aboutsummaryrefslogtreecommitdiff
path: root/files/usr/local/etc/prosody/prosody.cfg.lua.xmpp_server
blob: 7936cac069a1bc71f4d43941de0259fdb0945f22 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
$([ -n "${prosody_admins:-}" ] && echo "admins = { \"$(join '", "' $prosody_admins)\" }")
pidfile = "/var/run/prosody/prosody.pid"

plugin_paths = { "/usr/local/lib/prosody-modules" }

modules_enabled = {

  -- Generally required
    "disco"; -- Service discovery
    "roster"; -- Allow users to have a roster. Recommended ;)
    "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
    "tls"; -- Add support for secure TLS on c2s/s2s connections

  -- Not essential, but recommended
    "blocklist"; -- Allow users to block communications with other users
    "bookmarks"; -- Synchronise the list of open rooms between clients
    "carbons"; -- Keep multiple online clients in sync
    "dialback"; -- Support for verifying remote servers using DNS
    "limits"; -- Enable bandwidth limiting for XMPP connections
    "pep"; -- Allow users to store public and private data in their account
    "private"; -- Legacy account storage mechanism (XEP-0049)
    "smacks"; -- Stream management and resumption (XEP-0198)
    "vcard4"; -- User profiles (stored in PEP)
    "vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard

  -- Nice to have
    "ping"; -- Replies to XMPP pings with pongs
    "register"; -- Allow users to register on this server using a client and change passwords
    "time"; -- Let others know the time here on this server
    "uptime"; -- Report how long server has been running
    "version"; -- Replies to server version requests
    "mam"; -- Store recent messages to allow multi-device synchronization
    "turn_external"; -- Provide external STUN/TURN service for e.g. audio/video calls

  -- Admin interfaces
    "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
    "admin_shell"; -- Allow secure administration via 'prosodyctl shell'

  -- Other specific functionality
    "groups"; -- Shared roster support
    "csi_battery_saver";
    "reload_modules";
}

reload_modules = { "groups", "tls" }

groups_file = "${prosody_roster_path}"

s2s_secure_auth = true
c2s_direct_tls_ports = { ${prosody_c2s_tls_port} }
s2s_direct_tls_ports = { ${prosody_s2s_tls_port} }

limits = {
  c2s = {
    rate = "10kb/s";
  };
  s2sin = {
    rate = "30kb/s";
  };
}

authentication = "ldap"
ldap_server = "${ldap_hosts}"
ldap_tls = true
ldap_base = "${users_basedn}"
ldap_scope = "subtree"
ldap_filter = "(&(memberOf=cn=${prosody_access_role},${roles_basedn})(mailAddress=\$user@\$host))"
ldap_rootdn = "${prosody_dn}"
ldap_password = "${prosody_ldap_password}"

storage = "sql"
sql = { driver = "PostgreSQL", database = "${prosody_dbname}", username = "${prosody_username}", host = "${prosody_dbhost}" }

archive_expires_after = "${prosody_archive_expiration}"

turn_external_host = "${prosody_turn_host}"
turn_external_port = ${prosody_turn_port}
turn_external_secret = "${prosody_turn_secret}"

log = {
  info = "*syslog";
}

certificates = "certs"

http_ports = { ${prosody_http_port} }
http_interfaces = { "127.0.0.1" }
https_interfaces = { }
https_ports = { }
http_external_url = "https://${prosody_public_fqdn}/"
https_external_url = "https://${prosody_public_fqdn}/"
trusted_proxies = { "127.0.0.1" }
http_max_content_size = ${prosody_upload_sizelimit}

Component "${prosody_public_fqdn}" "http_upload"
http_upload_file_size_limit = ${prosody_upload_sizelimit}
http_upload_expire_after = ${prosody_upload_expiration}
http_upload_quota = ${prosody_upload_quota}

$(for vhost in $prosody_domains; do cat <<EOF
VirtualHost "${vhost}"
  disco_items = {
    { "${prosody_public_fqdn}" }
  }
Component "conference.${vhost}" "muc"
  modules_enabled = { "muc_mam"}
EOF
done)