Add ejabberd integration tests, currently fails with prosody without dialback
This commit is contained in:
parent
7a8e72e9f4
commit
91837a2ad5
3
.gitignore
vendored
3
.gitignore
vendored
@ -1,4 +1,5 @@
|
|||||||
/target/
|
/target/
|
||||||
|
/target
|
||||||
**/*.rs.bk
|
**/*.rs.bk
|
||||||
.idea
|
.idea
|
||||||
**/*.kate-swp
|
**/*.kate-swp
|
||||||
@ -6,4 +7,4 @@
|
|||||||
**/core.*
|
**/core.*
|
||||||
fuzz/target/
|
fuzz/target/
|
||||||
todo.txt
|
todo.txt
|
||||||
conflict/
|
conflict/
|
||||||
|
21
integration/26-s2s-prosody-prosody/example.org.zone
Normal file
21
integration/26-s2s-prosody-prosody/example.org.zone
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
$TTL 300
|
||||||
|
; example.org
|
||||||
|
@ IN SOA ns1.example.org. postmaster.example.org. (
|
||||||
|
2018111111 ; Serial
|
||||||
|
28800 ; Refresh
|
||||||
|
1800 ; Retry
|
||||||
|
604800 ; Expire - 1 week
|
||||||
|
86400 ) ; Negative Cache TTL
|
||||||
|
IN NS ns1
|
||||||
|
ns1 IN A 192.5.0.10
|
||||||
|
server1 IN A 192.5.0.20
|
||||||
|
server2 IN A 192.5.0.30
|
||||||
|
xp1 IN A 192.5.0.40
|
||||||
|
xp2 IN A 192.5.0.50
|
||||||
|
xp3 IN A 192.5.0.60
|
||||||
|
|
||||||
|
one IN CNAME server1
|
||||||
|
two IN CNAME server2
|
||||||
|
|
||||||
|
scansion.one IN CNAME xp3
|
||||||
|
scansion.two IN CNAME xp3
|
223
integration/26-s2s-prosody-prosody/prosody1.cfg.lua
Normal file
223
integration/26-s2s-prosody-prosody/prosody1.cfg.lua
Normal file
@ -0,0 +1,223 @@
|
|||||||
|
--Important for systemd
|
||||||
|
-- daemonize is important for systemd. if you set this to false the systemd startup will freeze.
|
||||||
|
daemonize = false
|
||||||
|
run_as_root = true
|
||||||
|
|
||||||
|
pidfile = "/run/prosody/prosody.pid"
|
||||||
|
|
||||||
|
-- Prosody Example Configuration File
|
||||||
|
--
|
||||||
|
-- Information on configuring Prosody can be found on our
|
||||||
|
-- website at https://prosody.im/doc/configure
|
||||||
|
--
|
||||||
|
-- Tip: You can check that the syntax of this file is correct
|
||||||
|
-- when you have finished by running this command:
|
||||||
|
-- prosodyctl check config
|
||||||
|
-- If there are any errors, it will let you know what and where
|
||||||
|
-- they are, otherwise it will keep quiet.
|
||||||
|
--
|
||||||
|
-- The only thing left to do is rename this file to remove the .dist ending, and fill in the
|
||||||
|
-- blanks. Good luck, and happy Jabbering!
|
||||||
|
|
||||||
|
|
||||||
|
---------- Server-wide settings ----------
|
||||||
|
-- Settings in this section apply to the whole server and are the default settings
|
||||||
|
-- for any virtual hosts
|
||||||
|
|
||||||
|
-- This is a (by default, empty) list of accounts that are admins
|
||||||
|
-- for the server. Note that you must create the accounts separately
|
||||||
|
-- (see https://prosody.im/doc/creating_accounts for info)
|
||||||
|
-- Example: admins = { "user1@example.com", "user2@example.net" }
|
||||||
|
admins = { }
|
||||||
|
|
||||||
|
-- Enable use of libevent for better performance under high load
|
||||||
|
-- For more information see: https://prosody.im/doc/libevent
|
||||||
|
--use_libevent = true
|
||||||
|
|
||||||
|
-- Prosody will always look in its source directory for modules, but
|
||||||
|
-- this option allows you to specify additional locations where Prosody
|
||||||
|
-- will look for modules first. For community modules, see https://modules.prosody.im/
|
||||||
|
--plugin_paths = {}
|
||||||
|
|
||||||
|
-- This is the list of modules Prosody will load on startup.
|
||||||
|
-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
|
||||||
|
-- Documentation for bundled modules can be found at: https://prosody.im/doc/modules
|
||||||
|
modules_enabled = {
|
||||||
|
|
||||||
|
-- Generally required
|
||||||
|
"roster"; -- Allow users to have a roster. Recommended ;)
|
||||||
|
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
|
||||||
|
"tls"; -- Add support for secure TLS on c2s/s2s connections
|
||||||
|
--"dialback"; -- s2s dialback support
|
||||||
|
"disco"; -- Service discovery
|
||||||
|
|
||||||
|
-- Not essential, but recommended
|
||||||
|
"carbons"; -- Keep multiple clients in sync
|
||||||
|
"pep"; -- Enables users to publish their avatar, mood, activity, playing music and more
|
||||||
|
"private"; -- Private XML storage (for room bookmarks, etc.)
|
||||||
|
"blocklist"; -- Allow users to block communications with other users
|
||||||
|
"vcard4"; -- User profiles (stored in PEP)
|
||||||
|
"vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard
|
||||||
|
"limits"; -- Enable bandwidth limiting for XMPP connections
|
||||||
|
|
||||||
|
-- Nice to have
|
||||||
|
"version"; -- Replies to server version requests
|
||||||
|
"uptime"; -- Report how long server has been running
|
||||||
|
"time"; -- Let others know the time here on this server
|
||||||
|
"ping"; -- Replies to XMPP pings with pongs
|
||||||
|
"register"; -- Allow users to register on this server using a client and change passwords
|
||||||
|
--"mam"; -- Store messages in an archive and allow users to access it
|
||||||
|
--"csi_simple"; -- Simple Mobile optimizations
|
||||||
|
|
||||||
|
-- Admin interfaces
|
||||||
|
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
|
||||||
|
--"admin_telnet"; -- Opens telnet console interface on localhost port 5582
|
||||||
|
|
||||||
|
-- HTTP modules
|
||||||
|
--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
|
||||||
|
--"websocket"; -- XMPP over WebSockets
|
||||||
|
--"http_files"; -- Serve static files from a directory over HTTP
|
||||||
|
|
||||||
|
-- Other specific functionality
|
||||||
|
--"groups"; -- Shared roster support
|
||||||
|
--"server_contact_info"; -- Publish contact information for this service
|
||||||
|
--"announce"; -- Send announcement to all online users
|
||||||
|
--"welcome"; -- Welcome users who register accounts
|
||||||
|
--"watchregistrations"; -- Alert admins of registrations
|
||||||
|
--"motd"; -- Send a message to users when they log in
|
||||||
|
--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
|
||||||
|
--"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
|
||||||
|
}
|
||||||
|
|
||||||
|
-- These modules are auto-loaded, but should you want
|
||||||
|
-- to disable them then uncomment them here:
|
||||||
|
modules_disabled = {
|
||||||
|
-- "offline"; -- Store offline messages
|
||||||
|
-- "c2s"; -- Handle client connections
|
||||||
|
-- "s2s"; -- Handle server-to-server connections
|
||||||
|
-- "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
|
||||||
|
}
|
||||||
|
|
||||||
|
-- Disable account creation by default, for security
|
||||||
|
-- For more information see https://prosody.im/doc/creating_accounts
|
||||||
|
allow_registration = false
|
||||||
|
|
||||||
|
-- Force clients to use encrypted connections? This option will
|
||||||
|
-- prevent clients from authenticating unless they are using encryption.
