config 9 | -- If there are any errors, it will let you know what and where 10 | -- they are, otherwise it will keep quiet. 11 | -- 12 | -- The only thing left to do is rename this file to remove the .dist ending, and fill in the 13 | -- blanks. Good luck, and happy Jabbering! 14 | 15 | local _unpack = Lua.table.unpack; 16 | local function _split(s, sep) 17 | if not s then return nil; end 18 | sep = sep or ","; 19 | local parts = {}; 20 | for part in s:gmatch("[^"..sep.."]+") do 21 | parts[#parts+1] = part; 22 | end 23 | return parts; 24 | end 25 | 26 | 27 | ---------- Server-wide settings ---------- 28 | -- Settings in this section apply to the whole server and are the default settings 29 | -- for any virtual hosts 30 | 31 | plugin_paths = _split(ENV_PROSODY_PLUGIN_PATHS or "/etc/prosody/modules") 32 | 33 | -- This is a (by default, empty) list of accounts that are admins 34 | -- for the server. Note that you must create the accounts separately 35 | -- (see https://prosody.im/doc/creating_accounts for info) 36 | -- Example: admins = { "user1@example.com", "user2@example.net" } 37 | admins = _split(ENV_PROSODY_ADMINS) 38 | 39 | -- This option allows you to specify additional locations where Prosody 40 | -- will search first for modules. For additional modules you can install, see 41 | -- the community module repository at https://modules.prosody.im/ 42 | --plugin_paths = {} 43 | 44 | -- This is the list of modules Prosody will load on startup. 45 | -- Documentation for bundled modules can be found at: https://prosody.im/doc/modules 46 | modules_enabled = { 47 | 48 | -- Generally required 49 | "disco"; -- Service discovery 50 | "roster"; -- Allow users to have a roster. Recommended ;) 51 | "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. 52 | "tls"; -- Add support for secure TLS on c2s/s2s connections 53 | 54 | -- Not essential, but recommended 55 | "blocklist"; -- Allow users to block communications with other users 56 | "bookmarks"; -- Synchronise the list of open rooms between clients 57 | "carbons"; -- Keep multiple online clients in sync 58 | "dialback"; -- Support for verifying remote servers using DNS 59 | "limits"; -- Enable bandwidth limiting for XMPP connections 60 | "pep"; -- Allow users to store public and private data in their account 61 | "private"; -- Legacy account storage mechanism (XEP-0049) 62 | "smacks"; -- Stream management and resumption (XEP-0198) 63 | "vcard4"; -- User profiles (stored in PEP) 64 | "vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard 65 | 66 | -- Nice to have 67 | "csi_simple"; -- Simple but effective traffic optimizations for mobile devices 68 | "invites"; -- Create and manage invites 69 | "invites_adhoc"; -- Allow admins/users to create invitations via their client 70 | "invites_register"; -- Allows invited users to create accounts 71 | "ping"; -- Replies to XMPP pings with pongs 72 | "register"; -- Allow users to register on this server using a client and change passwords 73 | "time"; -- Let others know the time here on this server 74 | "uptime"; -- Report how long server has been running 75 | "version"; -- Replies to server version requests 76 | --"mam"; -- Store recent messages to allow multi-device synchronization 77 | --"turn_external"; -- Provide external STUN/TURN service for e.g. audio/video calls 78 | 79 | -- Admin interfaces 80 | "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands 81 | "admin_shell"; -- Allow secure administration via 'prosodyctl shell' 82 | 83 | -- HTTP modules 84 | --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" 85 | --"http_openmetrics"; -- for exposing metrics to stats collectors 86 | --"websocket"; -- XMPP over WebSockets 87 | 88 | -- Other specific functionality 89 | --"announce"; -- Send announcement to all online users 90 | --"groups"; -- Shared roster support 91 | --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. 92 | --"mimicking"; -- Prevent address spoofing 93 | --"motd"; -- Send a message to users when they log in 94 | --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use 95 | --"s2s_bidi"; -- Bi-directional server-to-server (XEP-0288) 96 | --"server_contact_info"; -- Publish contact information for this service 97 | --"tombstones"; -- Prevent registration of deleted accounts 98 | --"watchregistrations"; -- Alert admins of registrations 99 | --"welcome"; -- Welcome users who register accounts 100 | } 101 | 102 | if ENV_PROSODY_ENABLE_MODULES then 103 | modules_enabled:append(_split(ENV_PROSODY_ENABLE_MODULES)) 104 | end 105 | 106 | if ENV_PROSODY_TURN_SECRET then 107 | modules_enabled:append{ "turn_external" }; 108 | turn_external_secret = ENV_PROSODY_TURN_SECRET 109 | turn_external_host = ENV_PROSODY_TURN_HOST 110 | turn_external_port = ENV_PROSODY_TURN_PORT 111 | turn_external_tls_port = ENV_PROSODY_TURN_TLS_PORT 112 | end 113 | 114 | if ENV_PROSODY_RETENTION_DAYS or ENV_PROSODY_ARCHIVE_EXPIRY_DAYS then 115 | modules_enabled:append{ "mam" } 116 | end 117 | 118 | modules_disabled = _split(ENV_PROSODY_DISABLE_MODULES) 119 | 120 | 121 | -- Server-to-server authentication 122 | -- Require valid certificates for server-to-server connections? 123 | -- If false, other methods such as dialback (DNS) may be used instead. 124 | 125 | s2s_secure_auth = ENV_PROSODY_S2S_SECURE_AUTH ~= "0" 126 | 127 | -- Some servers have invalid or self-signed certificates. You can list 128 | -- remote domains here that will not be required to authenticate using 129 | -- certificates. They will be authenticated using other methods instead, 130 | -- even when s2s_secure_auth is enabled. 131 | 132 | --s2s_insecure_domains = { "insecure.example" } 133 | 134 | -- Even if you disable s2s_secure_auth, you can still require valid 135 | -- certificates for some domains by specifying a list here. 136 | 137 | --s2s_secure_domains = { "jabber.org" } 138 | 139 | 140 | -- Rate limits 141 | -- Enable rate limits for incoming client and server connections. These help 142 | -- protect from excessive resource consumption and denial-of-service attacks. 143 | 144 | limits = { 145 | c2s = { 146 | rate = ENV_PROSODY_C2S_RATE_LIMIT or "10kb/s"; 147 | }; 148 | s2sin = { 149 | rate = ENV_PROSODY_S2S_RATE_LIMIT or "30kb/s"; 150 | }; 151 | } 152 | 153 | -- Authentication 154 | -- Select the authentication backend to use. The 'internal' providers 155 | -- use Prosody's configured data storage to store the authentication data. 156 | -- For more information see https://prosody.im/doc/authentication 157 | 158 | authentication = "internal_hashed" 159 | 160 | -- Many authentication providers, including the default one, allow you to 161 | -- create user accounts via Prosody's admin interfaces. For details, see the 162 | -- documentation at https://prosody.im/doc/creating_accounts 163 | 164 | 165 | -- Storage 166 | -- Select the storage backend to use. By default Prosody uses flat files 167 | -- in its configured data directory, but it also supports more backends 168 | -- through modules. An "sql" backend is included by default, but requires 169 | -- additional dependencies. See https://prosody.im/doc/storage for more info. 170 | 171 | storage = ENV_PROSODY_SQL_DRIVER and "sql" or ENV_PROSODY_STORAGE or "internal" 172 | 173 | -- For the "sql" backend, you can uncomment *one* of the below to configure: 174 | 175 | if ENV_PROSODY_SQL_DRIVER then 176 | sql = { 177 | driver = ENV_PROSODY_SQL_DRIVER; 178 | database = ENV_PROSODY_SQL_DB; 179 | username = ENV_PROSODY_SQL_USERNAME; 180 | password = ENV_PROSODY_SQL_PASSWORD; 181 | host = ENV_PROSODY_SQL_HOST; 182 | } 183 | end 184 | --sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename. 