Software /
code /
prosody
Comparison
prosody.cfg.lua.dist @ 8258:503f424d4f07
prosody.cfg.lua.dist: Update in preparation for 0.10.0 release
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Sat, 23 Sep 2017 13:39:16 +0100 |
parent | 6345:8e006348d0e5 |
child | 8260:17c630b243ce |
comparison
equal
deleted
inserted
replaced
8257:c24837f57259 | 8258:503f424d4f07 |
---|---|
1 -- Prosody Example Configuration File | 1 -- Prosody Example Configuration File |
2 -- | 2 -- |
3 -- Information on configuring Prosody can be found on our | 3 -- Information on configuring Prosody can be found on our |
4 -- website at http://prosody.im/doc/configure | 4 -- website at https://prosody.im/doc/configure |
5 -- | 5 -- |
6 -- Tip: You can check that the syntax of this file is correct | 6 -- Tip: You can check that the syntax of this file is correct |
7 -- when you have finished by running: prosodyctl check config | 7 -- when you have finished by running this command: |
8 -- prosodyctl check config | |
8 -- If there are any errors, it will let you know what and where | 9 -- If there are any errors, it will let you know what and where |
9 -- they are, otherwise it will keep quiet. | 10 -- they are, otherwise it will keep quiet. |
10 -- | 11 -- |
11 -- The only thing left to do is rename this file to remove the .dist ending, and fill in the | 12 -- The only thing left to do is rename this file to remove the .dist ending, and fill in the |
12 -- blanks. Good luck, and happy Jabbering! | 13 -- blanks. Good luck, and happy Jabbering! |
16 -- Settings in this section apply to the whole server and are the default settings | 17 -- Settings in this section apply to the whole server and are the default settings |
17 -- for any virtual hosts | 18 -- for any virtual hosts |
18 | 19 |
19 -- This is a (by default, empty) list of accounts that are admins | 20 -- This is a (by default, empty) list of accounts that are admins |
20 -- for the server. Note that you must create the accounts separately | 21 -- for the server. Note that you must create the accounts separately |
21 -- (see http://prosody.im/doc/creating_accounts for info) | 22 -- (see https://prosody.im/doc/creating_accounts for info) |
22 -- Example: admins = { "user1@example.com", "user2@example.net" } | 23 -- Example: admins = { "user1@example.com", "user2@example.net" } |
23 admins = { } | 24 admins = { } |
24 | 25 |
25 -- Enable use of libevent for better performance under high load | 26 -- Enable use of libevent for better performance under high load |
26 -- For more information see: http://prosody.im/doc/libevent | 27 -- For more information see: https://prosody.im/doc/libevent |
27 --use_libevent = true | 28 --use_libevent = true |
29 | |
30 -- Prosody will always look in its source directory for modules, but | |
31 -- this option allows you to specify additional locations where Prosody | |
32 -- will look for modules first. For community modules, see https://modules.prosody.im/ | |
33 --plugin_paths = {} | |
28 | 34 |
29 -- This is the list of modules Prosody will load on startup. | 35 -- This is the list of modules Prosody will load on startup. |
30 -- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too. | 36 -- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too. |
31 -- Documentation on modules can be found at: http://prosody.im/doc/modules | 37 -- Documentation for bundled modules can be found at: https://prosody.im/doc/modules |
32 modules_enabled = { | 38 modules_enabled = { |
33 | 39 |
34 -- Generally required | 40 -- Generally required |
35 "roster"; -- Allow users to have a roster. Recommended ;) | 41 "roster"; -- Allow users to have a roster. Recommended ;) |
36 "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. | 42 "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. |
37 "tls"; -- Add support for secure TLS on c2s/s2s connections | 43 "tls"; -- Add support for secure TLS on c2s/s2s connections |
38 "dialback"; -- s2s dialback support | 44 "dialback"; -- s2s dialback support |
39 "disco"; -- Service discovery | 45 "disco"; -- Service discovery |
40 | 46 |
41 -- Not essential, but recommended | 47 -- Not essential, but recommended |
48 "carbons"; -- Keep multiple clients in sync | |
49 "pep"; -- Enables users to publish their mood, activity, playing music and more | |
42 "private"; -- Private XML storage (for room bookmarks, etc.) | 50 "private"; -- Private XML storage (for room bookmarks, etc.) |
51 "blocklist"; -- Allow users to block communications with other users | |
43 "vcard"; -- Allow users to set vCards | 52 "vcard"; -- Allow users to set vCards |
