API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 11th, 2019
243
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.56 KB | None | 0 0
raw download clone embed print report
  1. -- Prosody XMPP Server Configuration
  2. --
  3. -- Information on configuring Prosody can be found on our
  4. -- website at http://prosody.im/doc/configure
  5. --
  6. -- Tip: You can check that the syntax of this file is correct
  7. -- when you have finished by running: luac -p prosody.cfg.lua
  8. -- If there are any errors, it will let you know what and where
  9. -- they are, otherwise it will keep quiet.
  10. --
  11. -- Good luck, and happy Jabbering!
  12.  
  13.  
  14. ---------- Server-wide settings ----------
  15. -- Settings in this section apply to the whole server and are the default settings
  16. -- for any virtual hosts
  17.  
  18. -- This is a (by default, empty) list of accounts that are admins
  19. -- for the server. Note that you must create the accounts separately
  20. -- (see http://prosody.im/doc/creating_accounts for info)
  21. -- Example: admins = { "user1@example.com", "user2@example.net" }
  22. --admins = { "root@example.org"}
  23.  
  24. -- Enable use of libevent for better performance under high load
  25. -- For more information see: http://prosody.im/doc/libevent
  26. use_libevent = true;
  27.  
  28. -- This is the list of modules Prosody will load on startup.
  29. -- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
  30. -- Documentation on modules can be found at: http://prosody.im/doc/modules
  31.  
  32. modules_enabled = {
  33.  
  34. -- Generally required
  35. "roster"; -- Allow users to have a roster. Recommended ;)
  36. "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
  37. "tls"; -- Add support for secure TLS on c2s/s2s connections
  38. "dialback"; -- s2s dialback support
  39. "disco"; -- Service discovery
  40. "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
  41.  
  42. -- OTR
  43. "otr"; -- Off The Record module. Essential for cypherpunks everywhere.
  44.  
  45. -- Not essential, but recommended
  46. "private"; -- Private XML storage (for room bookmarks, etc.)
  47. "vcard"; -- Allow users to set vCards
  48.  
  49. -- These are commented by default as they have a performance impact
  50. --"privacy"; -- Support privacy lists
  51. --"compression"; -- Stream compression (requires the lua-zlib package installed)
  52.  
  53. -- Nice to have
  54. -- "version"; -- Replies to server version requests
  55. "uptime"; -- Report how long server has been running
  56. "time"; -- Let others know the time here on this server
  57. "ping"; -- Replies to XMPP pings with pongs
  58. "pep"; -- Enables users to publish their mood, activity, playing music and more
  59. "register"; -- Allow users to register on this server using a client and change passwords
  60.  
  61. -- Admin interfaces
  62. "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
  63. --"admin_telnet"; -- Opens telnet console interface on localhost port 5582
  64.  
  65. -- HTTP modules
  66. --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
  67. --"http_files"; -- Serve static files from a directory over HTTP
  68.  
  69. -- Other specific functionality
  70. --"groups"; -- Shared roster support
  71. --"announce"; -- Send announcement to all online users
  72. --"welcome"; -- Welcome users who register accounts
  73. --"watchregistrations"; -- Alert admins of registrations
  74. --"motd"; -- Send a message to users when they log in
  75. --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
  76. };
  77.  
  78. -- These modules are auto-loaded, but should you want
  79. -- to disable them then uncomment them here:
  80. modules_disabled = {
  81. "offline"; -- Store offline messages
  82. -- "c2s"; -- Handle client connections
  83. -- "s2s"; -- Handle server-to-server connections
  84. };
  85.  
  86. -- Disable account creation by default, for security
  87. -- For more information see http://prosody.im/doc/creating_accounts
  88. allow_registration = false;
  89.  
  90. -- These are the SSL/TLS-related settings. If you don't want
  91. -- to use SSL/TLS, you may comment or remove this
  92. ssl = {
  93. key = "/etc/prosody/certs/kaundere.xyz.key";
  94. certificate = "/etc/prosody/certs/kaundere.xyz.crt";
  95. --dhparam = "/etc/prosody/certs/dhparam.pem";
  96. --options = { "no_sslv2", "no_sslv3", "no_tlsv1", "no_tlsv1_1", "cipher_server_preference"};
  97. --ciphers = "HIGH+kEECDH:HIGH+kEDH:!PSK:!SRP:!3DES:!aNULL:!AES128:!CAMELLIA128:!SHA";
  98. --curve = "secp256k1";
  99. }
  100.  