185 | --sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } 186 | --sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } 187 | 188 | 189 | -- Archiving configuration 190 | -- If mod_mam is enabled, Prosody will store a copy of every message. This 191 | -- is used to synchronize conversations between multiple clients, even if 192 | -- they are offline. This setting controls how long Prosody will keep 193 | -- messages in the archive before removing them. 194 | 195 | archive_expires_after = (ENV_PROSODY_ARCHIVE_EXPIRY_DAYS or ENV_PROSODY_RETENTION_DAYS or "7").."d" -- Remove archived messages after 1 week 196 | 197 | -- You can also configure messages to be stored in-memory only. For more 198 | -- archiving options, see https://prosody.im/doc/modules/mod_mam 199 | 200 | 201 | -- Audio/video call relay (STUN/TURN) 202 | -- To ensure clients connected to the server can establish connections for 203 | -- low-latency media streaming (such as audio and video calls), it is 204 | -- recommended to run a STUN/TURN server for clients to use. If you do this, 205 | -- specify the details here so clients can discover it. 206 | -- Find more information at https://prosody.im/doc/turn 207 | 208 | -- Specify the address of the TURN service (you may use the same domain as XMPP) 209 | --turn_external_host = "turn.example.com" 210 | 211 | -- This secret must be set to the same value in both Prosody and the TURN server 212 | --turn_external_secret = "your-secret-turn-access-token" 213 | 214 | 215 | -- Logging configuration 216 | -- For advanced logging see https://prosody.im/doc/logging 217 | log = { 218 | [ENV_PROSODY_LOGLEVEL or "info"] = "*console"; 219 | } 220 | 221 | 222 | -- For more info see https://prosody.im/doc/statistics 223 | statistics = ENV_PROSODY_STATISTICS 224 | statistics_interval = Lua.tonumber(ENV_PROSODY_STATISTICS_INTERVAL) or ENV_PROSODY_STATISTICS_INTERVAL 225 | 226 | 227 | -- Certificates 228 | -- Every virtual host and component needs a certificate so that clients and 229 | -- servers can securely verify its identity. Prosody will automatically load 230 | -- certificates/keys from the directory specified here. 231 | -- For more information, including how to use 'prosodyctl' to auto-import certificates 232 | -- (from e.g. Let's Encrypt) see https://prosody.im/doc/certificates 233 | 234 | -- Location of directory to find certificates in (relative to main config file): 235 | certificates = ENV_PROSODY_CERTIFICATES or "certs" 236 | 237 | ----------- Virtual hosts ----------- 238 | -- You need to add a VirtualHost entry for each domain you wish Prosody to serve. 239 | -- Settings under each VirtualHost entry apply *only* to that host. 240 | 241 | local pp = Lua.require "prosody.util.pposix"; 242 | local vhosts = _split(ENV_PROSODY_VIRTUAL_HOSTS) or {pp.uname().nodename}; 243 | 244 | local network_hostname = ENV_PROSODY_NETWORK_HOSTNAME or #vhosts == 1 and vhosts[1]; 245 | if network_hostname then 246 | http_host = network_hostname 247 | proxy65_address = network_hostname 248 | if ENV_PROSODY_TURN_SECRET and not ENV_PROSODY_TURN_HOST then 249 | turn_external_host = network_hostname 250 | end 251 | end 252 | 253 | for _, vhost in Lua.ipairs(vhosts) do 254 | VirtualHost (vhost) 255 | end 256 | 257 | ------ Components ------ 258 | -- You can specify components to add hosts that provide special services, 259 | -- like multi-user conferences, and transports. 260 | -- For more information on components, see https://prosody.im/doc/components 261 | 262 | for _, component_def in Lua.ipairs(_split(ENV_PROSODY_COMPONENTS) or {}) do 263 | local c_name, c_type = _unpack(_split(component_def, ":")); 264 | Component (c_name) (c_type) 265 | 266 | if c_type == "muc" then 267 | modules_enabled = _split(ENV_PROSODY_MUC_MODULES) 268 | elseif c_type == "http_file_share" then 269 | http_file_share_expire_after = 60 * 60 * 24 * tonumber(ENV_PROSODY_UPLOAD_EXPIRY_DAYS or ENV_PROSODY_RETENTION_DAYS or "7") 270 | if ENV_PROSODY_UPLOAD_LIMIT_MB then 271 | http_file_share_size_limit = (1024 * 1024 * tonumber(ENV_PROSODY_UPLOAD_LIMIT_MB)) + 16 272 | end 273 | if ENV_PROSODY_UPLOAD_STORAGE_GB then 274 | http_file_share_global_quota = 1024 * 1024 * 1024 * tonumber(ENV_PROSODY_UPLOAD_STORAGE_GB) 275 | end 276 | http_paths = { 277 | file_share = "/share"; 278 | } 279 | end 280 | end 281 | 282 | for _, component_def in Lua.ipairs(_split(ENV_PROSODY_EXTERNAL_COMPONENTS) or {}) do 283 | local c_name, c_secret = _unpack(_split(component_def, ":")); 284 | Component (c_name) 285 | component_secret = c_secret or ENV_PROSODY_COMPONENT_SECRET 286 | end 287 | 288 | ---Set up a MUC (multi-user chat) room server on conference.example.com: 289 | --Component "conference.example.com" "muc" 290 | --- Store MUC messages in an archive and allow users to access it 291 | --modules_enabled = { "muc_mam" } 292 | 293 | ---Set up a file sharing component 294 | --Component "share.example.com" "http_file_share" 295 | 296 | ---Set up an external component (default component port is 5347) 297 | -- 298 | -- External components allow adding various services, such as gateways/ 299 | -- bridges to non-XMPP networks and services. For more info 300 | -- see: https://prosody.im/doc/components#adding_an_external_component 301 | -- 302 | --Component "gateway.example.com" 303 | -- component_secret = "password" 304 | 305 | 306 | ---------- End of the Prosody Configuration file ---------- 307 | -- You usually **DO NOT** want to add settings here at the end, as they would 308 | -- only apply to the last defined VirtualHost or Component. 309 | -- 310 | -- Settings for the global section should go higher up, before the first 311 | -- VirtualHost or Component line, while settings intended for specific hosts 312 | -- should go under the corresponding VirtualHost or Component line. 313 | -- 314 | -- For more information see https://prosody.im/doc/configure 315 | 316 | Include (ENV_PROSODY_EXTRA_CONFIG or "/etc/prosody/conf.d/*.cfg.lua") 317 | -------------------------------------------------------------------------------- /configs/prosody-0.12.cfg.lua: -------------------------------------------------------------------------------- 1 | -- Prosody Configuration File 2 | -- 3 | -- Information on configuring Prosody can be found on our 4 | -- website at https://prosody.im/doc/configure 5 | -- 6 | -- Tip: You can check that the syntax of this file is correct 7 | -- when you have finished by running this command: 8 | -- prosodyctl check config 9 | -- If there are any errors, it will let you know what and where 10 | -- they are, otherwise it will keep quiet. 11 | -- 12 | -- The only thing left to do is rename this file to remove the .dist ending, and fill in the 13 | -- blanks. Good luck, and happy Jabbering! 14 | 15 | local _unpack = table.unpack or _G.unpack; 16 | local function _split(s, sep) 17 | if not s then return nil; end 18 | sep = sep or ","; 19 | local parts = {}; 20 | for part in s:gmatch("[^"..sep.."]+") do 21 | parts[#parts+1] = part; 22 | end 23 | return parts; 24 | end 25 | 26 | 27 | ---------- Server-wide settings ---------- 28 | -- Settings in this section apply to the whole server and are the default settings 29 | -- for any virtual hosts 30 | 31 | plugin_paths = _split(ENV_PROSODY_PLUGIN_PATHS or "/etc/prosody/modules") 32 | 33 | -- This is a (by default, empty) list of accounts that are admins 34 | -- for the server. Note that you must create the accounts separately 35 | -- (see https://prosody.im/doc/creating_accounts for info) 36 | -- Example: admins = { "user1@example.com", "user2@example.net" } 37 | admins = _split(ENV_PROSODY_ADMINS) 38 | 39 | -- This option allows you to specify additional locations where Prosody 40 | -- will search first for modules. For additional modules you can install, see 41 | -- the community module repository at https://modules.prosody.im/ 42 | --plugin_paths = {} 43 | 44 | -- This is the list of modules Prosody will load on startup. 45 | -- Documentation for bundled modules can be found at: https://prosody.im/doc/modules 46 | local default_modules = { 47 | 48 | -- Generally required 49 | "disco"; -- Service discovery 50 | "roster"; -- Allow users to have a roster. Recommended ;) 51 | "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. 52 | "tls"; -- Add support for secure TLS on c2s/s2s connections 53 | 54 | -- Not essential, but recommended 55 | "blocklist"; -- Allow users to block communications with other users 56 | "bookmarks"; -- Synchronise the list of open rooms between clients 57 | "carbons"; -- Keep multiple online clients in sync 58 | "dialback"; -- Support for verifying remote servers using DNS 59 | "limits"; -- Enable bandwidth limiting for XMPP connections 60 | "pep"; -- Allow users to store public and private data in their account 61 | "private"; -- Legacy account storage mechanism (XEP-0049) 62 | "smacks"; -- Stream management and resumption (XEP-0198) 63 | "vcard4"; -- User profiles (stored in PEP) 64 | "vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard 65 | 66 | -- Nice to have 67 | "csi_simple"; -- Simple but effective traffic optimizations for mobile devices 68 | "invites"; -- Create and manage invites 69 | "invites_adhoc"; -- Allow admins/users to create invitations via their client 70 | "invites_register"; -- Allows invited users to create accounts 71 | "ping"; -- Replies to XMPP pings with pongs 72 | "register"; -- Allow users to register on this server using a client and change passwords 73 | "time"; -- Let others know the time here on this server 74 | "uptime"; -- Report how long server has been running 75 | "version"; -- Replies to server version requests 76 | --"mam"; -- Store recent messages to allow multi-device synchronization 77 | --"turn_external"; -- Provide external STUN/TURN service for e.g. audio/video calls 78 | 79 | -- Admin interfaces 80 | "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands 81 | "admin_shell"; -- Allow secure administration via 'prosodyctl shell' 82 | 83 | -- HTTP modules 84 | --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" 85 | --"http_openmetrics"; -- for exposing metrics to stats collectors 86 | --"websocket"; -- XMPP over WebSockets 87 | 88 | -- Other specific functionality 89 | --"announce"; -- Send announcement to all online users 90 | --"groups"; -- Shared roster support 91 | --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. 92 | --"mimicking"; -- Prevent address spoofing 93 | --"motd"; -- Send a message to users when they log in 94 | --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use 95 | --"s2s_bidi"; -- Bi-directional server-to-server (XEP-0288) 96 | --"server_contact_info"; -- Publish contact information for this service 97 | --"tombstones"; -- Prevent registration of deleted accounts 98 | --"watchregistrations"; -- Alert admins of registrations 99 | --"welcome"; -- Welcome users who register accounts 100 | } 101 | 102 | for _, module_name in ipairs(_split(ENV_PROSODY_ENABLE_MODULES) or {}) do 103 | default_modules[#default_modules+1] = module_name; 104 | end 105 | 106 | if ENV_PROSODY_TURN_SECRET then 107 | default_modules[#default_modules+1] = "turn_external"; 108 | turn_external_secret = ENV_PROSODY_TURN_SECRET 109 | turn_external_host = ENV_PROSODY_TURN_HOST 110 | turn_external_port = ENV_PROSODY_TURN_PORT 111 | turn_external_tls_port = ENV_PROSODY_TURN_TLS_PORT 112 | end 113 | 114 | if ENV_PROSODY_RETENTION_DAYS or ENV_PROSODY_ARCHIVE_EXPIRY_DAYS then 115 | default_modules[#default_modules+1] = "mam"; 116 | end 117 | 118 | modules_enabled = default_modules 119 | 120 | local env_disabled_modules = {}; 121 | for _, module_name in ipairs(_split(ENV_PROSODY_DISABLE_MODULES) or {}) do 122 | env_disabled_modules[#env_disabled_modules+1] = module_name; 123 | end 124 | 125 | modules_disabled = env_disabled_modules 126 | 127 | 128 | -- Server-to-server authentication 129 | -- Require valid certificates for server-to-server connections? 130 | -- If false, other methods such as dialback (DNS) may be used instead. 131 | 132 | s2s_secure_auth = ENV_PROSODY_S2S_SECURE_AUTH ~= "0" 133 | 134 | -- Some servers have invalid or self-signed certificates. You can list 135 | -- remote domains here that will not be required to authenticate using 136 | -- certificates. They will be authenticated using other methods instead, 137 | -- even when s2s_secure_auth is enabled. 138 | 139 | --s2s_insecure_domains = { "insecure.example" } 140 | 141 | -- Even if you disable s2s_secure_auth, you can still require valid 142 | -- certificates for some domains by specifying a list here. 143 | 144 | --s2s_secure_domains = { "jabber.org" } 145 | 146 | 147 | -- Rate limits 148 | -- Enable rate limits for incoming client and server connections. These help 149 | -- protect from excessive resource consumption and denial-of-service attacks. 150 | 151 | limits = { 152 | c2s = { 153 | rate = ENV_PROSODY_C2S_RATE_LIMIT or "10kb/s"; 154 | }; 155 | s2sin = { 156 | rate = ENV_PROSODY_S2S_RATE_LIMIT or "30kb/s"; 157 | }; 158 | } 159 | 160 | -- Authentication 161 | -- Select the authentication backend to use. The 'internal' providers 162 | -- use Prosody's configured data storage to store the authentication data. 163 | -- For more information see https://prosody.im/doc/authentication 164 | 165 | authentication = "internal_hashed" 166 | 167 | -- Many authentication providers, including the default one, allow you to 168 | -- create user accounts via Prosody's admin interfaces. For details, see the 169 | -- documentation at https://prosody.im/doc/creating_accounts 170 | 171 | 172 | -- Storage 173 | -- Select the storage backend to use. By default Prosody uses flat files 174 | -- in its configured data directory, but it also supports more backends 175 | -- through modules. An "sql" backend is included by default, but requires 176 | -- additional dependencies. See https://prosody.im/doc/storage for more info. 177 | 178 | storage = ENV_PROSODY_SQL_DRIVER and "sql" or ENV_PROSODY_STORAGE or "internal" 179 | 180 | -- For the "sql" backend, you can uncomment *one* of the below to configure: 181 | 182 | if ENV_PROSODY_SQL_DRIVER then 183 | sql = { 184 | driver = ENV_PROSODY_SQL_DRIVER; 185 | database = ENV_PROSODY_SQL_DB; 186 | username = ENV_PROSODY_SQL_USERNAME; 187 | password = ENV_PROSODY_SQL_PASSWORD; 188 | host = ENV_PROSODY_SQL_HOST; 189 | } 190 | end 191 | --sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename. 192 | --sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } 193 | --sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } 194 | 195 | 196 | -- Archiving configuration 197 | -- If mod_mam is enabled, Prosody will store a copy of every message. This 198 | -- is used to synchronize conversations between multiple clients, even if 199 | -- they are offline. This setting controls how long Prosody will keep 200 | -- messages in the archive before removing them. 201 | 202 | archive_expires_after = (ENV_PROSODY_ARCHIVE_EXPIRY_DAYS or ENV_PROSODY_RETENTION_DAYS or "7").."d" -- Remove archived messages after 1 week 203 | 204 | -- You can also configure messages to be stored in-memory only. For more 205 | -- archiving options, see https://prosody.im/doc/modules/mod_mam 206 | 207 | 208 | -- Audio/video call relay (STUN/TURN) 209 | -- To ensure clients connected to the server can establish connections for 210 | -- low-latency media streaming (such as audio and video calls), it is 211 | -- recommended to run a STUN/TURN server for clients to use. If you do this, 212 | -- specify the details here so clients can discover it. 213 | -- Find more information at https://prosody.im/doc/turn 214 | 215 | -- Specify the address of the TURN service (you may use the same domain as XMPP) 216 | --turn_external_host = "turn.example.com" 217 | 218 | -- This secret must be set to the same value in both Prosody and the TURN server 219 | --turn_external_secret = "your-secret-turn-access-token" 220 | 221 | 222 | -- Logging configuration 223 | -- For advanced logging see https://prosody.im/doc/logging 224 | log = { 225 | [ENV_PROSODY_LOGLEVEL or "info"] = "*console"; 226 | } 227 | 228 | 229 | -- For more info see https://prosody.im/doc/statistics 230 | statistics = ENV_PROSODY_STATISTICS 231 | statistics_interval = tonumber(ENV_PROSODY_STATISTICS_INTERVAL) or ENV_PROSODY_STATISTICS_INTERVAL 232 | 233 | 234 | -- Certificates 235 | -- Every virtual host and component needs a certificate so that clients and 236 | -- servers can securely verify its identity. Prosody will automatically load 237 | -- certificates/keys from the directory specified here. 238 | -- For more information, including how to use 'prosodyctl' to auto-import certificates 239 | -- (from e.g. Let's Encrypt) see https://prosody.im/doc/certificates 240 | 241 | -- Location of directory to find certificates in (relative to main config file): 242 | certificates = ENV_PROSODY_CERTIFICATES or "certs" 243 | 244 | ----------- Virtual hosts ----------- 245 | -- You need to add a VirtualHost entry for each domain you wish Prosody to serve. 246 | -- Settings under each VirtualHost entry apply *only* to that host. 247 | 248 | local pp = require "util.pposix"; 249 | local vhosts = _split(ENV_PROSODY_VIRTUAL_HOSTS) or {pp.uname().nodename}; 250 | 251 | local network_hostname = ENV_PROSODY_NETWORK_HOSTNAME or #vhosts == 1 and vhosts[1]; 252 | if network_hostname then 253 | http_host = network_hostname 254 | proxy65_address = network_hostname 255 | if ENV_PROSODY_TURN_SECRET and not ENV_PROSODY_TURN_HOST then 256 | turn_external_host = network_hostname 257 | end 258 | end 259 | 260 | for _, vhost in ipairs(vhosts) do 261 | VirtualHost (vhost) 262 | end 263 | 264 | ------ Components ------ 265 | -- You can specify components to add hosts that provide special services, 266 | -- like multi-user conferences, and transports. 267 | -- For more information on components, see https://prosody.im/doc/components 268 | 269 | for _, component_def in ipairs(_split(ENV_PROSODY_COMPONENTS) or {}) do 270 | local c_name, c_type = _unpack(_split(component_def, ":")); 271 | Component (c_name) (c_type) 272 | 273 | if c_type == "muc" then 274 | modules_enabled = _split(ENV_PROSODY_MUC_MODULES) 275 | elseif c_type == "http_file_share" then 276 | http_file_share_expire_after = 60 * 60 * 24 * tonumber(ENV_PROSODY_UPLOAD_EXPIRY_DAYS or ENV_PROSODY_RETENTION_DAYS or "7") 277 | if ENV_PROSODY_UPLOAD_LIMIT_MB then 278 | http_file_share_size_limit = (1024 * 1024 * tonumber(ENV_PROSODY_UPLOAD_LIMIT_MB)) + 16 279 | end 280 | if ENV_PROSODY_UPLOAD_STORAGE_GB then 281 | http_file_share_global_quota = 1024 * 1024 * 1024 * tonumber(ENV_PROSODY_UPLOAD_STORAGE_GB) 282 | end 283 | http_paths = { 284 | file_share = "/share"; 285 | } 286 | end 287 | end 288 | 289 | for _, component_def in ipairs(_split(ENV_PROSODY_EXTERNAL_COMPONENTS) or {}) do 290 | local c_name, c_secret = _unpack(_split(component_def, ":")); 291 | Component (c_name) 292 | component_secret = c_secret or ENV_PROSODY_COMPONENT_SECRET 293 | end 294 | 295 | ---Set up a MUC (multi-user chat) room server on conference.example.com: 296 | --Component "conference.example.com" "muc" 297 | --- Store MUC messages in an archive and allow users to access it 298 | --modules_enabled = { "muc_mam" } 299 | 300 | ---Set up a file sharing component 301 | --Component "share.example.com" "http_file_share" 302 | 303 | ---Set up an external component (default component port is 5347) 304 | -- 305 | -- External components allow adding various services, such as gateways/ 306 | -- bridges to non-XMPP networks and services. For more info 307 | -- see: https://prosody.im/doc/components#adding_an_external_component 308 | -- 309 | --Component "gateway.example.com" 310 | -- component_secret = "password" 311 | 312 | 313 | ---------- End of the Prosody Configuration file ---------- 314 | -- You usually **DO NOT** want to add settings here at the end, as they would 315 | -- only apply to the last defined VirtualHost or Component. 316 | -- 317 | -- Settings for the global section should go higher up, before the first 318 | -- VirtualHost or Component line, while settings intended for specific hosts 319 | -- should go under the corresponding VirtualHost or Component line. 320 | -- 321 | -- For more information see https://prosody.im/doc/configure 322 | 323 | Include (ENV_PROSODY_EXTRA_CONFIG or "/etc/prosody/conf.d/*.cfg.lua") 324 | --------------------------------------------------------------------------------