|
||||||
|
|
||||||
|
c2s_require_encryption = true
|
||||||
|
|
||||||
|
-- Force servers to use encrypted connections? This option will
|
||||||
|
-- prevent servers from authenticating unless they are using encryption.
|
||||||
|
|
||||||
|
s2s_require_encryption = true
|
||||||
|
|
||||||
|
-- Force certificate authentication for server-to-server connections?
|
||||||
|
|
||||||
|
s2s_secure_auth = false
|
||||||
|
|
||||||
|
-- Some servers have invalid or self-signed certificates. You can list
|
||||||
|
-- remote domains here that will not be required to authenticate using
|
||||||
|
-- certificates. They will be authenticated using DNS instead, even
|
||||||
|
-- when s2s_secure_auth is enabled.
|
||||||
|
|
||||||
|
--s2s_insecure_domains = { "insecure.example" }
|
||||||
|
|
||||||
|
-- Even if you disable s2s_secure_auth, you can still require valid
|
||||||
|
-- certificates for some domains by specifying a list here.
|
||||||
|
|
||||||
|
--s2s_secure_domains = { "jabber.org" }
|
||||||
|
|
||||||
|
-- Enable rate limits for incoming client and server connections
|
||||||
|
|
||||||
|
limits = {
|
||||||
|
c2s = {
|
||||||
|
rate = "10kb/s";
|
||||||
|
};
|
||||||
|
s2sin = {
|
||||||
|
rate = "30kb/s";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
-- Select the authentication backend to use. The 'internal' providers
|
||||||
|
-- use Prosody's configured data storage to store the authentication data.
|
||||||
|
|
||||||
|
authentication = "internal_hashed"
|
||||||
|
|
||||||
|
-- Select the storage backend to use. By default Prosody uses flat files
|
||||||
|
-- in its configured data directory, but it also supports more backends
|
||||||
|
-- through modules. An "sql" backend is included by default, but requires
|
||||||
|
-- additional dependencies. See https://prosody.im/doc/storage for more info.
|
||||||
|
|
||||||
|
--storage = "sql" -- Default is "internal"
|
||||||
|
|
||||||
|
-- For the "sql" backend, you can uncomment *one* of the below to configure:
|
||||||
|
--sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename.
|
||||||
|
--sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
|
||||||
|
--sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
|
||||||
|
|
||||||
|
|
||||||
|
-- Archiving configuration
|
||||||
|
-- If mod_mam is enabled, Prosody will store a copy of every message. This
|
||||||
|
-- is used to synchronize conversations between multiple clients, even if
|
||||||
|
-- they are offline. This setting controls how long Prosody will keep
|
||||||
|
-- messages in the archive before removing them.
|
||||||
|
|
||||||
|
archive_expires_after = "1w" -- Remove archived messages after 1 week
|
||||||
|
|
||||||
|
-- You can also configure messages to be stored in-memory only. For more
|
||||||
|
-- archiving options, see https://prosody.im/doc/modules/mod_mam
|
||||||
|
|
||||||
|
-- Logging configuration
|
||||||
|
-- For advanced logging see https://prosody.im/doc/logging
|
||||||
|
log = {
|
||||||
|
-- info = "prosody.log"; -- Change 'info' to 'debug' for verbose logging
|
||||||
|
-- error = "prosody.err";
|
||||||
|
--info = "*syslog"; -- Uncomment this for logging to syslog
|
||||||
|
debug = "*console"; -- Log to the console, useful for debugging with daemonize=false
|
||||||
|
}
|
||||||
|
|
||||||
|
-- Uncomment to enable statistics
|
||||||
|
-- For more info see https://prosody.im/doc/statistics
|
||||||
|
-- statistics = "internal"
|
||||||
|
|
||||||
|
-- Certificates
|
||||||
|
-- Every virtual host and component needs a certificate so that clients and
|
||||||
|
-- servers can securely verify its identity. Prosody will automatically load
|
||||||
|
-- certificates/keys from the directory specified here.
|
||||||
|
-- For more information, including how to use 'prosodyctl' to auto-import certificates
|
||||||
|
-- (from e.g. Let's Encrypt) see https://prosody.im/doc/certificates
|
||||||
|
|
||||||
|
-- Location of directory to find certificates in (relative to main config file):
|
||||||
|
certificates = "certs"
|
||||||
|
|
||||||
|
-- HTTPS currently only supports a single certificate, specify it here:
|
||||||
|
--https_certificate = "/etc/prosody/certs/localhost.crt"
|
||||||
|
|
||||||
|
----------- Virtual hosts -----------
|
||||||
|
-- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
|
||||||
|
-- Settings under each VirtualHost entry apply *only* to that host.
|
||||||
|
|
||||||
|
VirtualHost "one.example.org"
|
||||||
|
|
||||||
|
--VirtualHost "example.com"
|
||||||
|
-- certificate = "/path/to/example.crt"
|
||||||
|
|
||||||
|
------ Components ------
|
||||||
|
-- You can specify components to add hosts that provide special services,
|
||||||
|
-- like multi-user conferences, and transports.
|
||||||
|
-- For more information on components, see https://prosody.im/doc/components
|
||||||
|
|
||||||
|
---Set up a MUC (multi-user chat) room server on conference.example.com:
|
||||||
|
--Component "conference.example.com" "muc"
|
||||||
|
--- Store MUC messages in an archive and allow users to access it
|
||||||
|
--modules_enabled = { "muc_mam" }
|
||||||
|
|
||||||
|
---Set up an external component (default component port is 5347)
|
||||||
|
--
|
||||||
|
-- External components allow adding various services, such as gateways/
|
||||||
|
-- transports to other networks like ICQ, MSN and Yahoo. For more info
|
||||||
|
-- see: https://prosody.im/doc/components#adding_an_external_component
|
||||||
|
--
|
||||||
|
--Component "gateway.example.com"
|
||||||
|
-- component_secret = "password"
|
223
integration/26-s2s-prosody-prosody/prosody2.cfg.lua
Normal file
223
integration/26-s2s-prosody-prosody/prosody2.cfg.lua
Normal file
@ -0,0 +1,223 @@
|
|||||||
|
--Important for systemd
|
||||||
|
-- daemonize is important for systemd. if you set this to false the systemd startup will freeze.
|
||||||
|
daemonize = false
|
||||||
|
run_as_root = true
|
||||||
|
|
||||||
|
pidfile = "/run/prosody/prosody.pid"
|
||||||
|
|
||||||
|
-- Prosody Example Configuration File
|
||||||
|
--
|
||||||
|
-- Information on configuring Prosody can be found on our
|
||||||
|
-- website at https://prosody.im/doc/configure
|
||||||
|
--
|
||||||
|
-- Tip: You can check that the syntax of this file is correct
|
||||||
|
-- when you have finished by running this command:
|
||||||
|
-- prosodyctl check config
|
||||||
|
-- If there are any errors, it will let you know what and where
|
||||||
|
-- they are, otherwise it will keep quiet.
|
||||||
|
--
|
||||||
|
-- The only thing left to do is rename this file to remove the .dist ending, and fill in the
|
||||||
|
-- blanks. Good luck, and happy Jabbering!
