From 622bcbc8c01e08cc33de613ca3cf1c1462f06d95 Mon Sep 17 00:00:00 2001 From: cyberjinh Date: Fri, 12 Mar 2021 20:06:08 +0100 Subject: [PATCH] =?UTF-8?q?Mise=20=C3=A0=20jour=20de=20'prosody.cfg.lua'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- prosody.cfg.lua | 75 +++++++++++-------------------------------------- 1 file changed, 17 insertions(+), 58 deletions(-) diff --git a/prosody.cfg.lua b/prosody.cfg.lua index 8baedc8..9477d1d 100644 --- a/prosody.cfg.lua +++ b/prosody.cfg.lua @@ -1,16 +1,4 @@ -- Prosody XMPP Server Configuration --- --- Information on configuring Prosody can be found on our --- website at https://prosody.im/doc/configure --- --- Tip: You can check that the syntax of this file is correct --- when you have finished by running this command: --- prosodyctl check config --- If there are any errors, it will let you know what and where --- they are, otherwise it will keep quiet. --- --- Good luck, and happy Jabbering! - ---------- Server-wide settings ---------- -- Settings in this section apply to the whole server and are the default settings @@ -22,10 +10,7 @@ admins = {"anael@im.cyberjinh.fr", "keepwatchingme@im.cyberjinh.fr" } -- For more information see: https://prosody.im/doc/libevent --use_libevent = true --- Prosody will always look in its source directory for modules, but --- this option allows you to specify additional locations where Prosody --- will look for modules first. For community modules, see https://modules.prosody.im/ - plugin_paths = { "/usr/lib/prosody/modules/community-mod/prosody-modules" } +plugin_paths = { "/usr/lib/prosody/modules/community-mod/prosody-modules" } -- This is the list of modules Prosody will load on startup. -- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too. @@ -82,7 +67,7 @@ modules_enabled = { "http"; -- Active HTTP -- "register_web"; -- Active registraion web page "strict_https"; - "http_upload"; + -- "http_upload"; "webpresence"; "server_contact_info"; "block_registrations"; @@ -90,6 +75,8 @@ modules_enabled = { "http_altconnect"; "bookmarks"; "turncredentials"; + "external_services"; + "block_strangers"; } @@ -104,7 +91,7 @@ modules_disabled = { hsts_header = "max-age=31556952" turncredentials_host = "turn.im.cyberjinh.fr" -turncredentials_secret = "mysecret" +turncredentials_secret = "secret" console_ports = { 5582 } --legacy_ssl_ports = { 5223 } @@ -131,11 +118,11 @@ contact_info = { feedback = { "xmpp:keepwatchingme@im.cyberjinh.fr", "https:cyberjinh.fr/contact.html" }; support = { "xmpp:keepwatchingme@im.cyberjinh.fr", "https:cyberjinh.fr/contact.html" }; } --- consider_bosh_secure = true --- cross_domain_bosh = true +consider_bosh_secure = true +cross_domain_bosh = true --- cross_domain_websocket = { "https://im.cyberjinh.fr" }; --- consider_websocket_secure = true +cross_domain_websocket = { "https://im.cyberjinh.fr" }; +consider_websocket_secure = true -- mod_limit_auth -- limit_auth_period = 30 @@ -150,38 +137,15 @@ smacks_max_ack_delay = 60 -- mod_cloud_notify -- push_notification_important_body = "Nouveau Message" --- mod_conversjs -- --- conversejs_options = { --- debug = true; --- view_mode = "fullscreen"; --- } - -- Disable account creation by default, for security --- For more information see https://prosody.im/doc/creating_accounts allow_registration = false --mod_block_registrations-- block_registrations_users = { "administrator", "admin", "hostmaster", "postmaster", "webmaster", "root", "xmpp", "anael" } block_registrations_require = "^[a-zA-Z0-9_.-]+$" -- Allow only simple ASCII characters in usernames --- Force clients to use encrypted connections? This option will --- prevent clients from authenticating unless they are using encryption. - c2s_require_encryption = true - --- Force servers to use encrypted connections? This option will --- prevent servers from authenticating unless they are using encryption. --- Note that this is different from authentication - s2s_require_encryption = true - - --- Force certificate authentication for server-to-server connections? --- This provides ideal security, but requires servers you communicate --- with to support encryption AND present valid, trusted certificates. --- NOTE: Your version of LuaSec must support certificate verification! --- For more information see https://prosody.im/doc/s2s#security - s2s_secure_auth = true -- Some servers have invalid or self-signed certificates. You can list @@ -237,7 +201,7 @@ max_archive_query_results = 20; -- For advanced logging see https://prosody.im/doc/logging log = { -- info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging - info = "/dev/null"; + info = "/var/log/prosody/prosody.log"; error = "/var/log/prosody/prosody.err"; -- "*syslog"; -- Uncomment this for logging to syslog -- "*console"; -- Log to the console, useful for debugging with daemonize=false @@ -268,14 +232,8 @@ enabled = true; legacy_ssl_ports = { 5223 } -- http_external_url = "im.cyberjinh.fr" allow_registration = false; -min_seconds_between_registrations = 3600 - - - -- Assign this host a certificate for TLS, otherwise it would use the one - -- set in the global section (if any). - -- Note that old-style SSL on port 5223 only supports one certificate, and will always - -- use the global one. - certificates = "/etc/prosody/certs/" +-- min_seconds_between_registrations = 3600 +certificates = "/etc/prosody/certs/" ------ Components ------ -- You can specify components to add hosts that provide special services, @@ -317,14 +275,15 @@ Component "proxy.im.cyberjinh.fr" "proxy65" -- see: http://prosody.im/doc/components#adding_an_external_component -- -Component "upload.im.cyberjinh.fr" +Component "upload.im.cyberjinh.fr" "http_upload" http_upload_expire_after = 60 * 60 * 24 * 7 -http_upload_file_size_limit = 10 * 1024 * 1024 +http_upload_file_size_limit = 5242880 ---Component "irc.cyberjinh.fr" --- component_secret = "mysecondsecret" +Component "irc.im.cyberjinh.fr" +component_secret = "secret" ssl = { key = "/etc/prosody/certs/im.cyberjinh.fr/privkey.pem"; certificate = "/etc/prosody/certs/im.cyberjinh.fr/fullchain.pem"; } +