prosody
0ce404230388
prosody.cfg.lua.dist
Software / code / prosody
Comparison
prosody.cfg.lua.dist @ 9641:0ce404230388
Merge 0.11->trunk
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 25 Nov 2018 13:31:40 +0100 |
| parent | 9637:b8301ba2c437 |
| child | 10176:9178d18a4ed7 |
| child | 11553:b0d8920ed5e5 |
comparison
equal
deleted
inserted
replaced
| 9635:fc2266339cd8 | 9641:0ce404230388 |
|---|---|
| 100 | 100 |
| 101 c2s_require_encryption = true | 101 c2s_require_encryption = true |
| 102 | 102 |
| 103 -- Force servers to use encrypted connections? This option will | 103 -- Force servers to use encrypted connections? This option will |
| 104 -- prevent servers from authenticating unless they are using encryption. | 104 -- prevent servers from authenticating unless they are using encryption. |
| 105 -- Note that this is different from authentication | |
| 106 | 105 |
| 107 s2s_require_encryption = true | 106 s2s_require_encryption = true |
| 108 | 107 |
| 109 | |
| 110 -- Force certificate authentication for server-to-server connections? | 108 -- Force certificate authentication for server-to-server connections? |
| 111 -- This provides ideal security, but requires servers you communicate | |
| 112 -- with to support encryption AND present valid, trusted certificates. | |
| 113 -- NOTE: Your version of LuaSec must support certificate verification! | |
| 114 -- For more information see https://prosody.im/doc/s2s#security | |
| 115 | 109 |
| 116 s2s_secure_auth = false | 110 s2s_secure_auth = false |
| 117 | 111 |
| 118 -- Some servers have invalid or self-signed certificates. You can list | 112 -- Some servers have invalid or self-signed certificates. You can list |
| 119 -- remote domains here that will not be required to authenticate using | 113 -- remote domains here that will not be required to authenticate using |
| 120 -- certificates. They will be authenticated using DNS instead, even | 114 -- certificates. They will be authenticated using DNS instead, even |
| 121 -- when s2s_secure_auth is enabled. | 115 -- when s2s_secure_auth is enabled. |
| 122 | 116 |
| 123 --s2s_insecure_domains = { "insecure.example" } | 117 --s2s_insecure_domains = { "insecure.example" } |
| 124 | 118 |
| 125 -- Even if you leave s2s_secure_auth disabled, you can still require valid | 119 -- Even if you disable s2s_secure_auth, you can still require valid |
| 126 -- certificates for some domains by specifying a list here. | 120 -- certificates for some domains by specifying a list here. |
| 127 | 121 |
| 128 --s2s_secure_domains = { "jabber.org" } | 122 --s2s_secure_domains = { "jabber.org" } |
| 129 | 123 |
| 130 -- Select the authentication backend to use. The 'internal' providers | 124 -- Select the authentication backend to use. The 'internal' providers |
| 131 -- use Prosody's configured data storage to store the authentication data. | 125 -- use Prosody's configured data storage to store the authentication data. |
| 132 -- To allow Prosody to offer secure authentication mechanisms to clients, the | |
| 133 -- default provider stores passwords in plaintext. If you do not trust your | |
| 134 -- server please see https://prosody.im/doc/modules/mod_auth_internal_hashed | |
| 135 -- for information about using the hashed backend. | |
| 136 | 126 |
| 137 authentication = "internal_hashed" | 127 authentication = "internal_hashed" |
| 138 | 128 |
| 139 -- Select the storage backend to use. By default Prosody uses flat files | 129 -- Select the storage backend to use. By default Prosody uses flat files |
| 140 -- in its configured data directory, but it also supports more backends | 130 -- in its configured data directory, but it also supports more backends |
| 181 -- (from e.g. Let's Encrypt) see https://prosody.im/doc/certificates | 171 -- (from e.g. Let's Encrypt) see https://prosody.im/doc/certificates |
| 182 | 172 |
| 183 -- Location of directory to find certificates in (relative to main config file): | 173 -- Location of directory to find certificates in (relative to main config file): |
| 184 certificates = "certs" | 174 certificates = "certs" |
| 185 | 175 |
| 176 -- HTTPS currently only supports a single certificate, specify it here: | |
| 177 --https_certificate = "certs/localhost.crt" | |
| 178 | |
| 186 ----------- Virtual hosts ----------- | 179 ----------- Virtual hosts ----------- |
| 187 -- You need to add a VirtualHost entry for each domain you wish Prosody to serve. | 180 -- You need to add a VirtualHost entry for each domain you wish Prosody to serve. |
| 188 -- Settings under each VirtualHost entry apply *only* to that host. | 181 -- Settings under each VirtualHost entry apply *only* to that host. |
| 189 | 182 |
| 190 VirtualHost "localhost" | 183 VirtualHost "localhost" |