44 | |
45 -- These are commented by default as they have a performance impact | |
46 --"blocklist"; -- Allow users to block communications with other users | |
47 --"compression"; -- Stream compression | |
48 | 53 |
49 -- Nice to have | 54 -- Nice to have |
50 "version"; -- Replies to server version requests | 55 "version"; -- Replies to server version requests |
51 "uptime"; -- Report how long server has been running | 56 "uptime"; -- Report how long server has been running |
52 "time"; -- Let others know the time here on this server | 57 "time"; -- Let others know the time here on this server |
53 "ping"; -- Replies to XMPP pings with pongs | 58 "ping"; -- Replies to XMPP pings with pongs |
54 "pep"; -- Enables users to publish their mood, activity, playing music and more | |
55 "register"; -- Allow users to register on this server using a client and change passwords | 59 "register"; -- Allow users to register on this server using a client and change passwords |
60 --"mam"; -- Store messages in an archive and allow users to access it | |
61 | |
62 -- Not merged yet, nice to have or recommended? | |
56 | 63 |
57 -- Admin interfaces | 64 -- Admin interfaces |
58 "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands | 65 "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands |
59 --"admin_telnet"; -- Opens telnet console interface on localhost port 5582 | 66 --"admin_telnet"; -- Opens telnet console interface on localhost port 5582 |
60 | 67 |
61 -- HTTP modules | 68 -- HTTP modules |
62 --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" | 69 --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" |
70 --"websockets"; -- XMPP over WebSockets | |
63 --"http_files"; -- Serve static files from a directory over HTTP | 71 --"http_files"; -- Serve static files from a directory over HTTP |
64 | 72 |
65 -- Other specific functionality | 73 -- Other specific functionality |
74 --"limits"; -- Enable bandwidth limiting for XMPP connections | |
66 --"groups"; -- Shared roster support | 75 --"groups"; -- Shared roster support |
76 --"server_contact_info"; -- Publish contact information for this service | |
67 --"announce"; -- Send announcement to all online users | 77 --"announce"; -- Send announcement to all online users |
68 --"welcome"; -- Welcome users who register accounts | 78 --"welcome"; -- Welcome users who register accounts |
69 --"watchregistrations"; -- Alert admins of registrations | 79 --"watchregistrations"; -- Alert admins of registrations |
70 --"motd"; -- Send a message to users when they log in | 80 --"motd"; -- Send a message to users when they log in |
71 --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. | 81 --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. |
82 --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use | |
72 } | 83 } |
73 | 84 |
74 -- These modules are auto-loaded, but should you want | 85 -- These modules are auto-loaded, but should you want |
75 -- to disable them then uncomment them here: | 86 -- to disable them then uncomment them here: |
76 modules_disabled = { | 87 modules_disabled = { |
79 -- "s2s"; -- Handle server-to-server connections | 90 -- "s2s"; -- Handle server-to-server connections |
80 -- "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. | 91 -- "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. |
81 } | 92 } |
82 | 93 |
83 -- Disable account creation by default, for security | 94 -- Disable account creation by default, for security |
84 -- For more information see http://prosody.im/doc/creating_accounts | 95 -- For more information see https://prosody.im/doc/creating_accounts |
85 allow_registration = false | 96 allow_registration = false |
86 | 97 |
87 -- These are the SSL/TLS-related settings. If you don't want | 98 -- If no certificate has been explicitly configured, Prosody will attempt to |
88 -- to use SSL/TLS, you may comment or remove this | 99 -- locate one based on the service name. |
89 ssl = { | 100 -- This option determines which directory to search. |
90 key = "certs/localhost.key"; | 101 -- certificates = "certs"; |
91 certificate = "certs/localhost.crt"; | 102 |
92 } | 103 -- OR -- |
104 | |
105 -- Specify the location of certificates | |
106 -- Prosody will attempt to locate a certificate and key for hosts and | |
107 -- services offered. | |
108 -- For more information see https://prosody.im/doc/certificates#magic | |
93 | 109 |
94 -- Force clients to use encrypted connections? This option will | 110 -- Force clients to use encrypted connections? This option will |
