1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
|
---
apiVersion: v1
kind: ConfigMap
metadata:
name: prosody-config
namespace: chat-system
labels:
app.kubernetes.io/created-by: tyil
app.kubernetes.io/managed-by: manual
app.kubernetes.io/name: prosody
app.kubernetes.io/part-of: chat-system
data:
prosody.cfg.lua: |
-- Information on configuring Prosody can be found on our
-- website at https://prosody.im/doc/configure
daemonize = false;
---------- Server-wide settings ----------
admins = {
"tyil@chat.tyil.nl",
}
log = {
{ levels = { min = "debug" }, to = "console" };
}
plugin_paths = { "/usr/local/lib/prosody/modules" }
modules_enabled = {
-- Generally required
"disco"; -- Service discovery
"roster"; -- Allow users to have a roster. Recommended ;)
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
"tls"; -- Add support for secure TLS on c2s/s2s connections
-- Not essential, but recommended
"adhoc"; -- XEP-0050
"blocklist"; -- Allow users to block communications with other users
--"bookmarks"; -- Synchronise the list of open rooms between clients
"carbons"; -- Keep multiple online clients in sync
"dialback"; -- Support for verifying remote servers using DNS
"limits"; -- Enable bandwidth limiting for XMPP connections
"pep"; -- Allow users to store public and private data in their account
"private"; -- Legacy account storage mechanism (XEP-0049)
--"smacks"; -- Stream management and resumption (XEP-0198)
"vcard4"; -- User profiles (stored in PEP)
"vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard
-- Nice to have
"csi_simple"; -- Simple but effective traffic optimizations for mobile devices
--"invites"; -- Create and manage invites
--"invites_adhoc"; -- Allow admins/users to create invitations via their client
--"invites_register"; -- Allows invited users to create accounts
"ping"; -- Replies to XMPP pings with pongs
"register"; -- Allow users to register on this server using a client and change passwords
"time"; -- Let others know the time here on this server
"uptime"; -- Report how long server has been running
"version"; -- Replies to server version requests
"mam"; -- Store recent messages to allow multi-device synchronization
--"turn_external"; -- Provide external STUN/TURN service for e.g. audio/video calls
-- Admin interfaces
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
--"admin_shell"; -- Allow secure administration via 'prosodyctl shell'
-- HTTP modules
--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
--"http_openmetrics"; -- for exposing metrics to stats collectors
--"websocket"; -- XMPP over WebSockets
-- Other specific functionality
"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
--"announce"; -- Send announcement to all online users
--"groups"; -- Shared roster support
--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
--"mimicking"; -- Prevent address spoofing
--"motd"; -- Send a message to users when they log in
--"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
--"s2s_bidi"; -- Bi-directional server-to-server (XEP-0288)
--"server_contact_info"; -- Publish contact information for this service
--"tombstones"; -- Prevent registration of deleted accounts
--"watchregistrations"; -- Alert admins of registrations
--"welcome"; -- Welcome users who register accounts
}
modules_disabled = {
-- "offline"; -- Store offline messages
-- "c2s"; -- Handle client connections
-- "s2s"; -- Handle server-to-server connections
}
s2s_secure_auth = true
limits = {
c2s = {
rate = "10kb/s";
};
s2sin = {
rate = "30kb/s";
};
}
authentication = "internal_hashed"
archive_expires_after = "1w" -- Remove archived messages after 1 week
-- Audio/video call relay (STUN/TURN)
-- To ensure clients connected to the server can establish connections for
-- low-latency media streaming (such as audio and video calls), it is
-- recommended to run a STUN/TURN server for clients to use. If you do this,
-- specify the details here so clients can discover it.
-- Find more information at https://prosody.im/doc/turn
-- Specify the address of the TURN service (you may use the same domain as XMPP)
--turn_external_host = "turn.example.com"
-- This secret must be set to the same value in both Prosody and the TURN server
--turn_external_secret = "your-secret-turn-access-token"
statistics = "internal"
-- Load configuration from secrets
Include "secrets.d/*"
-- Configure components
component_ports = {
5347,
}
component_interfaces = {
"*",
"::",
}
Include "components.d/*"
-- Load configuration for additional hosts
Include "hosts.d/*"
...
---
apiVersion: v1
kind: ConfigMap
metadata:
name: prosody-vhosts
namespace: chat-system
labels:
app.kubernetes.io/created-by: tyil
app.kubernetes.io/managed-by: manual
app.kubernetes.io/name: prosody
app.kubernetes.io/part-of: chat-system
data:
chat.tyil.nl: |
VirtualHost "chat.tyil.nl"
ssl = {
certificate = "certs.d/chat.tyil.nl/tls.crt";
key = "certs.d/chat.tyil.nl/tls.key";
}
Component "muc.chat.tyil.nl" "muc"
name = "Tyil's Chatrooms"
...
|
