Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen RevisionVorhergehende Überarbeitung | Nächste ÜberarbeitungBeide Seiten der Revision | ||
prosody [24.12.2015 20:52] – [Konfiguration] x1lent | prosody [24.12.2015 21:09] – [Konfiguration] x1lent | ||
---|---|---|---|
Zeile 102: | Zeile 102: | ||
<file lua / | <file lua / | ||
+ | -- Prosody XMPP Server Configuration | ||
+ | -- | ||
+ | -- Information on configuring Prosody can be found on our | ||
+ | -- website at http:// | ||
+ | -- | ||
+ | -- Tip: You can check that the syntax of this file is correct | ||
+ | -- when you have finished by running: luac -p prosody.cfg.lua | ||
+ | -- If there are any errors, it will let you know what and where | ||
+ | -- they are, otherwise it will keep quiet. | ||
+ | -- | ||
+ | -- Good luck, and happy Jabbering! | ||
+ | |||
+ | |||
+ | ---------- Server-wide settings ---------- | ||
+ | -- Settings in this section apply to the whole server and are the default settings | ||
+ | -- for any virtual hosts | ||
+ | |||
+ | -- This is a (by default, empty) list of accounts that are admins | ||
+ | -- for the server. Note that you must create the accounts separately | ||
+ | -- (see http:// | ||
+ | -- Example: admins = { " | ||
+ | admins = {} | ||
+ | |||
+ | -- Enable use of libevent for better performance under high load | ||
+ | -- For more information see: http:// | ||
+ | use_libevent = true; | ||
+ | |||
+ | |||
+ | plugin_paths = {"" | ||
+ | |||
+ | -- This is the list of modules Prosody will load on startup. | ||
+ | -- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too. | ||
+ | -- Documentation on modules can be found at: http:// | ||
+ | modules_enabled = { | ||
+ | |||
+ | -- Generally required | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | |||
+ | -- Not essential, but recommended | ||
+ | " | ||
+ | " | ||
+ | |||
+ | -- These are commented by default as they have a performance impact | ||
+ | --" | ||
+ | --" | ||
+ | |||
+ | -- Nice to have | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | --" | ||
+ | |||
+ | -- Admin interfaces | ||
+ | " | ||
+ | --" | ||
+ | |||
+ | -- HTTP modules | ||
+ | --" | ||
+ | " | ||
+ | |||
+ | -- Other specific functionality | ||
+ | --" | ||
+ | --" | ||
+ | --" | ||
+ | --" | ||
+ | --" | ||
+ | --" | ||
+ | }; | ||
+ | |||
+ | -- These modules are auto-loaded, | ||
+ | -- to disable them then uncomment them here: | ||
+ | modules_disabled = { | ||
+ | -- " | ||
+ | -- " | ||
+ | -- " | ||
+ | }; | ||
+ | |||
+ | -- Disable account creation by default, for security | ||
+ | -- For more information see http:// | ||
+ | allow_registration = true; | ||
+ | registration_hosts={' | ||
+ | |||
+ | daemonize = true; | ||
+ | -- Required for init scripts and prosodyctl | ||
+ | pidfile = "/ | ||
+ | |||
+ | http_files_dir="/ | ||
+ | http_dir_listing=true; | ||
+ | |||
+ | http_ports = { 5280 } | ||
+ | http_interfaces = { " | ||
+ | |||
+ | -- These are the SSL/ | ||
+ | -- to use SSL/TLS, you may comment or remove this | ||
+ | ssl = { | ||
+ | key = "/ | ||
+ | certificate = "/ | ||
+ | } | ||
+ | |||
+ | -- Force clients to use encrypted connections? | ||
+ | -- prevent clients from authenticating unless they are using encryption. | ||
+ | |||
+ | c2s_require_encryption = true | ||
+ | |||
+ | -- Force certificate authentication for server-to-server connections? | ||
+ | -- This provides ideal security, but requires servers you communicate | ||
+ | -- with to support encryption AND present valid, trusted certificates. | ||
+ | -- NOTE: Your version of LuaSec must support certificate verification! | ||
+ | -- For more information see http:// | ||
+ | |||
+ | s2s_require_encryption = true | ||
+ | s2s_secure_auth = false | ||
+ | |||
+ | -- Many servers don't support encryption or have invalid or self-signed | ||
+ | -- certificates. You can list domains here that will not be required to | ||
+ | -- authenticate using certificates. They will be authenticated using DNS. | ||
+ | |||
+ | s2s_insecure_domains = { " | ||
+ | |||
+ | -- Even if you leave s2s_secure_auth disabled, you can still require valid | ||
+ | -- certificates for some domains by specifying a list here. | ||
+ | |||
+ | s2s_secure_domains = { " | ||
+ | |||
+ | -- Select the authentication backend to use. The ' | ||
+ | -- use Prosody' | ||
+ | -- To allow Prosody to offer secure authentication mechanisms to clients, the | ||
