Prosody Configuration

1. -- Prosody XMPP Server Configuration
2. --
3. -- Information on configuring Prosody can be found on our
4. -- website at http://prosody.im/doc/configure
5. --
6. -- Tip: You can check that the syntax of this file is correct
7. -- when you have finished by running: prosodyctl check config
8. -- If there are any errors, it will let you know what and where
9. -- they are, otherwise it will keep quiet.
10. --
11. -- Good luck, and happy Jabbering!
12.  
13.  
14. ---------- Server-wide settings ----------
15. -- Settings in this section apply to the whole server and are the default settings
16. -- for any virtual hosts
17.  
18. -- This is a (by default, empty) list of accounts that are admins
19. -- for the server. Note that you must create the accounts separately
20. -- (see http://prosody.im/doc/creating_accounts for info)
21. -- Example: admins = { "user1@example.com", "user2@example.net" }
22. admins = {"focus@auth.example.com" }
23. daemonize = true
24. cross_domain_bosh = true;
25. -- component_ports = { 5347 }
26. -- component_interface = "45.114.84.180"
27.  
28. -- Enable use of libevent for better performance under high load
29. -- For more information see: http://prosody.im/doc/libevent
30. --use_libevent = true
31.  
32. -- This is the list of modules Prosody will load on startup.
33. -- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
34. -- Documentation on modules can be found at: http://prosody.im/doc/modules
35. modules_enabled = {
36.  
37. -- Generally required
38. "roster"; -- Allow users to have a roster. Recommended ;)
39. "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
40. "tls"; -- Add support for secure TLS on c2s/s2s connections
41. "dialback"; -- s2s dialback support
42. "disco"; -- Service discovery
43. "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
44.  
45. -- Not essential, but recommended
46. "private"; -- Private XML storage (for room bookmarks, etc.)
47. "vcard"; -- Allow users to set vCards
48.  
49. -- These are commented by default as they have a performance impact
50. --"privacy"; -- Support privacy lists
51. --"compression"; -- Stream compression (requires the lua-zlib package installed)
52.  
53. -- Nice to have
54. "version"; -- Replies to server version requests
55. "uptime"; -- Report how long server has been running
56. "time"; -- Let others know the time here on this server
57. "ping"; -- Replies to XMPP pings with pongs
58. "pep"; -- Enables users to publish their mood, activity, playing music and more
59. "register"; -- Allow users to register on this server using a client and change passwords
60.  
61. -- Admin interfaces
62. "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
63. --"admin_telnet"; -- Opens telnet console interface on localhost port 5582
64.  
65. -- HTTP modules
66. "bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
67. --"http_files"; -- Serve static files from a directory over HTTP
68. "pubsub";
69.  
70. -- Other specific functionality
71. --"groups"; -- Shared roster support
72. --"announce"; -- Send announcement to all online users
73. --"welcome"; -- Welcome users who register accounts
74. --"watchregistrations"; -- Alert admins of registrations
75. --"motd"; -- Send a message to users when they log in
76. --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
77. -- jitsi
78. "smacks";
79. "carbons";
80. "mam";
81. "lastactivity";
82. "offline";
83. "pubsub";
84. "adhoc";
85. "websocket";
86. "message_logging";
87. --"http_altconnect";
88. }
89.  
90. -- These modules are auto-loaded, but should you want
91. -- to disable them then uncomment them here:
92. modules_disabled = {
93. -- "offline"; -- Store offline messages
94. -- "c2s"; -- Handle client connections
95. -- "s2s"; -- Handle server-to-server connections
96. }
97.  
98. -- Disable account creation by default, for security
99. -- For more information see http://prosody.im/doc/creating_accounts
100. allow_registration = false
101. -- allow_empty_token = true
102.  
103. -- These are the SSL/TLS-related settings. If you don't want
104. -- to use SSL/TLS, you may comment or remove this
105. ssl = {
106. key = "/etc/prosody/certs/localhost.key";
107. certificate = "/etc/prosody/certs/localhost.crt";
108. }
109.  
110. -- Force clients to use encrypted connections? This option will
111. -- prevent clients from authenticating unless they are using encryption.
112.  
113. -- c2s_require_encryption = true
114.  
115. -- This provides ideal security, but requires servers you communicate
116. -- with to support encryption AND present valid, trusted certificates.
117. -- NOTE: Your version of LuaSec must support certificate verification!
118. -- For more information see http://prosody.im/doc/s2s#security
119.  
120. -- s2s_secure_auth = false
121.  
122. -- Many servers don't support encryption or have invalid or self-signed
123. -- certificates. You can list domains here that will not be required to
124. -- authenticate using certificates. They will be authenticated using DNS.
125.  
126. --s2s_insecure_domains = { "gmail.com" }
127.  
128. -- Even if you leave s2s_secure_auth disabled, you can still require valid
129. -- certificates for some domains by specifying a list here.
130.  
131. --s2s_secure_domains = { "jabber.org" }
132.  
133. -- Required for init scripts and prosodyctl
134. --pidfile = "/var/run/prosody/prosody.pid"
135.  
136. -- Select the authentication backend to use. The 'internal' providers
137. -- use Prosody's configured data storage to store the authentication data.
138. -- To allow Prosody to offer secure authentication mechanisms to clients, the
139. -- default provider stores passwords in plaintext. If you do not trust your
140. -- server please see http://prosody.im/doc/modules/mod_auth_internal_hashed
141. -- for information about using the hashed backend.
142.  
143. -- authentication = "internal_plain"
144. authentication = "internal_hashed"
145.  
146. -- Select the storage backend to use. By default Prosody uses flat files
147. -- in its configured data directory, but it also supports more backends
148. -- through modules. An "sql" backend is included by default, but requires
149. -- additional dependencies. See http://prosody.im/doc/storage for more info.
150.  
151. -- storage = "sql" -- Default is "internal"
152.  
153. -- For the "sql" backend, you can uncomment *one* of the below to configure:
154. --sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename.
155. --sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
156. --sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
157.  
158. -- Logging configuration
159. -- For advanced logging see http://prosody.im/doc/logging
160. log = {
161. info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
162. error = "/var/log/prosody/prosody.err";
163. "*syslog";
164. }
165.  
166. ----------- Virtual hosts -----------
167. -- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
168. -- Settings under each VirtualHost entry apply *only* to that host.
169.  
170. --VirtualHost "localhost"
171.  
172. VirtualHost "example.com"
173. -- enabled = false -- Remove this line to enable this host
174. -- authentication = "anonymous"
175. authentication = "internal_plain"
176.  
177. admins = {
178. "jitsi-videobridge.example.com",
179. "jitsi-videobridge2.example.com"
180. }
181.  
182. speakerstats_component = "speakerstats.example.com"
183. conference_duration_component = "conferenceduration.example.com"
184. modules_enabled = {
185. "muc_size";
186. "speakerstats";
187. "conference_duration";
188. }
189.  
190. -- Assign this host a certificate for TLS, otherwise it would use the one
191. -- set in the global section (if any).
192. -- Note that old-style SSL on port 5223 only supports one certificate, and will always
193. -- use the global one.
194. ssl = {
195. key = "/var/lib/prosody/example.com.key";
196. certificate = "/var/lib/prosody/example.com.crt";
197. }
198. c2s_require_encryption = false
199.  
200. VirtualHost "auth.example.com"
201. ssl = {
202. key = "/var/lib/prosody/auth.example.com.key";
203. certificate = "/var/lib/prosody/auth.example.com.crt";
204. }
205. authentication = "internal_plain"
206.  
207.  
208. VirtualHost "guest.example.com"
209. authentication = "anonymous"
210. speakerstats_component = "speakerstats.example.com"
211. conference_duration_component = "conferenceduration.example.com"
212. modules_enabled = {
213. "muc_size";
214. "speakerstats";
215. "conference_duration";
216. -- "muc_lobby_rooms";
217. }
218. c2s_require_encryption = false
219. -- lobby_muc = "lobby.example.com"
220. -- main_muc = "conference.example.com"
221. -- muc_lobby_whitelist = { "recorder.example.com" }
222.  
223.  
224. VirtualHost "recorder.example.com"
225. authentication = "internal_plain"
226. c2s_require_encryption = false
227. -- consider_bosh_secure = true
228.  
229. ------ Components ------
230. -- You can specify components to add hosts that provide special services,
231. -- like multi-user conferences, and transports.
232. -- For more information on components, see http://prosody.im/doc/components
233.  
234. ---Set up a MUC (multi-user chat) room server on conference.example.com:
235. --Component "conference.example.com" "muc"
236.  
237. Component "internal.auth.example.com" "muc"
238. modules_enabled = {
239. "ping";
240. "jigasi";
241. }
242. admins = { "focus@auth.example.com", "jvb@auth.example.com", "jibri@auth.example.com", "jigasi@auth.example.com" }
243. -- admins = { "focus@auth.example.com", "jvb@auth.example.com", "jibri@auth.example.com"}
244. storage = "internal"
245. -- restrict_room_creation = true
246. muc_room_cache_size = 1000
247. muc_room_locking = false
248. muc_room_default_public_jids = true
249.  
250. -- Set up a SOCKS5 bytestream proxy for server-proxied file transfers:
251. --Component "proxy.example.com" "proxy65"
252.  
253. ---Set up an external component (default component port is 5347)
254. --
255. -- External components allow adding various services, such as gateways/
256. -- transports to other networks like ICQ, MSN and Yahoo. For more info
257. -- see: http://prosody.im/doc/components#adding_an_external_component
258. --
259. --Component "gateway.example.com"
260. -- component_secret = "password"
261.  
262. Component "conference.example.com" "muc"
263. modules_enabled = {
264. "muc_mam";
265. }
266. storage = "internal"
267. -- storage = "null"
268. muc_room_locking = false
269. muc_room_default_public_jids = true
270.  
271.  
272. Component "jitsi-videobridge.example.com"
273. component_secret = "YcLmU6CLEeuVRexz"
274.  
275. Component "focus.example.com"
276. component_secret = "hgnZY5GQWtUK3cPE"
277.  
278. Component "callcontrol.example.com"
279. component_secret = "8hSZV9UmQKE79fgD"
280.  
281. Component "jitsi-videobridge2.example.com"
282. component_secret = "tWkuhxbDLCtMJXWE"
283.  
284. Component "speakerstats.example.com" "speakerstats_component"
285. muc_component = "conference.example.com"
286.  
287. Component "conferenceduration.example.com" "conference_duration_component"
288. muc_component = "conference.example.com"
289.  
290. Component "lobby.example.com" "muc"
291. storage = "memory"
292. restrict_room_creation = true
293. muc_room_locking = false
294. muc_room_default_public_jids = true