Created
September 27, 2016 20:01
-
-
Save anonymous/8e3746baf2c792fecafd0abd605a56c4 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Macros | |
EXT="vtnet0" | |
INT="lo1" | |
XMPP_PORTS="{ 5222, 5269 }" | |
set skip on lo0 | |
# redirect for xmpp server | |
rdr on $EXT proto { tcp, udp } from any to any port $XMPP_PORTS -> 10.0.0.11 | |
# nat for jails | |
nat on $EXT from $INT:network to any -> ($EXT) | |
# Block everything by default | |
block log all | |
# allow ICPM | |
pass inet proto icmp from any to any | |
# In lo1 interface | |
pass in quick on { $EXT, $INT } inet proto tcp from any to 10.0.0.11 port $XMPP_PORTS # xmpp | |
#xmpp debug port | |
pass in quick on $INT inet proto tcp from 10.0.0.11 to 10.0.0.11 port { 5582 } | |
# Out | |
pass out quick on { $EXT, $INT } inet all |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
root@xmpp:~ # cat /usr/local/etc/prosody/prosody.cfg.lua | |
-- Prosody Example Configuration File | |
-- | |
-- Information on configuring Prosody can be found on our | |
-- website at http://prosody.im/doc/configure | |
-- | |
-- Tip: You can check that the syntax of this file is correct | |
-- when you have finished by running: luac -p prosody.cfg.lua | |
-- If there are any errors, it will let you know what and where | |
-- they are, otherwise it will keep quiet. | |
-- | |
-- The only thing left to do is rename this file to remove the .dist ending, and fill in the | |
-- blanks. Good luck, and happy Jabbering! | |
---------- Server-wide settings ---------- | |
-- Settings in this section apply to the whole server and are the default settings | |
-- for any virtual hosts | |
interfaces = { "10.0.0.11" } | |
pidfile = "/usr/local/var/lib/prosody/prosody.pid" | |
-- This is a (by default, empty) list of accounts that are admins | |
-- for the server. Note that you must create the accounts separately | |
-- (see http://prosody.im/doc/creating_accounts for info) | |
-- Example: admins = { "user1@example.com", "user2@example.net" } | |
admins = { l33tname@domain.tdl } | |
-- Enable use of libevent for better performance under high load | |
-- For more information see: http://prosody.im/doc/libevent | |
--use_libevent = true; | |
-- This is the list of modules Prosody will load on startup. | |
-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too. | |
-- Documentation on modules can be found at: http://prosody.im/doc/modules | |
modules_enabled = { | |
-- Generally required | |
"roster"; -- Allow users to have a roster. Recommended ;) | |
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. | |
"tls"; -- Add support for secure TLS on c2s/s2s connections | |
"dialback"; -- s2s dialback support | |
"disco"; -- Service discovery | |
-- Not essential, but recommended | |
"private"; -- Private XML storage (for room bookmarks, etc.) | |
"vcard"; -- Allow users to set vCards | |
-- These are commented by default as they have a performance impact | |
--"privacy"; -- Support privacy lists | |
--"compression"; -- Stream compression | |
-- Nice to have | |
"version"; -- Replies to server version requests | |
"uptime"; -- Report how long server has been running | |
"time"; -- Let others know the time here on this server | |
"ping"; -- Replies to XMPP pings with pongs | |
"pep"; -- Enables users to publish their mood, activity, playing music and more | |
"register"; -- Allow users to register on this server using a client and change passwords | |
-- Admin interfaces | |
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands | |
"admin_telnet"; -- Opens telnet console interface on localhost port 5582 | |
-- HTTP modules | |
--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" | |
--"http_files"; -- Serve static files from a directory over HTTP | |
-- Other specific functionality | |
"posix"; -- POSIX functionality, sends server to background, enables syslog, etc. | |
--"groups"; -- Shared roster support | |
--"announce"; -- Send announcement to all online users | |
--"welcome"; -- Welcome users who register accounts | |
--"watchregistrations"; -- Alert admins of registrations | |
--"motd"; -- Send a message to users when they log in | |
--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. | |
}; | |
-- These modules are auto-loaded, but should you want | |
-- to disable them then uncomment them here: | |
modules_disabled = { | |
-- "offline"; -- Store offline messages | |
-- "c2s"; -- Handle client connections | |
-- "s2s"; -- Handle server-to-server connections | |
}; | |
-- Disable account creation by default, for security | |
-- For more information see http://prosody.im/doc/creating_accounts | |
allow_registration = false; | |