  101. -- Force clients to use encrypted connections? This option will
  102. -- prevent clients from authenticating unless they are using encryption.
  103.  
  104. c2s_require_encryption = true
  105.  
  106. -- Force certificate authentication for server-to-server connections?
  107. -- This provides ideal security, but requires servers you communicate
  108. -- with to support encryption AND present valid, trusted certificates.
  109. -- NOTE: Your version of LuaSec must support certificate verification!
  110. -- For more information see http://prosody.im/doc/s2s#security
  111.  
  112. s2s_secure_auth = true
  113. s2s_require_encryption = true
  114.  
  115. -- Many servers don't support encryption or have invalid or self-signed
  116. -- certificates. You can list domains here that will not be required to
  117. -- authenticate using certificates. They will be authenticated using DNS.
  118.  
  119. --s2s_insecure_domains = { "gmail.com" }
  120.  
  121. -- Even if you leave s2s_secure_auth disabled, you can still require valid
  122. -- certificates for some domains by specifying a list here.
  123.  
  124. --s2s_secure_domains = { "jabber.org" }
  125.  
  126. -- Required for init scripts and prosodyctl
  127. pidfile = "/var/run/prosody/prosody.pid"
  128.  
  129. -- Select the authentication backend to use. The 'internal' providers
  130. -- use Prosody's configured data storage to store the authentication data.
  131. -- To allow Prosody to offer secure authentication mechanisms to clients, the
  132. -- default provider stores passwords in plaintext. If you do not trust your
  133. -- server please see http://prosody.im/doc/modules/mod_auth_internal_hashed
  134. -- for information about using the hashed backend.
  135.  
  136. authentication = "internal_hashed"
  137.  
  138. -- Select the storage backend to use. By default Prosody uses flat files
  139. -- in its configured data directory, but it also supports more backends
  140. -- through modules. An "sql" backend is included by default, but requires
  141. -- additional dependencies. See http://prosody.im/doc/storage for more info.
  142.  
  143. --storage = "sql" -- Default is "internal"
  144.  
  145. -- For the "sql" backend, you can uncomment *one* of the below to configure:
  146. --sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename.
  147. --sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
  148. --sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
  149.  
  150. -- Logging configuration
  151. -- For advanced logging see http://prosody.im/doc/logging
  152. -- log = {
  153. -- info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
  154. -- error = "/var/log/prosody/prosody.err";
  155. -- "*syslog";
  156. -- }
  157.  
  158. ----------- Interface Binding -----------
  159. -- Uncomment the c2s_interfaces line if you want to bind port 5222 to localhost.
  160. -- This does nothing to stop de-anonymization attacks, since s2s connections are
  161. -- done via clearnet for interoperability reasons. If you do this, you will need
  162. -- a hidden service address to give out in order for your users to connect.
  163.  
  164. -- c2s_interfaces = { "127.0.0.1", "::1" }
  165.  
  166. ----------- Virtual hosts -----------
  167. -- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
  168. -- Settings under each VirtualHost entry apply *only* to that host.
  169.  
  170. VirtualHost "
  171.  
  172.  
  173.  
  174. ------ Components ------
  175. -- You can specify components to add hosts that provide special services,
  176. -- like multi-user conferences, and transports.
  177. -- For more information on components, see http://prosody.im/doc/components
  178.  
  179. ---Set up a MUC (multi-user chat) room server on conference.example.com:
  180. --Component "conference.example.com" "muc"
  181.  
  182. -- Set up a SOCKS5 bytestream proxy for server-proxied file transfers:
  183. --Component "proxy.example.com" "proxy65"
  184.  
  185. ---Set up an external component (default component port is 5347)
  186. --
  187. -- External components allow adding various services, such as gateways/
  188. -- transports to other networks like ICQ, MSN and Yahoo. For more info
  189. -- see: http://prosody.im/doc/components#adding_an_external_component
  190. --
  191. --Component "gateway.example.com"
  192. -- component_secret = "password"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!