95 -- prevent clients from authenticating unless they are using encryption. | 111 -- prevent clients from authenticating unless they are using encryption. |
96 | 112 |
97 c2s_require_encryption = true | 113 c2s_require_encryption = true |
114 | |
115 -- Force servers to use encrypted connections? This option will | |
116 -- prevent servers from authenticating unless they are using encryption. | |
117 -- Note that this is different from authentication | |
118 | |
119 s2s_require_encryption = true | |
120 | |
98 | 121 |
99 -- Force certificate authentication for server-to-server connections? | 122 -- Force certificate authentication for server-to-server connections? |
100 -- This provides ideal security, but requires servers you communicate | 123 -- This provides ideal security, but requires servers you communicate |
101 -- with to support encryption AND present valid, trusted certificates. | 124 -- with to support encryption AND present valid, trusted certificates. |
102 -- NOTE: Your version of LuaSec must support certificate verification! | 125 -- NOTE: Your version of LuaSec must support certificate verification! |
103 -- For more information see http://prosody.im/doc/s2s#security | 126 -- For more information see https://prosody.im/doc/s2s#security |
104 | 127 |
105 s2s_secure_auth = false | 128 s2s_secure_auth = false |
106 | 129 |
107 -- Many servers don't support encryption or have invalid or self-signed | 130 -- Some servers have invalid or self-signed certificates. You can list |
108 -- certificates. You can list domains here that will not be required to | 131 -- remote domains here that will not be required to authenticate using |
109 -- authenticate using certificates. They will be authenticated using DNS. | 132 -- certificates. They will be authenticated using DNS instead, even |
110 | 133 -- when s2s_secure_auth is enabled. |
111 --s2s_insecure_domains = { "gmail.com" } | 134 |
135 --s2s_insecure_domains = { "insecure.example" } | |
112 | 136 |
113 -- Even if you leave s2s_secure_auth disabled, you can still require valid | 137 -- Even if you leave s2s_secure_auth disabled, you can still require valid |
114 -- certificates for some domains by specifying a list here. | 138 -- certificates for some domains by specifying a list here. |
115 | 139 |
116 --s2s_secure_domains = { "jabber.org" } | 140 --s2s_secure_domains = { "jabber.org" } |
117 | 141 |
118 -- Select the authentication backend to use. The 'internal' providers | 142 -- Select the authentication backend to use. The 'internal' providers |
119 -- use Prosody's configured data storage to store the authentication data. | 143 -- use Prosody's configured data storage to store the authentication data. |
120 -- To allow Prosody to offer secure authentication mechanisms to clients, the | 144 -- To allow Prosody to offer secure authentication mechanisms to clients, the |
121 -- default provider stores passwords in plaintext. If you do not trust your | 145 -- default provider stores passwords in plaintext. If you do not trust your |
122 -- server please see http://prosody.im/doc/modules/mod_auth_internal_hashed | 146 -- server please see https://prosody.im/doc/modules/mod_auth_internal_hashed |
123 -- for information about using the hashed backend. | 147 -- for information about using the hashed backend. |
124 | 148 |
125 authentication = "internal_plain" | 149 authentication = "internal_hashed" |
126 | 150 |
127 -- Select the storage backend to use. By default Prosody uses flat files | 151 -- Select the storage backend to use. By default Prosody uses flat files |
128 -- in its configured data directory, but it also supports more backends | 152 -- in its configured data directory, but it also supports more backends |
129 -- through modules. An "sql" backend is included by default, but requires | 153 -- through modules. An "sql" backend is included by default, but requires |
130 -- additional dependencies. See http://prosody.im/doc/storage for more info. | 154 -- additional dependencies. See https://prosody.im/doc/storage for more info. |
131 | 155 |
132 --storage = "sql" -- Default is "internal" | 156 --storage = "sql" -- Default is "internal" |
133 | 157 |
134 -- For the "sql" backend, you can uncomment *one* of the below to configure: | 158 -- For the "sql" backend, you can uncomment *one* of the below to configure: |
135 --sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename. | 159 --sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename. |
136 --sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } | 160 --sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } |
137 --sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } | 161 --sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } |
138 | 162 |
163 | |
164 -- Archiving configuration | |
165 -- If mod_mam is enabled, Prosody will store a copy of every message. This | |
166 -- is used to synchronize conversations between multiple clients, even if | |
167 -- they are offline. This setting controls how long Prosody will keep | |
168 -- messages in the archive before removing them. | |
169 | |
170 archive_expires_after = "1w" -- Remove archived messages after 1 week | |
171 | |
172 -- You can also configure messages to be stored in-memory only. For more | |
173 -- archiving options, see https://prosody.im/doc/modules/mod_mam | |
174 | |
139 -- Logging configuration | 175 -- Logging configuration |
140 -- For advanced logging see http://prosody.im/doc/logging | 176 -- For advanced logging see https://prosody.im/doc/logging |
141 log = { | 177 log = { |
142 info = "prosody.log"; -- Change 'info' to 'debug' for verbose logging | 178 info = "prosody.log"; -- Change 'info' to 'debug' for verbose logging |
143 error = "prosody.err"; | 179 error = "prosody.err"; |
144 -- "*syslog"; -- Uncomment this for logging to syslog | 180 -- "*syslog"; -- Uncomment this for logging to syslog |
145 -- "*console"; -- Log to the console, useful for debugging with daemonize=false | 181 -- "*console"; -- Log to the console, useful for debugging with daemonize=false |
146 } | 182 } |
147 | 183 |
184 -- Uncomment to enable statistics | |
185 -- For more info see https://prosody.im/doc/statistics | |
186 -- statistics = "internal" | |
187 | |
148 ----------- Virtual hosts ----------- | 188 ----------- Virtual hosts ----------- |
149 -- You need to add a VirtualHost entry for each domain you wish Prosody to serve. | 189 -- You need to add a VirtualHost entry for each domain you wish Prosody to serve. |
150 -- Settings under each VirtualHost entry apply *only* to that host. | 190 -- Settings under each VirtualHost entry apply *only* to that host. |
151 | 191 |
152 VirtualHost "localhost" | 192 VirtualHost "localhost" |
153 | 193 |
154 VirtualHost "example.com" | 194 VirtualHost "example.com" |
155 enabled = false -- Remove this line to enable this host | 195 enabled = false -- Remove this line to enable this host |
156 | 196 |
157 -- Assign this host a certificate for TLS, otherwise it would use the one | 197 -- Assign this host a certificate for TLS, otherwise it would attempt locate one, |
158 -- set in the global section (if any). | 198 -- based on the hostname. |
159 -- Note that old-style SSL on port 5223 only supports one certificate, and will always | 199 -- certificate = "certs/example.com.crt"; |
160 -- use the global one. | 200 -- `prosodyctl check certs` |
161 ssl = { | |
162 key = "certs/example.com.key"; | |
163 certificate = "certs/example.com.crt"; | |
164 } | |
165 | 201 |
166 ------ Components ------ | 202 ------ Components ------ |
167 -- You can specify components to add hosts that provide special services, | 203 -- You can specify components to add hosts that provide special services, |
168 -- like multi-user conferences, and transports. | 204 -- like multi-user conferences, and transports. |
169 -- For more information on components, see http://prosody.im/doc/components | 205 -- For more information on components, see https://prosody.im/doc/components |
170 | 206 |
171 ---Set up a MUC (multi-user chat) room server on conference.example.com: | 207 ---Set up a MUC (multi-user chat) room server on conference.example.com: |
172 --Component "conference.example.com" "muc" | 208 --Component "conference.example.com" "muc" |
173 | 209 |
174 -- Set up a SOCKS5 bytestream proxy for server-proxied file transfers: | |
175 --Component "proxy.example.com" "proxy65" | |
176 | |
177 ---Set up an external component (default component port is 5347) | 210 ---Set up an external component (default component port is 5347) |
178 -- | 211 -- |
179 -- External components allow adding various services, such as gateways/ | 212 -- External components allow adding various services, such as gateways/ |
180 -- transports to other networks like ICQ, MSN and Yahoo. For more info | 213 -- transports to other networks like ICQ, MSN and Yahoo. For more info |
181 -- see: http://prosody.im/doc/components#adding_an_external_component | 214 -- see: https://prosody.im/doc/components#adding_an_external_component |
182 -- | 215 -- |
183 --Component "gateway.example.com" | 216 --Component "gateway.example.com" |
184 -- component_secret = "password" | 217 -- component_secret = "password" |