|
||||||
|
|
||||||
|
|
||||||
|
---------- Server-wide settings ----------
|
||||||
|
-- Settings in this section apply to the whole server and are the default settings
|
||||||
|
-- for any virtual hosts
|
||||||
|
|
||||||
|
-- This is a (by default, empty) list of accounts that are admins
|
||||||
|
-- for the server. Note that you must create the accounts separately
|
||||||
|
-- (see https://prosody.im/doc/creating_accounts for info)
|
||||||
|
-- Example: admins = { "user1@example.com", "user2@example.net" }
|
||||||
|
admins = { }
|
||||||
|
|
||||||
|
-- Enable use of libevent for better performance under high load
|
||||||
|
-- For more information see: https://prosody.im/doc/libevent
|
||||||
|
--use_libevent = true
|
||||||
|
|
||||||
|
-- Prosody will always look in its source directory for modules, but
|
||||||
|
-- this option allows you to specify additional locations where Prosody
|
||||||
|
-- will look for modules first. For community modules, see https://modules.prosody.im/
|
||||||
|
--plugin_paths = {}
|
||||||
|
|
||||||
|
-- This is the list of modules Prosody will load on startup.
|
||||||
|
-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
|
||||||
|
-- Documentation for bundled modules can be found at: https://prosody.im/doc/modules
|
||||||
|
modules_enabled = {
|
||||||
|
|
||||||
|
-- Generally required
|
||||||
|
"roster"; -- Allow users to have a roster. Recommended ;)
|
||||||
|
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
|
||||||
|
"tls"; -- Add support for secure TLS on c2s/s2s connections
|
||||||
|
--"dialback"; -- s2s dialback support
|
||||||
|
"disco"; -- Service discovery
|
||||||
|
|
||||||
|
-- Not essential, but recommended
|
||||||
|
"carbons"; -- Keep multiple clients in sync
|
||||||
|
"pep"; -- Enables users to publish their avatar, mood, activity, playing music and more
|
||||||
|
"private"; -- Private XML storage (for room bookmarks, etc.)
|
||||||
|
"blocklist"; -- Allow users to block communications with other users
|
||||||
|
"vcard4"; -- User profiles (stored in PEP)
|
||||||
|
"vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard
|
||||||
|
"limits"; -- Enable bandwidth limiting for XMPP connections
|
||||||
|
|
||||||
|
-- Nice to have
|
||||||
|
"version"; -- Replies to server version requests
|
||||||
|
"uptime"; -- Report how long server has been running
|
||||||
|
"time"; -- Let others know the time here on this server
|
||||||
|
"ping"; -- Replies to XMPP pings with pongs
|
||||||
|
"register"; -- Allow users to register on this server using a client and change passwords
|
||||||
|
--"mam"; -- Store messages in an archive and allow users to access it
|
||||||
|
--"csi_simple"; -- Simple Mobile optimizations
|
||||||
|
|
||||||
|
-- Admin interfaces
|
||||||
|
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
|
||||||
|
--"admin_telnet"; -- Opens telnet console interface on localhost port 5582
|
||||||
|
|
||||||
|
-- HTTP modules
|
||||||
|
--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
|
||||||
|
--"websocket"; -- XMPP over WebSockets
|
||||||
|
--"http_files"; -- Serve static files from a directory over HTTP
|
||||||
|
|
||||||
|
-- Other specific functionality
|
||||||
|
--"groups"; -- Shared roster support
|
||||||
|
--"server_contact_info"; -- Publish contact information for this service
|
||||||
|
--"announce"; -- Send announcement to all online users
|
||||||
|
--"welcome"; -- Welcome users who register accounts
|
||||||
|
--"watchregistrations"; -- Alert admins of registrations
|
||||||
|
--"motd"; -- Send a message to users when they log in
|
||||||
|
--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
|
||||||
|
--"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
|
||||||
|
}
|
||||||
|
|
||||||
|
-- These modules are auto-loaded, but should you want
|
||||||
|
-- to disable them then uncomment them here:
|
||||||
|
modules_disabled = {
|
||||||
|
-- "offline"; -- Store offline messages
|
||||||
|
-- "c2s"; -- Handle client connections
|
||||||
|
-- "s2s"; -- Handle server-to-server connections
|
||||||
|
-- "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
|
||||||
|
}
|
||||||
|
|
||||||
|
-- Disable account creation by default, for security
|
||||||
|
-- For more information see https://prosody.im/doc/creating_accounts
|
||||||
|
allow_registration = false
|
||||||
|
|
||||||
|
-- Force clients to use encrypted connections? This option will
|
||||||
|
-- prevent clients from authenticating unless they are using encryption.
|
||||||
|
|
||||||
|
c2s_require_encryption = true
|
||||||
|
|
||||||
|
-- Force servers to use encrypted connections? This option will
|
||||||
|
-- prevent servers from authenticating unless they are using encryption.
|
||||||
|
|
||||||
|
s2s_require_encryption = true
|
||||||
|
|
||||||
|
-- Force certificate authentication for server-to-server connections?
|
||||||
|
|
||||||
|
s2s_secure_auth = false
|
||||||
|
|
||||||
|
-- Some servers have invalid or self-signed certificates. You can list
|
||||||
|
-- remote domains here that will not be required to authenticate using
|
||||||
|
-- certificates. They will be authenticated using DNS instead, even
|
||||||
|
-- when s2s_secure_auth is enabled.
|
||||||
|
|
||||||
|
--s2s_insecure_domains = { "insecure.example" }
|
||||||
|
|
||||||
|
-- Even if you disable s2s_secure_auth, you can still require valid
|
||||||
|
-- certificates for some domains by specifying a list here.
|
||||||
|
|
||||||
|
--s2s_secure_domains = { "jabber.org" }
|
||||||
|
|
||||||
|
-- Enable rate limits for incoming client and server connections
|
||||||
|
|
||||||
|
limits = {
|
||||||
|
c2s = {
|
||||||
|
rate = "10kb/s";
|
||||||
|
};
|
||||||
|
s2sin = {
|
||||||
|
rate = "30kb/s";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
-- Select the authentication backend to use. The 'internal' providers
|
||||||
|
-- use Prosody's configured data storage to store the authentication data.
|
||||||
|
|
||||||
|
authentication = "internal_hashed"
|
||||||
|
|
||||||
|
-- Select the storage backend to use. By default Prosody uses flat files
|
||||||
|
-- in its configured data directory, but it also supports more backends
|
||||||
|
-- through modules. An "sql" backend is included by default, but requires
|
||||||
|
-- additional dependencies. See https://prosody.im/doc/storage for more info.
|
||||||
|
|
||||||
|
--storage = "sql" -- Default is "internal"
|
||||||
|
|
||||||
|
-- For the "sql" backend, you can uncomment *one* of the below to configure:
|
||||||
|
--sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename.
|
||||||
|
--sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
|
||||||
|
--sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
|
||||||
|
|
||||||
|
|
||||||
|
-- Archiving configuration
|
||||||
|
-- If mod_mam is enabled, Prosody will store a copy of every message. This
|
||||||
|
-- is used to synchronize conversations between multiple clients, even if
|
||||||
|
-- they are offline. This setting controls how long Prosody will keep
|
||||||
|
-- messages in the archive before removing them.
