prosody-modules
fe8222112cf4
misc/systemd/prosody.service

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

misc/systemd/prosody.service @ 6199:fe8222112cf4

mod_conversejs: Serve base app at / This makes things slightly less awkward for the browser to figure out which URLs belong to a PWA. The app's "start URL" was previously without the '/' and therefore was not considered within the scope of the PWA. Now the canonical app URL will always have a '/'. Prosody/mod_http should take care of redirecting existing links without the trailing / to the new URL. If you have an installation at https://prosody/conversejs then it is now at https://prosody/conversejs/ (the first URL will now redirect to the second URL if you use it). The alternative would be to make the PWA scope include the parent, i.e. the whole of https://prosody/ in this case. This might get messy if other PWAs are provided by the same site or Prosody installation, however.
author Matthew Wild <mwild1@gmail.com>
date Tue, 11 Feb 2025 13:18:38 +0000
parent 5904:eb1c524a5150
line wrap: on
line source

# This is an example service file. For some time there's now also one in used in our Debian releases at https://hg.prosody.im/debian/

[Unit]
### see man systemd.unit
Description=Prosody XMPP Server
Documentation=https://prosody.im/doc

[Service]
### See man systemd.service ###
# With this configuration, systemd takes care of daemonization
# so Prosody should be configured with daemonize = false
Type=simple

# Not sure if this is needed for 'simple'
PIDFile=/var/run/prosody/prosody.pid

# Start by executing the main executable
ExecStart=/usr/bin/prosody

ExecReload=/bin/kill -HUP $MAINPID

# Restart on crashes
Restart=on-abnormal

# Set O_NONBLOCK flag on sockets passed via socket activation
NonBlocking=true

### See man systemd.exec ###

WorkingDirectory=/var/lib/prosody

User=prosody
Group=prosody

UMask=0027

# Nice=0

# Set stdin to /dev/null since Prosody does not need it
StandardInput=null

# Direct stdout/-err to journald for use with log = "*stdout"
StandardOutput=journal
StandardError=inherit

# This usually defaults to 4k or so
# LimitNOFILE=1M

## Interesting protection methods
# Finding a useful combo of these settings would be nice
#
# Needs read access to /etc/prosody for config
# Needs write access to /var/lib/prosody for storing data (for internal storage)
# Needs write access to /var/log/prosody for writing logs (depending on config)
# Needs read access to code and libraries loaded

# ReadWriteDirectories=/var/lib/prosody /var/log/prosody
# InaccessibleDirectories=/boot /home /media /mnt /root /srv
# ReadOnlyDirectories=/usr /etc/prosody

# PrivateTmp=true
# PrivateDevices=true
# PrivateNetwork=false

# ProtectSystem=full
# ProtectHome=true
# ProtectKernelTunables=true
# ProtectControlGroups=true
# SystemCallFilter=

# This should break LuaJIT
# MemoryDenyWriteExecute=true