+ | -- default provider stores passwords in plaintext. If you do not trust your | ||
+ | -- server please see http:// | ||
+ | -- for information about using the hashed backend. | ||
+ | |||
+ | --authentication = " | ||
+ | |||
+ | -- we want passwords to be hashed on disk! | ||
+ | authentication = " | ||
+ | |||
+ | -- Select the storage backend to use. By default Prosody uses flat files | ||
+ | -- in its configured data directory, but it also supports more backends | ||
+ | -- through modules. An " | ||
+ | -- additional dependencies. See http:// | ||
+ | |||
+ | storage = " | ||
+ | |||
+ | -- For the " | ||
+ | --sql = { driver = " | ||
+ | sql = { driver = " | ||
+ | --sql = { driver = " | ||
+ | |||
+ | -- Logging configuration | ||
+ | -- For advanced logging see http:// | ||
+ | log = { | ||
+ | info = "/ | ||
+ | error = "/ | ||
+ | -- Syslog: | ||
+ | { levels = { " | ||
+ | -- " | ||
+ | } | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | http_paths = { | ||
+ | register_web = "/"; | ||
+ | files="/ | ||
+ | } | ||
+ | |||
+ | http_host = " | ||
+ | |||
+ | ----------- Virtual hosts ----------- | ||
+ | -- You need to add a VirtualHost entry for each domain you wish Prosody to serve. | ||
+ | -- Settings under each VirtualHost entry apply *only* to that host. | ||
+ | |||
+ | |||
+ | --VirtualHost " | ||
+ | |||
+ | -- Section for host | ||
+ | |||
+ | VirtualHost " | ||
+ | --enabled = false -- Remove this line to enable this host | ||
+ | |||
+ | -- Assign this host a certificate for TLS, otherwise it would use the one | ||
+ | -- set in the global section (if any). | ||
+ | -- Note that old-style SSL on port 5223 only supports one certificate, | ||
+ | -- use the global one. | ||
+ | ssl = { | ||
+ | key = "/ | ||
+ | certificate = "/ | ||
+ | |||
+ | -- We do not want SSL2 and SSL3, no compression, | ||
+ | options = { " | ||
+ | --options = { " | ||
+ | --options = { " | ||
+ | -- Only FS (Forward Secrecy) Ciphers | ||
+ | ciphers = " | ||
+ | dhparam = "/ | ||
+ | } | ||
+ | |||
+ | |||
+ | |||
+ | VirtualHost " | ||
+ | --enabled = false -- Remove this line to enable this host | ||
+ | |||
+ | -- Assign this host a certificate for TLS, otherwise it would use the one | ||
+ | -- set in the global section (if any). | ||
+ | -- Note that old-style SSL on port 5223 only supports one certificate, | ||
+ | -- use the global one. | ||
+ | ssl = { | ||
+ | key = "/ | ||
+ | certificate = "/ | ||
+ | |||
+ | -- We do not want SSL2 and SSL3, no compression, | ||
+ | options = { " | ||
+ | --options = { " | ||
+ | --options = { " | ||
+ | -- Only FS (Forward Secrecy) Ciphers | ||
+ | ciphers = " | ||
+ | dhparam = "/ | ||
+ | } | ||
+ | |||
+ | ------ Components ------ | ||
+ | -- You can specify components to add hosts that provide special services, | ||
+ | -- like multi-user conferences, | ||
+ | -- For more information on components, see http:// | ||
+ | |||
+ | -- Set up a MUC (multi-user chat) room server on conference.example.com: | ||
+ | --Component " | ||
+ | |||
+ | -- Set up a SOCKS5 bytestream proxy for server-proxied file transfers: | ||
+ | --Component " | ||
+ | |||
+ | ---Set up an external component (default component port is 5347) | ||
+ | --Component " | ||
+ | -- component_secret = " | ||
- | -- Prosody XMPP Server Configuration | ||
- | -- | ||
- | -- Information on configuring Prosody can be found on our | ||
- | -- website at http:// | ||
- | -- | ||
- | -- Tip: You can check that the syntax of this file is correct | ||
- | -- when you have finished by running: luac -p prosody.cfg.lua | ||
- | -- If there are any errors, it will let you know what and where | ||
- | -- they are, otherwise it will keep quiet. | ||
- | -- | ||
- | -- Good luck, and happy Jabbering! | ||
- | |||
- | |||
- | ---------- Server-wide settings ---------- | ||
- | -- Settings in this section apply to the whole server and are the default settings | ||
- | -- for any virtual hosts | ||
- | |||
- | -- This is a (by default, empty) list of accounts that are admins | ||
- | -- for the server. Note that you must create the accounts separately | ||
- | -- (see http:// | ||
- | -- Example: admins = { " | ||
- | admins = {} | ||
- | |||
- | -- Enable use of libevent for better performance under high load | ||
- | -- For more information see: http:// | ||
- | --use_libevent = true; | ||
- | |||
- | -- This is the list of modules Prosody will load on startup. | ||