|
||||||
|
|
||||||
|
archive_expires_after = "1w" -- Remove archived messages after 1 week
|
||||||
|
|
||||||
|
-- You can also configure messages to be stored in-memory only. For more
|
||||||
|
-- archiving options, see https://prosody.im/doc/modules/mod_mam
|
||||||
|
|
||||||
|
-- Logging configuration
|
||||||
|
-- For advanced logging see https://prosody.im/doc/logging
|
||||||
|
log = {
|
||||||
|
-- info = "prosody.log"; -- Change 'info' to 'debug' for verbose logging
|
||||||
|
-- error = "prosody.err";
|
||||||
|
--info = "*syslog"; -- Uncomment this for logging to syslog
|
||||||
|
debug = "*console"; -- Log to the console, useful for debugging with daemonize=false
|
||||||
|
}
|
||||||
|
|
||||||
|
-- Uncomment to enable statistics
|
||||||
|
-- For more info see https://prosody.im/doc/statistics
|
||||||
|
-- statistics = "internal"
|
||||||
|
|
||||||
|
-- Certificates
|
||||||
|
-- Every virtual host and component needs a certificate so that clients and
|
||||||
|
-- servers can securely verify its identity. Prosody will automatically load
|
||||||
|
-- certificates/keys from the directory specified here.
|
||||||
|
-- For more information, including how to use 'prosodyctl' to auto-import certificates
|
||||||
|
-- (from e.g. Let's Encrypt) see https://prosody.im/doc/certificates
|
||||||
|
|
||||||
|
-- Location of directory to find certificates in (relative to main config file):
|
||||||
|
certificates = "certs"
|
||||||
|
|
||||||
|
-- HTTPS currently only supports a single certificate, specify it here:
|
||||||
|
--https_certificate = "/etc/prosody/certs/localhost.crt"
|
||||||
|
|
||||||
|
----------- Virtual hosts -----------
|
||||||
|
-- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
|
||||||
|
-- Settings under each VirtualHost entry apply *only* to that host.
|
||||||
|
|
||||||
|
VirtualHost "two.example.org"
|
||||||
|
|
||||||
|
--VirtualHost "example.com"
|
||||||
|
-- certificate = "/path/to/example.crt"
|
||||||
|
|
||||||
|
------ Components ------
|
||||||
|
-- You can specify components to add hosts that provide special services,
|
||||||
|
-- like multi-user conferences, and transports.
|
||||||
|
-- For more information on components, see https://prosody.im/doc/components
|
||||||
|
|
||||||
|
---Set up a MUC (multi-user chat) room server on conference.example.com:
|
||||||
|
--Component "conference.example.com" "muc"
|
||||||
|
--- Store MUC messages in an archive and allow users to access it
|
||||||
|
--modules_enabled = { "muc_mam" }
|
||||||
|
|
||||||
|
---Set up an external component (default component port is 5347)
|
||||||
|
--
|
||||||
|
-- External components allow adding various services, such as gateways/
|
||||||
|
-- transports to other networks like ICQ, MSN and Yahoo. For more info
|
||||||
|
-- see: https://prosody.im/doc/components#adding_an_external_component
|
||||||
|
--
|
||||||
|
--Component "gateway.example.com"
|
||||||
|
-- component_secret = "password"
|
44
integration/26-s2s-prosody-prosody/xmpp-proxy3.toml
Normal file
44
integration/26-s2s-prosody-prosody/xmpp-proxy3.toml
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
|
||||||
|
# interfaces to listen for reverse proxy STARTTLS/Direct TLS XMPP connections on, should be open to the internet
|
||||||
|
incoming_listen = [ ]
|
||||||
|
# interfaces to listen for reverse proxy QUIC XMPP connections on, should be open to the internet
|
||||||
|
quic_listen = [ ]
|
||||||
|
# interfaces to listen for reverse proxy TLS WebSocket (wss) XMPP connections on, should be open to the internet
|
||||||
|
websocket_listen = [ ]
|
||||||
|
# interfaces to listen for outgoing proxy TCP XMPP connections on, should be localhost
|
||||||
|
outgoing_listen = [ "0.0.0.0:5222" ]
|
||||||
|
|
||||||
|
# these ports shouldn't do any TLS, but should assume any connection from xmpp-proxy is secure
|
||||||
|
# prosody module: https://modules.prosody.im/mod_secure_interfaces.html
|
||||||
|
|
||||||
|
# c2s port backend XMPP server listens on
|
||||||
|
c2s_target = "127.0.0.1:15222"
|
||||||
|
|
||||||
|
# s2s port backend XMPP server listens on
|
||||||
|
s2s_target = "127.0.0.1:15269"
|
||||||
|
|
||||||
|
# send PROXYv1 header to backend XMPP server
|
||||||
|
# https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
|
||||||
|
# prosody module: https://modules.prosody.im/mod_net_proxy.html
|
||||||
|
# ejabberd config: https://docs.ejabberd.im/admin/configuration/listen-options/#use-proxy-protocol
|
||||||
|
proxy = true
|
||||||
|
|
||||||
|
# limit incoming stanzas to this many bytes, default to ejabberd's default
|
||||||
|
# https://github.com/processone/ejabberd/blob/master/ejabberd.yml.example#L32
|
||||||
|
# xmpp-proxy will use this many bytes + 16k per connection
|
||||||
|
max_stanza_size_bytes = 262_144
|
||||||
|
|
||||||
|
# TLS key/certificate valid for all your XMPP domains, PEM format
|
||||||
|
# included systemd unit can only read files from /etc/xmpp-proxy/ so put them in there
|
||||||
|
tls_key = "/etc/certs/rsa/one.example.org.key"
|
||||||
|
tls_cert = "/etc/certs/rsa/one.example.org.crt"
|
||||||
|
|
||||||
|
# configure logging, defaults are commented
|
||||||
|
# can also set env variables XMPP_PROXY_LOG_LEVEL and/or XMPP_PROXY_LOG_STYLE, but values in this file override them
|
||||||
|
# many options, trace is XML-console-level, refer to: https://docs.rs/env_logger/0.8.3/env_logger/#enabling-logging
|
||||||
|
#log_level = "info"
|
||||||
|
# for development/debugging:
|
||||||
|
log_level = "info,xmpp_proxy=trace"
|
||||||
|
|
||||||
|
# one of auto, always, never, refer to: https://docs.rs/env_logger/0.8.3/env_logger/#disabling-colors
|
||||||
|
#log_style = "never"
