Prosody config

1. -- Prosody XMPP Server Configuration
2. --
3. -- Information on configuring Prosody can be found on our
4. -- website at https://prosody.im/doc/configure
5. --
6. -- Tip: You can check that the syntax of this file is correct
7. -- when you have finished by running this command:
8. --     prosodyctl check config
9. -- If there are any errors, it will let you know what and where
10. -- they are, otherwise it will keep quiet.
11. --
12. -- Good luck, and happy Jabbering!
13.  
14.  
15. ---------- Server-wide settings ----------
16. -- Settings in this section apply to the whole server and are the default settings
17. -- for any virtual hosts
18.  
19. -- This is a (by default, empty) list of accounts that are admins
20. -- for the server. Note that you must create the accounts separately
21. -- (see https://prosody.im/doc/creating_accounts for info)
22. -- Example: admins = { "user1@example.com", "user2@example.net" }
23. admins = { "b09dan@chat.example.com" }
24.  
25. -- Enable use of libevent for better performance under high load
26. -- For more information see: https://prosody.im/doc/libevent
27. --use_libevent = true
28.  
29. -- Prosody will always look in its source directory for modules, but
30. -- this option allows you to specify additional locations where Prosody
31. -- will look for modules first. For community modules, see https://modules.prosody.im/
32. plugin_paths = { "/usr/share/prosody" }
33.  
34. -- This is the list of modules Prosody will load on startup.
35. -- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
36. -- Documentation for bundled modules can be found at: https://prosody.im/doc/modules
37. modules_enabled = {
38.  
39.     -- Generally required
40.         "roster"; -- Allow users to have a roster. Recommended ;)
41.         "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
42.         "tls"; -- Add support for secure TLS on c2s/s2s connections
43.         "dialback"; -- s2s dialback support
44.         "disco"; -- Service discovery
45.  
46.     -- Not essential, but recommended
47.         "carbons"; -- Keep multiple clients in sync
48.         "pep"; -- Enables users to publish their mood, activity, playing music and more
49.         "private"; -- Private XML storage (for room bookmarks, etc.)
50.         "blocklist"; -- Allow users to block communications with other users
51.         "vcard"; -- Allow users to set vCards
52.  
53.     -- Nice to have
54.         "version"; -- Replies to server version requests
55.         "uptime"; -- Report how long server has been running
56.         "time"; -- Let others know the time here on this server
57.         "ping"; -- Replies to XMPP pings with pongs
58.         "register"; -- Allow users to register on this server using a client and change passwords
59.         "mam"; -- Store messages in an archive and allow users to access it
60.  
61.     -- Admin interfaces
62.         "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
63.         --"admin_telnet"; -- Opens telnet console interface on localhost port 5582
64.  
65.     -- HTTP modules
66.         --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
67.         --"websocket"; -- XMPP over WebSockets
68.         "http_files"; -- Serve static files from a directory over HTTP
69.  
70.     -- Other specific functionality
71.         --"limits"; -- Enable bandwidth limiting for XMPP connections
72.         --"groups"; -- Shared roster support
73.         --"server_contact_info"; -- Publish contact information for this service
74.         --"announce"; -- Send announcement to all online users
75.         --"welcome"; -- Welcome users who register accounts
76.         --"watchregistrations"; -- Alert admins of registrations
77.         --"motd"; -- Send a message to users when they log in
78.         --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
79.         --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
80.  
81.     -- Plugins
82.         "http_upload"; -- Implementation of Conversations HTTP upload file transfer mode (XEP-0363)
83.         "csi"; -- Client State Indication support (A way for mobile clients to tell the server that they are sitting in someones pocket and would rather not get some less urgent things pushed to it.)
84.         "smacks"; -- Reliability and fast reconnects for XMPP (XEP-0198: Stream Management)
85.         -- "profile"; -- It is enabled instead of "pep" and "vcard" to make XEP-0163 working
86.         "omemo_all_access"; -- Disable access control for all OMEMO related PEP nodes (XEP-0060)
87.  
88. }
89.  
90. -- These modules are auto-loaded, but should you want
91. -- to disable them then uncomment them here:
92. modules_disabled = {
93.     -- "offline"; -- Store offline messages
94.     -- "c2s"; -- Handle client connections
95.     -- "s2s"; -- Handle server-to-server connections
96.     -- "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
97. }
98.  
99. -- Disable account creation by default, for security
100. -- For more information see https://prosody.im/doc/creating_accounts
101. allow_registration = false
102.  
103. -- Force clients to use encrypted connections? This option will
104. -- prevent clients from authenticating unless they are using encryption.
105.  
106. c2s_require_encryption = true
107.  
108. -- Force servers to use encrypted connections? This option will
109. -- prevent servers from authenticating unless they are using encryption.
110. -- Note that this is different from authentication
111.  
112. s2s_require_encryption = true
113.  
114.  
115. -- Force certificate authentication for server-to-server connections?
