prosody-modules
tip
mod_isolate_host/README.md
Software / code / prosody-modules
Comparison
mod_isolate_host/README.md @ 6211:750d64c47ec6 draft default tip
Merge
| author | Trần H. Trung <xmpp:trần.h.trung@trung.fun> |
|---|---|
| date | Tue, 18 Mar 2025 00:31:36 +0700 |
| parent | 6003:fe081789f7b5 |
comparison
equal
deleted
inserted
replaced
| 6210:24316a399978 | 6211:750d64c47ec6 |
|---|---|
| 1 --- | |
| 2 labels: | |
| 3 - 'Stage-Beta' | |
| 4 summary: Prevent communication between hosts | |
| 5 ... | |
| 6 | |
| 7 Introduction | |
| 8 ============ | |
| 9 | |
| 10 In some environments it is desirable to isolate one or more hosts, and | |
| 11 prevent communication with external, or even other internal domains. | |
| 12 | |
| 13 Loading mod\_isolate\_host on a host will prevent all communication with | |
| 14 JIDs outside of the current domain, though it is possible to configure | |
| 15 exceptions. | |
| 16 | |
| 17 **Note:** if you just want to prevent communication with external | |
| 18 domains, this is possible without a plugin. See [Prosody: Disabling | |
| 19 s2s](http://prosody.im/doc/s2s#disabling) for more information. | |
| 20 | |
| 21 This module was sponsored by [Exa Networks](http://exa-networks.co.uk/). | |
| 22 | |
| 23 Configuration | |
| 24 ============= | |
| 25 | |
| 26 To isolate all hosts by default, add the module to your global | |
| 27 modules\_enabled: | |
| 28 | |
| 29 ``` {.lua} | |
| 30 modules_enabled = { | |
| 31 ... | |
| 32 "isolate_host"; | |
| 33 ... | |
| 34 } | |
| 35 ``` | |
| 36 | |
| 37 Alternatively you can isolate a single host by putting a | |
| 38 modules\_enabled line under the VirtualHost directive: | |
| 39 | |
| 40 ``` {.lua} | |
| 41 VirtualHost "example.com" | |
| 42 modules_enabled = { "isolate_host" } | |
| 43 ``` | |
| 44 | |
| 45 After enabling the module, you can add further options to add exceptions | |
| 46 for the isolation: | |
| 47 | |
| 48 Option Description | |
| 49 -------------------------- ----------------------------------------------------------------------------------------- | |
| 50 isolate\_except\_domains A list of domains to allow communication with. | |
| 51 isolate\_except\_users A list of user JIDs allowed to bypass the isolation and communicate with other domains. | |
| 52 | |
| 53 **Note:** Admins of hosts are always allowed to communicate with other | |
| 54 domains | |
| 55 | |
| 56 Compatibility | |
| 57 ============= | |
| 58 | |
| 59 ----- ------- | |
| 60 0.9 Works | |
| 61 ----- ------- |
