sito-hackit-19/talks/xmpp/res/advanced.prosody.cfg.txt
2019-06-04 17:40:30 +02:00

220 lines
7.7 KiB
Lua

--
-- Information on configuring Prosody can be found on our
-- website at https://prosody.im/doc/configure
--
-- Tip: You can check that the syntax of this file is correct
-- when you have finished by running this command:
-- prosodyctl check config
-- If there are any errors, it will let you know what and where
-- they are, otherwise it will keep quiet.
--
-- The only thing left to do is rename this file to remove the .dist ending, and fill in the
-- blanks. Good luck, and happy Jabbering!
interfaces = {"*"} -- only ipv4
local_interfaces = {"127.0.0.1"}
admins = { "boyska@miodominio.net" }
plugin_paths = { "/usr/local/lib/prosody/prosody-modules" }
modules_enabled = {
-- Generally required
"roster"; -- Allow users to have a roster. Recommended ;)
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
"tls"; -- Add support for secure TLS on c2s/s2s connections
"dialback"; -- s2s dialback support
"disco"; -- Service discovery
-- Not essential, but recommended
"carbons"; -- Keep multiple clients in sync
"pep"; -- Enables users to publish their mood, activity, playing music and more
-- TODO: pep o pep_simple? il modulo omemo_all_access, non piu supportato, diceva di usare mod_pep_simple
"private"; -- Private XML storage (for room bookmarks, etc.)
"vcard4";
"vcard_legacy";
"blocklist"; -- Allow users to block communications with other users
"vcard"; -- Allow users to set vCards
-- Nice to have
"version"; -- Replies to server version requests
"uptime"; -- Report how long server has been running
"time"; -- Let others know the time here on this server
"ping"; -- Replies to XMPP pings with pongs
"register"; -- Allow users to register on this server using a client and change passwords
"mam"; -- Store messages in an archive and allow users to access it
-- "mam_adhoc"; -- Permette ad ogni utente di cambiare le configurazioni di archiviazione
-- Admin interfaces
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
-- "admin_telnet"; -- Opens telnet console interface on localhost port 5582
-- HTTP modules
"http";
"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"; utile per web-based chat e firewall
--"websocket"; -- XMPP over WebSockets; alcune web-based chat lo usano e funziona meglio
--"http_files"; -- Serve static files from a directory over HTTP
-- Other specific functionality
"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
--"limits"; -- Enable bandwidth limiting for XMPP connections
"groups"; -- Aggiungiamo gruppi a persone in automatico
"bookmarks";
"group_bookmarks"; -- Aggiungiamo persone a stanze in automatico
"roster_allinall"; -- vogliamo questo per fare tutti co tutti
-- Security
"log_auth";
-- Mobili di merda
"csi_simple";
"throttle_presence";
"filter_chatstates";
"smacks";
"http_upload_external";
--"server_contact_info"; -- Publish contact information for this service
"announce"; -- Send announcement to all online users; solo gli ADMIN possono
-- "welcome"; -- Da' un messaggio agli utenti che si loggano per la prima volta (funziona solo con register, che non vogliamo)
-- "watchregistrations"; -- Alert admins of registrations
--"motd"; -- Send a message to users when they log in
--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
-- "proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
}
groups_file = "/var/lib/prosody/groups.txt"
group_bookmarks_file = "/var/lib/prosody/grouprooms.txt"
-- These modules are auto-loaded, but should you want
-- to disable them then uncomment them here:
modules_disabled = {
"legacy_ssl";
"https";
-- "offline"; -- Store offline messages
-- "c2s"; -- Handle client connections
-- "s2s"; -- Handle server-to-server connections
}
-- Disable account creation by default, for security
-- For more information see https://prosody.im/doc/creating_accounts
allow_registration = false
daemonize = false;
pidfile = "/run/prosody/prosody.pid";
-- SECURITY {{{
c2s_require_encryption = true
s2s_require_encryption = true
s2s_secure_auth = true
-- Location of directory to find certificates in (relative to main config file):
certificates = "certs"
-- certificates = "/etc/letsencrypt/live/degenerazione.xyz/"
https_ports = {5281}
https_ssl = {
key = "certs/xmpp.miodominio.net.key";
certificate = "certs/xmpp.miodominio.net.crt";
}
-- trusted_proxies serve a BOSH per prendere gli IP dagli header
trusted_proxies = {"192.168.1.33", "192.168.100.33"}
http_external_url = "https://xmpp.miodominio.net/"
-- le richieste ci arrivano come "xmpp.miodominio.net". A quale component le diamo? famo cosi' e vaffanculo
http_default_host = "miodominio.info"
ssl = {
protocol = "tlsv1_1+";
}
-- SECURITY }}}
-- AUTHENTICATION {{{
-- Select the authentication backend to use. The 'internal' providers
-- use Prosody's configured data storage to store the authentication data.
-- To allow Prosody to offer secure authentication mechanisms to clients, the
-- default provider stores passwords in plaintext. If you do not trust your
-- server please see https://prosody.im/doc/modules/mod_auth_internal_hashed
-- for information about using the hashed backend.
-- authentication = "internal_hashed"
authentication = "ldap"
ldap_base = "ou=mail,dc=miodominio,dc=net"
ldap_filter = "(uid=$user@$host)"
-- AUTHENTICATION }}}
storage = "sql"
sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename.
-- Archiving configuration
-- If mod_mam is enabled, Prosody will store a copy of every message. This
-- is used to synchronize conversations between multiple clients, even if
-- they are offline. This setting controls how long Prosody will keep
-- messages in the archive before removing them.
archive_expires_after = "2w" -- Remove archived messages after 1 week
max_history_messages = 3000 -- per mam_muc
log = {
-- Log files (change 'info' to 'debug' for debug logs):
debug = "/var/log/prosody/debug";
info = "/var/log/prosody/prosody.log";
error = "/var/log/prosody/prosody.err";
-- Syslog:
{ levels = { min="debug" }; to = "syslog"; };
}
-- Uncomment to enable statistics
-- For more info see https://prosody.im/doc/statistics
statistics = "internal"
http_upload_external_base_url = "https://upload.xmpp.miodominio.net/upload/"
http_upload_external_secret = "ASDASDASDASDASDD"
http_upload_external_file_size_limit = 20000000 -- 20 MB
-- Include "conf.d/*.cfg.lua"
allinall_groups = {
{"miodominio.info", "miodominio.net"};
}
VirtualHost "miodominio.info"
disco_items = {
{ "conference.miodominio.info", "Chat per miodominio" };
{"proxy.xmpp.miodominio.net", "Trasferimento file"};
}
VirtualHost "miodominio.net"
disco_items = {
{ "conference.miodominio.info", "Chat per miodominio" };
{"proxy.xmpp.miodominio.net", "Trasferimento file"};
}
-- ssl = {
-- key = "certs/miodominio.net.key";
-- certificate = "certs/miodominio.net.crt";
-- }
Component "conference.miodominio.info" "muc"
name = "Chat di miodominio"
-- restrict_room_creation = "local"
max_history_messages = 100
modules_enabled = {
"muc_mam"; -- Memorizza anche le chat
"vcard_muc"; -- avatar e altro
}
-- mod_mam_muc {{{
max_history_messages = 200;
-- }}}
--
muc_room_default_public = false
muc_room_default_persistent = true
muc_room_default_members_only = false
muc_room_default_moderated = false
muc_room_default_public_jids = false
muc_room_default_change_subject = true
muc_room_default_history_length = 50
muc_room_default_language = "it"
Component "proxy.xmpp.miodominio.net" "proxy65"
-- proxy65_address = "xmpp.miodominio.net"
proxy65_acl = { "miodominio.info", "miodominio.net" }
-- vim: set fdm=marker ft=lua fdl=0: