· 7 years ago · Mar 11, 2019, 08:48 AM
1-- Prosody XMPP Server Configuration
2--
3-- Information on configuring Prosody can be found on our
4-- website at http://prosody.im/doc/configure
5--
6-- Tip: You can check that the syntax of this file is correct
7-- when you have finished by running: luac -p prosody.cfg.lua
8-- If there are any errors, it will let you know what and where
9-- they are, otherwise it will keep quiet.
10--
11-- Good luck, and happy Jabbering!
12
13
14---------- Server-wide settings ----------
15-- Settings in this section apply to the whole server and are the default settings
16-- for any virtual hosts
17
18-- This is a (by default, empty) list of accounts that are admins
19-- for the server. Note that you must create the accounts separately
20-- (see http://prosody.im/doc/creating_accounts for info)
21-- Example: admins = { "user1@example.com", "user2@example.net" }
22--admins = { "root@example.org"}
23
24-- Enable use of libevent for better performance under high load
25-- For more information see: http://prosody.im/doc/libevent
26use_libevent = true;
27
28-- This is the list of modules Prosody will load on startup.
29-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
30-- Documentation on modules can be found at: http://prosody.im/doc/modules
31
32modules_enabled = {
33
34 -- Generally required
35 "roster"; -- Allow users to have a roster. Recommended ;)
36 "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
37 "tls"; -- Add support for secure TLS on c2s/s2s connections
38 "dialback"; -- s2s dialback support
39 "disco"; -- Service discovery
40 "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
41
42 -- OTR
43 "otr"; -- Off The Record module. Essential for cypherpunks everywhere.
44
45 -- Not essential, but recommended
46 "private"; -- Private XML storage (for room bookmarks, etc.)
47 "vcard"; -- Allow users to set vCards
48
49 -- These are commented by default as they have a performance impact
50 --"privacy"; -- Support privacy lists
51 --"compression"; -- Stream compression (requires the lua-zlib package installed)
52
53 -- Nice to have
54 -- "version"; -- Replies to server version requests
55 "uptime"; -- Report how long server has been running
56 "time"; -- Let others know the time here on this server
57 "ping"; -- Replies to XMPP pings with pongs
58 "pep"; -- Enables users to publish their mood, activity, playing music and more
59 "register"; -- Allow users to register on this server using a client and change passwords
60
61 -- Admin interfaces
62 "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
63 --"admin_telnet"; -- Opens telnet console interface on localhost port 5582
64
65 -- HTTP modules
66 --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
67 --"http_files"; -- Serve static files from a directory over HTTP
68
69 -- Other specific functionality
70 --"groups"; -- Shared roster support
71 --"announce"; -- Send announcement to all online users
72 --"welcome"; -- Welcome users who register accounts
73 --"watchregistrations"; -- Alert admins of registrations
74 --"motd"; -- Send a message to users when they log in
75 --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
76};
77
78-- These modules are auto-loaded, but should you want
79-- to disable them then uncomment them here:
80modules_disabled = {
81 "offline"; -- Store offline messages
82 -- "c2s"; -- Handle client connections
83 -- "s2s"; -- Handle server-to-server connections
84};
85
86-- Disable account creation by default, for security
87-- For more information see http://prosody.im/doc/creating_accounts
88allow_registration = false;
89
90-- These are the SSL/TLS-related settings. If you don't want
91-- to use SSL/TLS, you may comment or remove this
92ssl = {
93 key = "/etc/prosody/certs/kaundere.xyz.key";
94 certificate = "/etc/prosody/certs/kaundere.xyz.crt";
95 --dhparam = "/etc/prosody/certs/dhparam.pem";
96 --options = { "no_sslv2", "no_sslv3", "no_tlsv1", "no_tlsv1_1", "cipher_server_preference"};
97 --ciphers = "HIGH+kEECDH:HIGH+kEDH:!PSK:!SRP:!3DES:!aNULL:!AES128:!CAMELLIA128:!SHA";
98 --curve = "secp256k1";
99}
100
101-- Force clients to use encrypted connections? This option will
102-- prevent clients from authenticating unless they are using encryption.
103
104c2s_require_encryption = true
105
106-- Force certificate authentication for server-to-server connections?
107-- This provides ideal security, but requires servers you communicate
108-- with to support encryption AND present valid, trusted certificates.
109-- NOTE: Your version of LuaSec must support certificate verification!
110-- For more information see http://prosody.im/doc/s2s#security
111
112s2s_secure_auth = true
113s2s_require_encryption = true
114
115-- Many servers don't support encryption or have invalid or self-signed
116-- certificates. You can list domains here that will not be required to
117-- authenticate using certificates. They will be authenticated using DNS.
118
119--s2s_insecure_domains = { "gmail.com" }
120
121-- Even if you leave s2s_secure_auth disabled, you can still require valid
122-- certificates for some domains by specifying a list here.
123
124--s2s_secure_domains = { "jabber.org" }
125
126-- Required for init scripts and prosodyctl
127pidfile = "/var/run/prosody/prosody.pid"
128
129-- Select the authentication backend to use. The 'internal' providers
130-- use Prosody's configured data storage to store the authentication data.
131-- To allow Prosody to offer secure authentication mechanisms to clients, the
132-- default provider stores passwords in plaintext. If you do not trust your
133-- server please see http://prosody.im/doc/modules/mod_auth_internal_hashed
134-- for information about using the hashed backend.
135
136authentication = "internal_hashed"
137
138-- Select the storage backend to use. By default Prosody uses flat files
139-- in its configured data directory, but it also supports more backends
140-- through modules. An "sql" backend is included by default, but requires
141-- additional dependencies. See http://prosody.im/doc/storage for more info.
142
143--storage = "sql" -- Default is "internal"
144
145-- For the "sql" backend, you can uncomment *one* of the below to configure:
146--sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename.
147--sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
148--sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
149
150-- Logging configuration
151-- For advanced logging see http://prosody.im/doc/logging
152-- log = {
153 -- info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
154 -- error = "/var/log/prosody/prosody.err";
155 -- "*syslog";
156-- }
157
158----------- Interface Binding -----------
159-- Uncomment the c2s_interfaces line if you want to bind port 5222 to localhost.
160-- This does nothing to stop de-anonymization attacks, since s2s connections are
161-- done via clearnet for interoperability reasons. If you do this, you will need
162-- a hidden service address to give out in order for your users to connect.
163
164-- c2s_interfaces = { "127.0.0.1", "::1" }
165
166----------- Virtual hosts -----------
167-- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
168-- Settings under each VirtualHost entry apply *only* to that host.
169
170VirtualHost "
171
172
173
174------ Components ------
175-- You can specify components to add hosts that provide special services,
176-- like multi-user conferences, and transports.
177-- For more information on components, see http://prosody.im/doc/components
178
179---Set up a MUC (multi-user chat) room server on conference.example.com:
180--Component "conference.example.com" "muc"
181
182-- Set up a SOCKS5 bytestream proxy for server-proxied file transfers:
183--Component "proxy.example.com" "proxy65"
184
185---Set up an external component (default component port is 5347)
186--
187-- External components allow adding various services, such as gateways/
188-- transports to other networks like ICQ, MSN and Yahoo. For more info
189-- see: http://prosody.im/doc/components#adding_an_external_component
190--
191--Component "gateway.example.com"
192-- component_secret = "password"