|
240
integration/27-s2s-prosody-ejabberd/ejabberd2.yml
Normal file
240
integration/27-s2s-prosody-ejabberd/ejabberd2.yml
Normal file
@ -0,0 +1,240 @@
|
|||||||
|
###
|
||||||
|
### ejabberd configuration file
|
||||||
|
###
|
||||||
|
### The parameters used in this configuration file are explained at
|
||||||
|
###
|
||||||
|
### https://docs.ejabberd.im/admin/configuration
|
||||||
|
###
|
||||||
|
### The configuration file is written in YAML.
|
||||||
|
### *******************************************************
|
||||||
|
### ******* !!! WARNING !!! *******
|
||||||
|
### ******* YAML IS INDENTATION SENSITIVE *******
|
||||||
|
### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY *******
|
||||||
|
### *******************************************************
|
||||||
|
### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
|
||||||
|
###
|
||||||
|
|
||||||
|
hosts:
|
||||||
|
- two.example.org
|
||||||
|
|
||||||
|
loglevel: debug
|
||||||
|
|
||||||
|
## If you already have certificates, list them here
|
||||||
|
certfiles:
|
||||||
|
- /etc/prosody/certs/two.example.org.crt
|
||||||
|
- /etc/prosody/certs/two.example.org.key
|
||||||
|
|
||||||
|
listen:
|
||||||
|
-
|
||||||
|
port: 5222
|
||||||
|
ip: "::"
|
||||||
|
module: ejabberd_c2s
|
||||||
|
max_stanza_size: 262144
|
||||||
|
shaper: c2s_shaper
|
||||||
|
access: c2s
|
||||||
|
starttls_required: true
|
||||||
|
-
|
||||||
|
port: 5223
|
||||||
|
ip: "::"
|
||||||
|
tls: true
|
||||||
|
module: ejabberd_c2s
|
||||||
|
max_stanza_size: 262144
|
||||||
|
shaper: c2s_shaper
|
||||||
|
access: c2s
|
||||||
|
starttls_required: true
|
||||||
|
-
|
||||||
|
port: 5269
|
||||||
|
ip: "::"
|
||||||
|
module: ejabberd_s2s_in
|
||||||
|
max_stanza_size: 524288
|
||||||
|
-
|
||||||
|
port: 5443
|
||||||
|
ip: "::"
|
||||||
|
module: ejabberd_http
|
||||||
|
tls: true
|
||||||
|
request_handlers:
|
||||||
|
/admin: ejabberd_web_admin
|
||||||
|
/api: mod_http_api
|
||||||
|
/bosh: mod_bosh
|
||||||
|
/captcha: ejabberd_captcha
|
||||||
|
/upload: mod_http_upload
|
||||||
|
/ws: ejabberd_http_ws
|
||||||
|
-
|
||||||
|
port: 5280
|
||||||
|
ip: "::"
|
||||||
|
module: ejabberd_http
|
||||||
|
request_handlers:
|
||||||
|
/admin: ejabberd_web_admin
|
||||||
|
/.well-known/acme-challenge: ejabberd_acme
|
||||||
|
-
|
||||||
|
port: 3478
|
||||||
|
ip: "::"
|
||||||
|
transport: udp
|
||||||
|
module: ejabberd_stun
|
||||||
|
use_turn: true
|
||||||
|
## The server's public IPv4 address:
|
||||||
|
# turn_ipv4_address: "203.0.113.3"
|
||||||
|
## The server's public IPv6 address:
|
||||||
|
# turn_ipv6_address: "2001:db8::3"
|
||||||
|
-
|
||||||
|
port: 1883
|
||||||
|
ip: "::"
|
||||||
|
module: mod_mqtt
|
||||||
|
backlog: 1000
|
||||||
|
|
||||||
|
s2s_use_starttls: optional
|
||||||
|
|
||||||
|
acl:
|
||||||
|
local:
|
||||||
|
user_regexp: ""
|
||||||
|
loopback:
|
||||||
|
ip:
|
||||||
|
- 127.0.0.0/8
|
||||||
|
- ::1/128
|
||||||
|
|
||||||
|
access_rules:
|
||||||
|
local:
|
||||||
|
allow: local
|
||||||
|
c2s:
|
||||||
|
deny: blocked
|
||||||
|
allow: all
|
||||||
|
announce:
|
||||||
|
allow: admin
|
||||||
|
configure:
|
||||||
|
allow: admin
|
||||||
|
muc_create:
|
||||||
|
allow: local
|
||||||
|
pubsub_createnode:
|
||||||
|
allow: local
|
||||||
|
trusted_network:
|
||||||
|
allow: loopback
|
||||||
|
|
||||||
|
api_permissions:
|
||||||
|
"console commands":
|
||||||
|
from:
|
||||||
|
- ejabberd_ctl
|
||||||
|
who: all
|
||||||
|
what: "*"
|
||||||
|
"admin access":
|
||||||
|
who:
|
||||||
|
access:
|
||||||
|
allow:
|
||||||
|
- acl: loopback
|
||||||
|
- acl: admin
|
||||||
|
oauth:
|
||||||
|
scope: "ejabberd:admin"
|
||||||
|
access:
|
||||||
|
allow:
|
||||||
|
- acl: loopback
|
||||||
|
- acl: admin
|
||||||
|
what:
|
||||||
|
- "*"
|
||||||
|
- "!stop"
|
||||||
|
- "!start"
|
||||||
|
"public commands":
|
||||||
|
who:
|
||||||
|
ip: 127.0.0.1/8
|
||||||
|
what:
|
||||||
|
- status
|
||||||
|
- connected_users_number
|
||||||
|
|
||||||
|
shaper:
|
||||||
|
normal:
|
||||||
|
rate: 3000
|
||||||
|
burst_size: 20000
|
||||||
|
fast: 100000
|
||||||
|
|
||||||
|
shaper_rules:
|
||||||
|
max_user_sessions: 10
|
||||||
|
max_user_offline_messages:
|
||||||
|
5000: admin
|
||||||
|
100: all
|
||||||
|
c2s_shaper:
|
||||||
|
none: admin
|
||||||
|
normal: all
|
||||||
|
s2s_shaper: fast
|
||||||
|
|
||||||
|
modules:
|
||||||
|
mod_adhoc: {}
|
||||||
|
mod_admin_extra: {}
|
||||||
|
mod_announce:
|
||||||
|
access: announce
|
||||||
|
mod_avatar: {}
|
||||||
|
mod_blocking: {}
|
||||||
|
mod_bosh: {}
|
||||||
|
mod_caps: {}
|
||||||
|
mod_carboncopy: {}
|
||||||
|
mod_client_state: {}
|
||||||
|
mod_configure: {}
|
||||||
|
mod_disco: {}
|
||||||
|
mod_fail2ban: {}
|
||||||
|
mod_http_api: {}
|
||||||
|
mod_http_upload:
|
||||||
|
put_url: https://@HOST@:5443/upload
|
||||||
|
custom_headers:
|
||||||
|
"Access-Control-Allow-Origin": "https://@HOST@"
|
||||||
|
"Access-Control-Allow-Methods": "GET,HEAD,PUT,OPTIONS"
|
||||||
|
"Access-Control-Allow-Headers": "Content-Type"
|
||||||
|
mod_last: {}
|
||||||
|
mod_mam:
|
||||||
|
## Mnesia is limited to 2GB, better to use an SQL backend
|
||||||
|
## For small servers SQLite is a good fit and is very easy
|
||||||
|
## to configure. Uncomment this when you have SQL configured:
|
||||||
|
## db_type: sql
|
||||||
|
assume_mam_usage: true
|
||||||
|
default: always
|
||||||
|
mod_mqtt: {}
|
||||||
|
mod_muc:
|
||||||
|
access:
|
||||||
|
- allow
|
||||||
|
access_admin:
|
||||||
|
- allow: admin
|
||||||
|
access_create: muc_create
|
||||||
|
access_persistent: muc_create
|
||||||
|
access_mam:
|
||||||
|
- allow
|
||||||
|
default_room_options:
|
||||||
|
mam: true
|
||||||
|
mod_muc_admin: {}
|
||||||
|
mod_offline:
|
||||||
|
access_max_user_messages: max_user_offline_messages
|
||||||
|
mod_ping: {}
|
||||||
|
mod_privacy: {}
|
||||||
|
mod_private: {}
|
||||||
|
mod_proxy65:
|
||||||
|
access: local
|
||||||
|
max_connections: 5
|
||||||
|
mod_pubsub:
|
||||||
|
access_createnode: pubsub_createnode
|
||||||
|
plugins:
|
||||||
|
- flat
|
||||||
|
- pep
|
||||||
|
force_node_config:
|
||||||
|
## Avoid buggy clients to make their bookmarks public
|
||||||
|
storage:bookmarks:
|
||||||
|
access_model: whitelist
|
||||||
|
mod_push: {}
|
||||||
|
mod_push_keepalive: {}
|
||||||
|
mod_register:
|
||||||
|
## Only accept registration requests from the "trusted"
|
||||||
|
## network (see access_rules section above).
|
||||||
|
## Think twice before enabling registration from any
|
||||||
|
## address. See the Jabber SPAM Manifesto for details:
|
||||||
|
## https://github.com/ge0rg/jabber-spam-fighting-manifesto
|
||||||
|
ip_access: trusted_network
|
||||||
|
mod_roster:
|
||||||
|
versioning: true
|
||||||
|
mod_s2s_dialback: {}
|
||||||
|
mod_shared_roster: {}
|
||||||
|
mod_stream_mgmt:
|
||||||
|
resend_on_timeout: if_offline
|
||||||
|
mod_stun_disco: {}
|
||||||
|
mod_vcard: {}
|
||||||
|
mod_vcard_xupdate: {}
|
||||||
|
mod_version:
|
||||||
|
show_os: false
|
||||||
|
|
||||||
|
### Local Variables:
|
||||||
|
### mode: yaml
|
||||||
|
### End:
|
||||||
|
### vim: set filetype=yaml tabstop=8
|
21
integration/27-s2s-prosody-ejabberd/example.org.zone
Normal file
21
integration/27-s2s-prosody-ejabberd/example.org.zone
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
$TTL 300
|
||||||
|
; example.org
|
||||||
|
@ IN SOA ns1.example.org. postmaster.example.org. (
|
||||||
|
2018111111 ; Serial
|
||||||
|
28800 ; Refresh
|
||||||
|
1800 ; Retry
|
||||||
|
604800 ; Expire - 1 week
|
||||||
|
86400 ) ; Negative Cache TTL
|
||||||
|
IN NS ns1
|
||||||
|
ns1 IN A 192.5.0.10
|
||||||
|
server1 IN A 192.5.0.20
|
||||||
|
server2 IN A 192.5.0.30
|
||||||
|
xp1 IN A 192.5.0.40
|
||||||
|
xp2 IN A 192.5.0.50
|
||||||
|
xp3 IN A 192.5.0.60
|
||||||
|
|
||||||
|
one IN CNAME server1
|
||||||
|
two IN CNAME server2
|
||||||
|
|
||||||
|
scansion.one IN CNAME xp3
|
||||||
|
scansion.two IN CNAME xp3
|
223
integration/27-s2s-prosody-ejabberd/prosody1.cfg.lua
Normal file
223
integration/27-s2s-prosody-ejabberd/prosody1.cfg.lua
Normal file
@ -0,0 +1,223 @@
|
|||||||
|
--Important for systemd
|
||||||
|
-- daemonize is important for systemd. if you set this to false the systemd startup will freeze.
|
||||||
|
daemonize = false
|
||||||
|
run_as_root = true
|
||||||
|
|
||||||
|
pidfile = "/run/prosody/prosody.pid"
|
||||||
|
|
||||||
|
-- Prosody Example Configuration File
|
||||||
|
--
|
||||||
|
-- Information on configuring Prosody can be found on our
|
||||||
|
-- website at https://prosody.im/doc/configure
|
||||||
|
--
|
||||||
|
-- Tip: You can check that the syntax of this file is correct
|
||||||
|
-- when you have finished by running this command:
|
||||||
|
-- prosodyctl check config
|
||||||
|
-- If there are any errors, it will let you know what and where
|
||||||
|
-- they are, otherwise it will keep quiet.
|
||||||
|
--
|
||||||
|
-- The only thing left to do is rename this file to remove the .dist ending, and fill in the
|
||||||
|
-- blanks. Good luck, and happy Jabbering!
|
||||||
|
|
||||||
|
|
||||||
|
---------- Server-wide settings ----------
|
||||||
|
-- Settings in this section apply to the whole server and are the default settings
|
||||||
|
-- for any virtual hosts
|
||||||
|
|
||||||
|
-- This is a (by default, empty) list of accounts that are admins
|
||||||
|
-- for the server. Note that you must create the accounts separately
|
||||||
|
-- (see https://prosody.im/doc/creating_accounts for info)
|
||||||
|
-- Example: admins = { "user1@example.com", "user2@example.net" }
|
||||||
|
admins = { }
|
||||||
|
|
||||||
|
-- Enable use of libevent for better performance under high load
|
||||||
|
-- For more information see: https://prosody.im/doc/libevent
|
||||||
|
--use_libevent = true
|
||||||
|
|
||||||
|
-- Prosody will always look in its source directory for modules, but
|
||||||
|
-- this option allows you to specify additional locations where Prosody
|
||||||
|
-- will look for modules first. For community modules, see https://modules.prosody.im/
|
||||||
|
--plugin_paths = {}
|
||||||
|
|
||||||
|
-- This is the list of modules Prosody will load on startup.
|
||||||
|
-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
|
||||||
|
-- Documentation for bundled modules can be found at: https://prosody.im/doc/modules
|
||||||
|
modules_enabled = {
|
||||||
|
|
||||||
|
-- Generally required
|
||||||
|
"roster"; -- Allow users to have a roster. Recommended ;)
|
||||||
|
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
|
||||||
|
"tls"; -- Add support for secure TLS on c2s/s2s connections
|
||||||
|
--"dialback"; -- s2s dialback support
|
||||||
|
"disco"; -- Service discovery
|
||||||
|
|
||||||
|
-- Not essential, but recommended
|
||||||
|
"carbons"; -- Keep multiple clients in sync
|
||||||
|
"pep"; -- Enables users to publish their avatar, mood, activity, playing music and more
|
||||||
|
"private"; -- Private XML storage (for room bookmarks, etc.)
|
||||||
|
"blocklist"; -- Allow users to block communications with other users
|
||||||
|
"vcard4"; -- User profiles (stored in PEP)
|
||||||
|
"vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard
|
||||||
|
"limits"; -- Enable bandwidth limiting for XMPP connections
|
||||||
|
|
||||||
|
-- Nice to have
|
||||||
|
"version"; -- Replies to server version requests
|
||||||
|
"uptime"; -- Report how long server has been running
|
||||||
|
"time"; -- Let others know the time here on this server
|
||||||
|
"ping"; -- Replies to XMPP pings with pongs
|
||||||
|
"register"; -- Allow users to register on this server using a client and change passwords
|
||||||
|
--"mam"; -- Store messages in an archive and allow users to access it
|
||||||
|
--"csi_simple"; -- Simple Mobile optimizations
|
||||||
|
|
||||||
|
-- Admin interfaces
|
||||||
|
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
|
||||||
|
--"admin_telnet"; -- Opens telnet console interface on localhost port 5582
|
||||||
|
|
||||||
|
-- HTTP modules
|
||||||
|
--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
|
||||||
|
--"websocket"; -- XMPP over WebSockets
|
||||||
|
--"http_files"; -- Serve static files from a directory over HTTP
|
||||||
|
|
||||||
|
-- Other specific functionality
|
||||||
|
--"groups"; -- Shared roster support
|
||||||
|
--"server_contact_info"; -- Publish contact information for this service
|
||||||
|
--"announce"; -- Send announcement to all online users
|
||||||
|
--"welcome"; -- Welcome users who register accounts
|
||||||
|
--"watchregistrations"; -- Alert admins of registrations
|
||||||
|
--"motd"; -- Send a message to users when they log in
|
||||||
|
--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
|
||||||
|
--"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
|
||||||
|
}
|
||||||
|
|
||||||
|
-- These modules are auto-loaded, but should you want
|
||||||
|
-- to disable them then uncomment them here:
|
||||||
|
modules_disabled = {
|
||||||
|
-- "offline"; -- Store offline messages
|
||||||
|
-- "c2s"; -- Handle client connections
|
||||||
|
-- "s2s"; -- Handle server-to-server connections
|
||||||
|
-- "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
|
||||||
|
}
|
||||||
|
|
||||||
|
-- Disable account creation by default, for security
|
||||||
|
-- For more information see https://prosody.im/doc/creating_accounts
|
||||||
|
allow_registration = false
|
||||||
|
|
||||||
|
-- Force clients to use encrypted connections? This option will
|
||||||
|
-- prevent clients from authenticating unless they are using encryption.
