ldvc/prosody-cfg

## prosody-cfg
-- Prosody XMPP Server Configuration

---------- Server-wide settings ----------
-- Settings in this section apply to the whole server and are the default settings
-- for any virtual hosts

admins = { "admin@example.com" }

-- This is the list of modules Prosody will load on startup.
-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
-- Documentation for bundled modules can be found at: https://prosody.im/doc/modules
modules_enabled = {

        -- Generally required
                "roster"; -- Allow users to have a roster. Recommended ;)
                "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
                "tls"; -- Add support for secure TLS on c2s/s2s connections
                "dialback"; -- s2s dialback support
                "disco"; -- Service discovery

        -- Not essential, but recommended
                "carbons"; -- Keep multiple clients in sync
                "pep"; -- Enables users to publish their mood, activity, playing music and more
                "private"; -- Private XML storage (for room bookmarks, etc.)
                "blocklist"; -- Allow users to block communications with other users
                "vcard"; -- Allow users to set vCards

        -- Nice to have
                "version"; -- Replies to server version requests
                "uptime"; -- Report how long server has been running
                "time"; -- Let others know the time here on this server
                "ping"; -- Replies to XMPP pings with pongs
                "register"; -- Allow users to register on this server using a client and change passwords
                "mam"; -- Store messages in an archive and allow users to access it

        -- Admin interfaces
                "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
                "admin_telnet"; -- Opens telnet console interface on localhost port 5582

        -- HTTP modules
                --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
                --"websocket"; -- XMPP over WebSockets
                --"http_files"; -- Serve static files from a directory over HTTP

        -- Other specific functionality
                --"limits"; -- Enable bandwidth limiting for XMPP connections
                --"groups"; -- Shared roster support
                --"server_contact_info"; -- Publish contact information for this service
                "announce"; -- Send announcement to all online users
                --"welcome"; -- Welcome users who register accounts
                --"watchregistrations"; -- Alert admins of registrations
                --"motd"; -- Send a message to users when they log in
                --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
                --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
        -- Custom
                "lastactivity";
                "csi"; -- Client state indication
                "cloud_notify"; -- Gestion du push pour ChatSecure
                "delay";
                "smacks"; -- stream managment
                "munin";
                "measure_cpu";
                "measure_storage";
                "measure_client_presence";
                "omemo_all_access";
}

-- These modules are auto-loaded, but should you want
-- to disable them then uncomment them here:
modules_disabled = {
        -- "offline"; -- Store offline messages
        -- "c2s"; -- Handle client connections
        -- "s2s"; -- Handle server-to-server connections
        -- "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
}

allow_registration = false

c2s_require_encryption = true
s2s_require_encryption = true
s2s_secure_auth = false

-- Required for init scripts and prosodyctl
pidfile = "/var/run/prosody/prosody.pid"

authentication = "internal_hashed"

--storage = "sql" -- Default is "internal"
sql = {
    driver = "PostgreSQL";
    database = "prosody";
    username = "prosody";
    password = "pa$$word";
}

archive_expires_after = "1m" -- Remove archived messages after 1 week
default_storage = "internal"
storage = {
    muc_log = "sql";
    archive = "sql";
    offline = "sql";
}

-- Logging configuration
-- For advanced logging see https://prosody.im/doc/logging
log = {
        debug = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
        error = "/var/log/prosody/prosody.err";
}

-- Uncomment to enable statistics
-- For more info see https://prosody.im/doc/statistics
statistics = "internal"
statistics_interval = 300 -- every 5 minutes, same as munin
munin_node_name = "xmpp.example.com"
munin_ports = { 4950 }

-- Location of directory to find certificates in (relative to main config file):
certificates = "certs"

ssl = {
    -- Advanced options
    ciphers = "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
    dhparam = "/etc/prosody/certs/dh-2048.pem";
}

-- direct TLS connections (without STARTTLS), needed for
-- legacy_ssl_ports = { 5223 }; -- XEP-0368, SRV records for XMPP over TLS

c2s_require_encryption = true
s2s_require_encryption = true
s2s_secure_auth = false
allow_unencrypted_plain_auth = false;

----------- Virtual hosts -----------
VirtualHost "example.com"
Component "conference.example.com" "muc"
    name = "The example.com chatrooms server"
    modules_enabled = {
        "mam_muc",
        "pastebin",
    }

--- HTTP file upload (on utilise en global)
Component "upload.example.com" "http_upload"

-- Configure http_upload
http_upload_file_size_limit = 20971520;

Component "pubsub.example.com" "pubsub"

-- Pastebin
pastebin_expire_after = 1440 -- 60d before expiration
pastebin_line_threshold = 10
	-- Prosody XMPP Server Configuration