116. -- This provides ideal security, but requires servers you communicate
117. -- with to support encryption AND present valid, trusted certificates.
118. -- NOTE: Your version of LuaSec must support certificate verification!
119. -- For more information see https://prosody.im/doc/s2s#security
120.  
121. s2s_secure_auth = false
122.  
123. -- Some servers have invalid or self-signed certificates. You can list
124. -- remote domains here that will not be required to authenticate using
125. -- certificates. They will be authenticated using DNS instead, even
126. -- when s2s_secure_auth is enabled.
127.  
128. --s2s_insecure_domains = { "insecure.example" }
129.  
130. -- Even if you leave s2s_secure_auth disabled, you can still require valid
131. -- certificates for some domains by specifying a list here.
132.  
133. --s2s_secure_domains = { "jabber.org" }
134.  
135. -- Required for init scripts and prosodyctl
136. pidfile = "/var/run/prosody/prosody.pid"
137.  
138. -- Select the authentication backend to use. The 'internal' providers
139. -- use Prosody's configured data storage to store the authentication data.
140. -- To allow Prosody to offer secure authentication mechanisms to clients, the
141. -- default provider stores passwords in plaintext. If you do not trust your
142. -- server please see https://prosody.im/doc/modules/mod_auth_internal_hashed
143. -- for information about using the hashed backend.
144.  
145. authentication = "internal_hashed"
146.  
147. -- Select the storage backend to use. By default Prosody uses flat files
148. -- in its configured data directory, but it also supports more backends
149. -- through modules. An "sql" backend is included by default, but requires
150. -- additional dependencies. See https://prosody.im/doc/storage for more info.
151.  
152. storage = "sql" -- Default is "internal"
153. default_storage = "sql"
154.  
155. -- For the "sql" backend, you can uncomment *one* of the below to configure:
156. --sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename.
157. --sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
158. sql = { driver = "PostgreSQL", database = "database", username = "username", password = "password", host = "localhost" }
159.  
160.  
161. -- Archiving configuration
162. -- If mod_mam is enabled, Prosody will store a copy of every message. This
163. -- is used to synchronize conversations between multiple clients, even if
164. -- they are offline. This setting controls how long Prosody will keep
165. -- messages in the archive before removing them.
166.  
167. archive_expires_after = "1w" -- Remove archived messages after 1 week
168.  
169. -- You can also configure messages to be stored in-memory only. For more
170. -- archiving options, see https://prosody.im/doc/modules/mod_mam
171.  
172. -- Logging configuration
173. -- For advanced logging see https://prosody.im/doc/logging
174. log = {
175.     info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
176.     error = "/var/log/prosody/prosody.err";
177.     -- "*syslog"; -- Uncomment this for logging to syslog
178.     -- "*console"; -- Log to the console, useful for debugging with daemonize=false
179. }
180.  
181. -- Uncomment to enable statistics
182. -- For more info see https://prosody.im/doc/statistics
183. -- statistics = "internal"
184.  
185. -- Certificates
186. -- Every virtual host and component needs a certificate so that clients and
187. -- servers can securely verify its identity. Prosody will automatically load
188. -- certificates/keys from the directory specified here.
189. -- For more information, including how to use 'prosodyctl' to auto-import certificates
190. -- (from e.g. Let's Encrypt) see https://prosody.im/doc/certificates
191.  
192. -- Location of directory to find certificates in (relative to main config file):
193. certificates = "certs"
194.  
195. ----------- Virtual hosts -----------
196. -- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
197. -- Settings under each VirtualHost entry apply *only* to that host.
198.  
199. VirtualHost "chat.example.com"
200.  
201. --VirtualHost "example.com"
202. --  certificate = "/path/to/example.crt"
203.  
204. ------ Components ------
205. -- You can specify components to add hosts that provide special services,
206. -- like multi-user conferences, and transports.
207. -- For more information on components, see https://prosody.im/doc/components
208.  
209. ---Set up a MUC (multi-user chat) room server on conference.example.com:
210. --Component "conference.example.com" "muc"
211. Component "conference.chat.example.com" "muc"
212.  
213. ---Set up an external component (default component port is 5347)
214. --
215. -- External components allow adding various services, such as gateways/
216. -- transports to other networks like ICQ, MSN and Yahoo. For more info
217. -- see: https://prosody.im/doc/components#adding_an_external_component
218. --
219. --Component "gateway.example.com"
220. --  component_secret = "password"
221.  
222.  
223.  
224. ----------- Plugins -----------
225.  
226. -- mod_http_upload --
227. http_upload_file_size_limit = 536870912 -- 512 MB in bytes
228. http_upload_expire_after = 604800 -- 60 * 60 * 24 * 7
229. http_upload_quota = 10737418240 -- 10 GB
230. http_upload_path = "/var/lib/prosody"
231.  
232. -- mod_mam --
233. max_archive_query_results = 200
234. default_archive_policy = true
235. archive_expires_after = "never" -- forever messages storing for mod_mam