|
||||||
|
|
||||||
|
c2s_require_encryption = true
|
||||||
|
|
||||||
|
-- Force servers to use encrypted connections? This option will
|
||||||
|
-- prevent servers from authenticating unless they are using encryption.
|
||||||
|
|
||||||
|
s2s_require_encryption = true
|
||||||
|
|
||||||
|
-- Force certificate authentication for server-to-server connections?
|
||||||
|
|
||||||
|
s2s_secure_auth = false
|
||||||
|
|
||||||
|
-- Some servers have invalid or self-signed certificates. You can list
|
||||||
|
-- remote domains here that will not be required to authenticate using
|
||||||
|
-- certificates. They will be authenticated using DNS instead, even
|
||||||
|
-- when s2s_secure_auth is enabled.
|
||||||
|
|
||||||
|
--s2s_insecure_domains = { "insecure.example" }
|
||||||
|
|
||||||
|
-- Even if you disable s2s_secure_auth, you can still require valid
|
||||||
|
-- certificates for some domains by specifying a list here.
|
||||||
|
|
||||||
|
--s2s_secure_domains = { "jabber.org" }
|
||||||
|
|
||||||
|
-- Enable rate limits for incoming client and server connections
|
||||||
|
|
||||||
|
limits = {
|
||||||
|
c2s = {
|
||||||
|
rate = "10kb/s";
|
||||||
|
};
|
||||||
|
s2sin = {
|
||||||
|
rate = "30kb/s";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
-- Select the authentication backend to use. The 'internal' providers
|
||||||
|
-- use Prosody's configured data storage to store the authentication data.
|
||||||
|
|
||||||
|
authentication = "internal_hashed"
|
||||||
|
|
||||||
|
-- Select the storage backend to use. By default Prosody uses flat files
|
||||||
|
-- in its configured data directory, but it also supports more backends
|
||||||
|
-- through modules. An "sql" backend is included by default, but requires
|
||||||
|
-- additional dependencies. See https://prosody.im/doc/storage for more info.
|
||||||
|
|
||||||
|
--storage = "sql" -- Default is "internal"
|
||||||
|
|
||||||
|
-- For the "sql" backend, you can uncomment *one* of the below to configure:
|
||||||
|
--sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename.
|
||||||
|
--sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
|
||||||
|
--sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
|
||||||
|
|
||||||
|
|
||||||
|
-- Archiving configuration
|
||||||
|
-- If mod_mam is enabled, Prosody will store a copy of every message. This
|
||||||
|
-- is used to synchronize conversations between multiple clients, even if
|
||||||
|
-- they are offline. This setting controls how long Prosody will keep
|
||||||
|
-- messages in the archive before removing them.
|
||||||
|
|
||||||
|
archive_expires_after = "1w" -- Remove archived messages after 1 week
|
||||||
|
|
||||||
|
-- You can also configure messages to be stored in-memory only. For more
|
||||||
|
-- archiving options, see https://prosody.im/doc/modules/mod_mam
|
||||||
|
|
||||||
|
-- Logging configuration
|
||||||
|
-- For advanced logging see https://prosody.im/doc/logging
|
||||||
|
log = {
|
||||||
|
-- info = "prosody.log"; -- Change 'info' to 'debug' for verbose logging
|
||||||
|
-- error = "prosody.err";
|
||||||
|
--info = "*syslog"; -- Uncomment this for logging to syslog
|
||||||
|
debug = "*console"; -- Log to the console, useful for debugging with daemonize=false
|
||||||
|
}
|
||||||
|
|
||||||
|
-- Uncomment to enable statistics
|
||||||
|
-- For more info see https://prosody.im/doc/statistics
|
||||||
|
-- statistics = "internal"
|
||||||
|
|
||||||
|
-- Certificates
|
||||||
|
-- Every virtual host and component needs a certificate so that clients and
|
||||||
|
-- servers can securely verify its identity. Prosody will automatically load
|
||||||
|
-- certificates/keys from the directory specified here.
|
||||||
|
-- For more information, including how to use 'prosodyctl' to auto-import certificates
|
||||||
|
-- (from e.g. Let's Encrypt) see https://prosody.im/doc/certificates
|
||||||
|
|
||||||
|
-- Location of directory to find certificates in (relative to main config file):
|
||||||
|
certificates = "certs"
|
||||||
|
|
||||||
|
-- HTTPS currently only supports a single certificate, specify it here:
|
||||||
|
--https_certificate = "/etc/prosody/certs/localhost.crt"
|
||||||
|
|
||||||
|
----------- Virtual hosts -----------
|
||||||
|
-- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
|
||||||
|
-- Settings under each VirtualHost entry apply *only* to that host.
|
||||||
|
|
||||||
|
VirtualHost "one.example.org"
|
||||||
|
|
||||||
|
--VirtualHost "example.com"
|
||||||
|
-- certificate = "/path/to/example.crt"
|
||||||
|
|
||||||
|
------ Components ------
|
||||||
|
-- You can specify components to add hosts that provide special services,
|
||||||
|
-- like multi-user conferences, and transports.
|
||||||
|
-- For more information on components, see https://prosody.im/doc/components
|
||||||
|
|
||||||
|
---Set up a MUC (multi-user chat) room server on conference.example.com:
|
||||||
|
--Component "conference.example.com" "muc"
|
||||||
|
--- Store MUC messages in an archive and allow users to access it
|
||||||
|
--modules_enabled = { "muc_mam" }
|
||||||
|
|
||||||
|
---Set up an external component (default component port is 5347)
|
||||||
|
--
|
||||||
|
-- External components allow adding various services, such as gateways/
|
||||||
|
-- transports to other networks like ICQ, MSN and Yahoo. For more info
|
||||||
|
-- see: https://prosody.im/doc/components#adding_an_external_component
|
||||||
|
--
|
||||||
|
--Component "gateway.example.com"
|
||||||
|
-- component_secret = "password"
|
44
integration/27-s2s-prosody-ejabberd/xmpp-proxy3.toml
Normal file
44
integration/27-s2s-prosody-ejabberd/xmpp-proxy3.toml
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
|
||||||
|
# interfaces to listen for reverse proxy STARTTLS/Direct TLS XMPP connections on, should be open to the internet
|
||||||
|
incoming_listen = [ ]
|
||||||
|
# interfaces to listen for reverse proxy QUIC XMPP connections on, should be open to the internet
|
||||||
|
quic_listen = [ ]
|
||||||
|
# interfaces to listen for reverse proxy TLS WebSocket (wss) XMPP connections on, should be open to the internet
|
||||||
|
websocket_listen = [ ]
|
||||||
|
# interfaces to listen for outgoing proxy TCP XMPP connections on, should be localhost
|
||||||
|
outgoing_listen = [ "0.0.0.0:5222" ]
|
||||||
|
|
||||||
|
# these ports shouldn't do any TLS, but should assume any connection from xmpp-proxy is secure
|
||||||
|
# prosody module: https://modules.prosody.im/mod_secure_interfaces.html
|
||||||
|
|
||||||
|
# c2s port backend XMPP server listens on
|
||||||
|
c2s_target = "127.0.0.1:15222"
|
||||||
|
|
||||||
|
# s2s port backend XMPP server listens on
|
||||||
|
s2s_target = "127.0.0.1:15269"
|
||||||
|
|
||||||
|
# send PROXYv1 header to backend XMPP server
|
||||||
|
# https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
|
||||||
|
# prosody module: https://modules.prosody.im/mod_net_proxy.html
|
||||||
|
# ejabberd config: https://docs.ejabberd.im/admin/configuration/listen-options/#use-proxy-protocol
|
||||||
|
proxy = true
|
||||||
|
|
||||||
|
# limit incoming stanzas to this many bytes, default to ejabberd's default
|
||||||
|
# https://github.com/processone/ejabberd/blob/master/ejabberd.yml.example#L32
|
||||||
|
# xmpp-proxy will use this many bytes + 16k per connection
|
||||||
|
max_stanza_size_bytes = 262_144
|
||||||
|
|
||||||
|
# TLS key/certificate valid for all your XMPP domains, PEM format
|
||||||
|
# included systemd unit can only read files from /etc/xmpp-proxy/ so put them in there
|
||||||
|
tls_key = "/etc/certs/rsa/one.example.org.key"
|
||||||
|
tls_cert = "/etc/certs/rsa/one.example.org.crt"
|
||||||
|
|
||||||
|
# configure logging, defaults are commented
|
||||||
|
# can also set env variables XMPP_PROXY_LOG_LEVEL and/or XMPP_PROXY_LOG_STYLE, but values in this file override them
|
||||||
|
# many options, trace is XML-console-level, refer to: https://docs.rs/env_logger/0.8.3/env_logger/#enabling-logging
|
||||||
|
#log_level = "info"
|
||||||
|
# for development/debugging:
|
||||||
|
log_level = "info,xmpp_proxy=trace"
|
||||||
|
|
||||||
|
# one of auto, always, never, refer to: https://docs.rs/env_logger/0.8.3/env_logger/#disabling-colors
|
||||||
|
#log_style = "never"
|
@ -35,7 +35,7 @@ FROM base
|
|||||||
|
|
||||||
COPY --from=build /build/*/*.pkg.tar* /tmp/
|
COPY --from=build /build/*/*.pkg.tar* /tmp/
|
||||||
|
|
||||||
RUN pacman -S --noconfirm --disable-download-timeout --needed bind nginx prosody lua52-sec nss mkcert curl && \
|
RUN pacman -S --noconfirm --disable-download-timeout --needed bind nginx prosody lua52-sec ejabberd nss mkcert curl && \
|
||||||
pacman -U --noconfirm --needed /tmp/*.pkg.tar* && rm -f /tmp/*.pkg.tar* && \
|
pacman -U --noconfirm --needed /tmp/*.pkg.tar* && rm -f /tmp/*.pkg.tar* && \
|
||||||
mkdir -p /opt/xmpp-proxy/prosody-modules/ /opt/prosody-modules/ /scansion && mkcert -install && \
|
mkdir -p /opt/xmpp-proxy/prosody-modules/ /opt/prosody-modules/ /scansion && mkcert -install && \
|
||||||
mkdir -p /etc/certs/ecdsa && cd /etc/certs/ecdsa && \
|
mkdir -p /etc/certs/ecdsa && cd /etc/certs/ecdsa && \
|
||||||
|
@ -100,6 +100,9 @@ run_test() {
|
|||||||
# start the prosody servers if required
|
# start the prosody servers if required
|
||||||
[ -f ./prosody1.cfg.lua ] && run_container -d -v ./prosody1.cfg.lua:/etc/prosody/prosody.cfg.lua:ro 20 server1 prosody
|
[ -f ./prosody1.cfg.lua ] && run_container -d -v ./prosody1.cfg.lua:/etc/prosody/prosody.cfg.lua:ro 20 server1 prosody
|
||||||
[ -f ./prosody2.cfg.lua ] && run_container -d -v ./prosody2.cfg.lua:/etc/prosody/prosody.cfg.lua:ro 30 server2 prosody
|
[ -f ./prosody2.cfg.lua ] && run_container -d -v ./prosody2.cfg.lua:/etc/prosody/prosody.cfg.lua:ro 30 server2 prosody
|
||||||
|
# or the ejabberd servers
|
||||||
|
[ -f ./ejabberd1.yml ] && run_container -d -v ./ejabberd1.yml:/etc/ejabberd/ejabberd.yml:ro 20 server1 /usr/bin/ejabberdctl foreground
|
||||||
|
[ -f ./ejabberd2.yml ] && run_container -d -v ./ejabberd2.yml:/etc/ejabberd/ejabberd.yml:ro 30 server2 /usr/bin/ejabberdctl foreground
|
||||||
|
|
||||||
[ -f ./xmpp-proxy1.toml ] && run_container -d $xmpp_proxy_bind -v ./xmpp-proxy1.toml:/etc/xmpp-proxy/xmpp-proxy.toml:ro 40 xp1 xmpp-proxy
|
[ -f ./xmpp-proxy1.toml ] && run_container -d $xmpp_proxy_bind -v ./xmpp-proxy1.toml:/etc/xmpp-proxy/xmpp-proxy.toml:ro 40 xp1 xmpp-proxy
|
||||||
[ -f ./xmpp-proxy2.toml ] && run_container -d $xmpp_proxy_bind -v ./xmpp-proxy2.toml:/etc/xmpp-proxy/xmpp-proxy.toml:ro 50 xp2 xmpp-proxy
|
[ -f ./xmpp-proxy2.toml ] && run_container -d $xmpp_proxy_bind -v ./xmpp-proxy2.toml:/etc/xmpp-proxy/xmpp-proxy.toml:ro 50 xp2 xmpp-proxy
|
||||||
@ -113,11 +116,16 @@ run_test() {
|
|||||||
podman exec server1 prosodyctl register juliet two.example.org pass
|
podman exec server1 prosodyctl register juliet two.example.org pass
|
||||||
podman exec server2 prosodyctl register romeo one.example.org pass
|
podman exec server2 prosodyctl register romeo one.example.org pass
|
||||||
podman exec server2 prosodyctl register juliet two.example.org pass
|
podman exec server2 prosodyctl register juliet two.example.org pass
|
||||||
|
|
||||||
|
podman exec server1 ejabberdctl register romeo one.example.org pass
|
||||||
|
podman exec server1 ejabberdctl register juliet two.example.org pass
|
||||||
|
podman exec server2 ejabberdctl register romeo one.example.org pass
|
||||||
|
podman exec server2 ejabberdctl register juliet two.example.org pass
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
# run the actual tests
|
# run the actual tests
|
||||||
tests="$(cat tests || echo "-d .")"
|
tests="$(cat tests || echo "-d .")"
|
||||||
run_container -w /scansion/ 90 scansion scansion $tests
|
run_container -w /scansion/ 89 scansion scansion $tests
|
||||||
# juliet_messages_romeo.scs juliet_presence.scs romeo_messages_juliet.scs romeo_presence.scs
|
# juliet_messages_romeo.scs juliet_presence.scs romeo_messages_juliet.scs romeo_presence.scs
|
||||||
|
|
||||||
cleanup
|
cleanup
|
||||||
|
Loading…
Reference in New Issue
Block a user