	---------- Server-wide settings ----------
	-- Settings in this section apply to the whole server and are the default settings
	-- for any virtual hosts

	admins = { "admin@example.com" }

	-- This is the list of modules Prosody will load on startup.
	-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
	-- Documentation for bundled modules can be found at: https://prosody.im/doc/modules
	modules_enabled = {

	-- Generally required
	"roster"; -- Allow users to have a roster. Recommended ;)
	"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
	"tls"; -- Add support for secure TLS on c2s/s2s connections
	"dialback"; -- s2s dialback support
	"disco"; -- Service discovery

	-- Not essential, but recommended
	"carbons"; -- Keep multiple clients in sync
	"pep"; -- Enables users to publish their mood, activity, playing music and more
	"private"; -- Private XML storage (for room bookmarks, etc.)
	"blocklist"; -- Allow users to block communications with other users
	"vcard"; -- Allow users to set vCards

	-- Nice to have
	"version"; -- Replies to server version requests
	"uptime"; -- Report how long server has been running
	"time"; -- Let others know the time here on this server
	"ping"; -- Replies to XMPP pings with pongs
	"register"; -- Allow users to register on this server using a client and change passwords
	"mam"; -- Store messages in an archive and allow users to access it

	-- Admin interfaces
	"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
	"admin_telnet"; -- Opens telnet console interface on localhost port 5582

	-- HTTP modules
	--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
	--"websocket"; -- XMPP over WebSockets
	--"http_files"; -- Serve static files from a directory over HTTP

	-- Other specific functionality
	--"limits"; -- Enable bandwidth limiting for XMPP connections
	--"groups"; -- Shared roster support
	--"server_contact_info"; -- Publish contact information for this service
	"announce"; -- Send announcement to all online users
	--"welcome"; -- Welcome users who register accounts
	--"watchregistrations"; -- Alert admins of registrations
	--"motd"; -- Send a message to users when they log in
	--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
	--"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
	-- Custom
	"lastactivity";
	"csi"; -- Client state indication
	"cloud_notify"; -- Gestion du push pour ChatSecure
	"delay";
	"smacks"; -- stream managment
	"munin";
	"measure_cpu";
	"measure_storage";
	"measure_client_presence";
	"omemo_all_access";
	}

	-- These modules are auto-loaded, but should you want
	-- to disable them then uncomment them here:
	modules_disabled = {
	-- "offline"; -- Store offline messages
	-- "c2s"; -- Handle client connections
	-- "s2s"; -- Handle server-to-server connections
	-- "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
	}

	allow_registration = false

	c2s_require_encryption = true
	s2s_require_encryption = true
	s2s_secure_auth = false

	-- Required for init scripts and prosodyctl
	pidfile = "/var/run/prosody/prosody.pid"

	authentication = "internal_hashed"

	--storage = "sql" -- Default is "internal"
	sql = {
	driver = "PostgreSQL";
	database = "prosody";
	username = "prosody";
	password = "pa$$word";
	}

	archive_expires_after = "1m" -- Remove archived messages after 1 week
	default_storage = "internal"
	storage = {
	muc_log = "sql";
	archive = "sql";
	offline = "sql";
	}

	-- Logging configuration
	-- For advanced logging see https://prosody.im/doc/logging
	log = {
	debug = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
	error = "/var/log/prosody/prosody.err";
	}

	-- Uncomment to enable statistics
	-- For more info see https://prosody.im/doc/statistics
	statistics = "internal"
	statistics_interval = 300 -- every 5 minutes, same as munin
	munin_node_name = "xmpp.example.com"
	munin_ports = { 4950 }

	-- Location of directory to find certificates in (relative to main config file):
	certificates = "certs"

	ssl = {
	-- Advanced options
	ciphers = "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
	dhparam = "/etc/prosody/certs/dh-2048.pem";
	}

	-- direct TLS connections (without STARTTLS), needed for
	-- legacy_ssl_ports = { 5223 }; -- XEP-0368, SRV records for XMPP over TLS

	c2s_require_encryption = true
	s2s_require_encryption = true
	s2s_secure_auth = false
	allow_unencrypted_plain_auth = false;

	----------- Virtual hosts -----------
	VirtualHost "example.com"
	Component "conference.example.com" "muc"
	name = "The example.com chatrooms server"
	modules_enabled = {
	"mam_muc",
	"pastebin",
	}

	--- HTTP file upload (on utilise en global)
	Component "upload.example.com" "http_upload"

	-- Configure http_upload
	http_upload_file_size_limit = 20971520;

	Component "pubsub.example.com" "pubsub"

	-- Pastebin
	pastebin_expire_after = 1440 -- 60d before expiration
	pastebin_line_threshold = 10