-- These are the SSL/TLS-related settings. If you don't want | |
-- to use SSL/TLS, you may comment or remove this | |
ssl = { | |
key = "/usr/local/etc/prosody/certs/privkey.pem"; | |
certificate = "/usr/local/etc/prosody/certs/cert.pem"; | |
} | |
-- Force clients to use encrypted connections? This option will | |
-- prevent clients from authenticating unless they are using encryption. | |
c2s_require_encryption = true | |
-- Force certificate authentication for server-to-server connections? | |
-- This provides ideal security, but requires servers you communicate | |
-- with to support encryption AND present valid, trusted certificates. | |
-- NOTE: Your version of LuaSec must support certificate verification! | |
-- For more information see http://prosody.im/doc/s2s#security | |
s2s_secure_auth = false | |
-- Many servers don't support encryption or have invalid or self-signed | |
-- certificates. You can list domains here that will not be required to | |
-- authenticate using certificates. They will be authenticated using DNS. | |
--s2s_insecure_domains = { "gmail.com" } | |
-- Even if you leave s2s_secure_auth disabled, you can still require valid | |
-- certificates for some domains by specifying a list here. | |
--s2s_secure_domains = { "jabber.org" } | |
-- Select the authentication backend to use. The 'internal' providers | |
-- use Prosody's configured data storage to store the authentication data. | |
-- To allow Prosody to offer secure authentication mechanisms to clients, the | |
-- default provider stores passwords in plaintext. If you do not trust your | |
-- server please see http://prosody.im/doc/modules/mod_auth_internal_hashed | |
-- for information about using the hashed backend. | |
authentication = "internal_plain" | |
-- Select the storage backend to use. By default Prosody uses flat files | |
-- in its configured data directory, but it also supports more backends | |
-- through modules. An "sql" backend is included by default, but requires | |
-- additional dependencies. See http://prosody.im/doc/storage for more info. | |
--storage = "sql" -- Default is "internal" | |
-- For the "sql" backend, you can uncomment *one* of the below to configure: | |
--sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename. | |
--sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } | |
--sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } | |
-- Logging configuration | |
-- For advanced logging see http://prosody.im/doc/logging | |
log = { | |
info = "prosody.log"; -- Change 'info' to 'debug' for verbose logging | |
error = "prosody.err"; | |
-- "*syslog"; -- Uncomment this for logging to syslog | |
-- "*console"; -- Log to the console, useful for debugging with daemonize=false | |
} | |
----------- Virtual hosts ----------- | |
-- You need to add a VirtualHost entry for each domain you wish Prosody to serve. | |
-- Settings under each VirtualHost entry apply *only* to that host. | |
--VirtualHost "localhost" | |
VirtualHost "domain.tdl" | |
-- Assign this host a certificate for TLS, otherwise it would use the one | |
-- set in the global section (if any). | |
-- Note that old-style SSL on port 5223 only supports one certificate, and will always | |
-- use the global one. | |
--ssl = { | |
-- key = "/usr/local/etc/prosody/certs/example.com.key"; | |
-- certificate = "/usr/local/etc/prosody/certs/example.com.crt"; | |
--} | |
------ Components ------ | |
-- You can specify components to add hosts that provide special services, | |
-- like multi-user conferences, and transports. | |
-- For more information on components, see http://prosody.im/doc/components | |
---Set up a MUC (multi-user chat) room server on conference.example.com: | |
--Component "conference.example.com" "muc" | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sep 27 20:39:21 s2sin804074c40 info incoming s2s stream otherdomain.tdl->domain.tdl closed: connection-timeout | |
Sep 27 20:39:21 adns error Error sending DNS query: Protocol not supported | |
Sep 27 20:39:21 adns error Error sending DNS query: Protocol not supported | |
Sep 27 20:39:21 s2sout8040a2e00 info Out of connection options, can't connect to orlives.de | |
Sep 27 20:39:21 s2sout8040a2e00 info Sending error replies for 1 queued stanzas because of failed outgoing connection to otherdomain.tdl | |
Sep 27 20:39:21 mod_s2s warn Connection to orlives.de failed already, destroying session... | |
Sep 27 20:40:51 s2sin80408d440 info Session closed by remote with error: connection-timeout | |
Sep 27 20:40:51 s2sin80408d440 info incoming s2s stream otherdomain.tdl->domain.tdl closed: connection-timeout |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment