💾 Archived View for yaky.dev › notes › prosody captured on 2024-12-17 at 10:05:28. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2024-09-29)

-=-=-=-=-=-=-

Prosody

General check

prosodyctl check

List all user accounts

ls /var/lib/prosody/<your domain>/accounts/

Update certificates (run after every certificate renewal)

prosodyctl --root cert import /etc/letsencrypt/live

Example prosody.cfg.lua for Prosody 0.12+

---------- Server-wide settings ----------
admins = { }
modules_enabled = {
	-- Generally required
		"roster"; -- Allow users to have a roster. Recommended ;)
		"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
		"tls"; -- Add support for secure TLS on c2s/s2s connections
		"dialback"; -- s2s dialback support
		"disco"; -- Service discovery
	-- Not essential, but recommended
		"carbons"; -- Keep multiple clients in sync
		"pep"; -- Enables users to publish their avatar, mood, activity, playing music and more
		"private"; -- Private XML storage (for room bookmarks, etc.)
		"blocklist"; -- Allow users to block communications with other users
		"vcard4"; -- User profiles (stored in PEP)
		"vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard
	-- Nice to have
		"version"; -- Replies to server version requests
		"uptime"; -- Report how long server has been running
		"time"; -- Let others know the time here on this server
		"ping"; -- Replies to XMPP pings with pongs
		"register"; -- Allow users to register on this server using a client and change passwords
		"mam"; -- Message Archive Management for chats
		"csi"; -- Allows clients to report active/inactive state
		"csi_simple"; -- Simple mobile optimizations for csi
	-- Admin interfaces
		"admin_shell";
	-- HTTP modules
		"http"; -- Loaded as needed by other modules
		--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
		--"websocket"; -- XMPP over WebSockets
		--"http_files"; -- Serve static files from a directory over HTTP (not for sharing)
	-- Other specific functionality
		"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
		--"limits"; -- Enable bandwidth limiting for XMPP connections
		--"groups"; -- Shared roster support
		--"server_contact_info"; -- Publish contact information for this service
		--"announce"; -- Send announcement to all online users
		--"welcome"; -- Welcome users who register accounts
		--"watchregistrations"; -- Alert admins of registrations
		--"motd"; -- Send a message to users when they log in
		--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
		--"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
	-- Mobile
		"smacks";
		"cloud_notify"; -- Push notifications (needed for iOS)
}

modules_disabled = {
}

-- Disable account creation
allow_registration = false

pidfile = "/run/prosody/prosody.pid";

c2s_require_encryption = true
s2s_require_encryption = true
s2s_secure_auth = true

authentication = "internal_hashed"

archive_expires_after = "28d" -- Remove archived messages after 4 weeks (GDPR says hi)

-- Replace 'info' with 'debug' for debugging
log = {
	info = "/var/log/prosody/prosody.log";
	error = "/var/log/prosody/prosody.err";
	{ levels = { "error" }; to = "syslog";  };
}

certificates = "certs"

-- Prosody 0.12.x and later will automatically find and serve an appropriate 
-- certificate for HTTPS, based on the certificates already used for your XMPP 
-- services and the hostname requested by the client or web browser. 
-- No additional configuration should be necessary for most deployments.

----------- Virtual hosts -----------

VirtualHost "example.net"

------ Components ------

-- Group chats
Component "groups.example.net" "muc"
	restrict_room_creation="local"
	modules_enabled = { 
		"muc_mam" -- Message Archive Management for groups
	}
	muc_log_expires_after = "28d"
	muc_log_cleanup_interval = 12 * 60 * 60

-- Share files via HTTP (v0.12+)
Component "share.example.net" "http_file_share"
	-- This path is required for clients to work correctly
	-- Have no idea why
	http_paths = {
		file_share = "/upload"
	}
	http_file_share_size_limit = 128*1024*1024+16 -- 128 MiB
	http_file_share_expire_after = 60*60*24*28 -- 28 days

Prosody upload behing NGINX reverse proxy

home

email me: hi@yaky.dev

CC BY-NC yaky.dev