- | -- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too. | ||
- | -- Documentation on modules can be found at: http:// | ||
- | modules_enabled = { | ||
- | |||
- | -- Generally required | ||
- | " | ||
- | " | ||
- | " | ||
- | " | ||
- | " | ||
- | " | ||
- | |||
- | -- Not essential, but recommended | ||
- | " | ||
- | " | ||
- | |||
- | -- These are commented by default as they have a performance impact | ||
- | --" | ||
- | --" | ||
- | |||
- | -- Nice to have | ||
- | " | ||
- | " | ||
- | " | ||
- | " | ||
- | " | ||
- | " | ||
- | |||
- | -- Admin interfaces | ||
- | " | ||
- | --" | ||
- | |||
- | -- HTTP modules | ||
- | --" | ||
- | --" | ||
- | |||
- | -- Other specific functionality | ||
- | --" | ||
- | --" | ||
- | --" | ||
- | --" | ||
- | --" | ||
- | --" | ||
- | }; | ||
- | |||
- | -- These modules are auto-loaded, | ||
- | -- to disable them then uncomment them here: | ||
- | modules_disabled = { | ||
- | -- " | ||
- | -- " | ||
- | -- " | ||
- | }; | ||
- | |||
- | -- Disable account creation by default, for security | ||
- | -- For more information see http:// | ||
- | allow_registration = true; | ||
- | whitelist_registration_only = true; | ||
- | registration_whitelist_starts_with = { ' | ||
- | registration_hosts = {' | ||
- | |||
- | |||
- | daemonize = true; | ||
- | -- Required for init scripts and prosodyctl | ||
- | pidfile = "/ | ||
- | |||
- | -- These are the SSL/ | ||
- | -- to use SSL/TLS, you may comment or remove this | ||
- | ssl = { | ||
- | key = "/ | ||
- | certificate = "/ | ||
- | } | ||
- | |||
- | -- Force clients to use encrypted connections? | ||
- | -- prevent clients from authenticating unless they are using encryption. | ||
- | |||
- | c2s_require_encryption = true | ||
- | |||
- | -- Force certificate authentication for server-to-server connections? | ||
- | -- This provides ideal security, but requires servers you communicate | ||
- | -- with to support encryption AND present valid, trusted certificates. | ||
- | -- NOTE: Your version of LuaSec must support certificate verification! | ||
- | -- For more information see http:// | ||
- | |||
- | s2s_require_encryption = true | ||
- | s2s_secure_auth = false | ||
- | |||
- | -- Many servers don't support encryption or have invalid or self-signed | ||
- | -- certificates. You can list domains here that will not be required to | ||
- | -- authenticate using certificates. They will be authenticated using DNS. | ||
- | |||
- | s2s_insecure_domains = { " | ||
- | |||
- | -- Even if you leave s2s_secure_auth disabled, you can still require valid | ||
- | -- certificates for some domains by specifying a list here. | ||
- | |||
- | s2s_secure_domains = { " | ||
- | |||
- | -- Select the authentication backend to use. The ' | ||
- | -- use Prosody' | ||
- | -- To allow Prosody to offer secure authentication mechanisms to clients, the | ||
- | -- default provider stores passwords in plaintext. If you do not trust your | ||
- | -- server please see http:// | ||
- | -- for information about using the hashed backend. | ||
- | |||
- | --authentication = " | ||
- | |||
- | -- we want passwords to be hashed on disk! | ||
- | authentication = " | ||
- | |||
- | -- Select the storage backend to use. By default Prosody uses flat files | ||
- | -- in its configured data directory, but it also supports more backends | ||
- | -- through modules. An " | ||
- | -- additional dependencies. See http:// | ||
- | |||
- | --storage = " | ||
- | |||
- | -- For the " | ||
- | --sql = { driver = " | ||
- | --sql = { driver = " | ||
- | --sql = { driver = " | ||
- | |||
- | -- Logging configuration | ||
- | -- For advanced logging see http:// | ||
- | log = { | ||
- | info = "/ | ||
- | error = "/ | ||
- | -- Syslog: | ||
- | { levels = { " | ||
- | -- " | ||
- | } | ||
- | |||
- | ----------- Virtual hosts ----------- | ||
- | -- You need to add a VirtualHost entry for each domain you wish Prosody to serve. | ||
- | -- Settings under each VirtualHost entry apply *only* to that host. | ||
- | |||
- | VirtualHost " | ||
- | |||
- | -- Section for host | ||
- | |||
- | VirtualHost "hier der domain name" | ||
- | --enabled = false -- Remove this line to enable this host | ||
- | |||
- | -- Assign this host a certificate for TLS, otherwise it would use the one | ||
- | -- set in the global section (if any). | ||
- | -- Note that old-style SSL on port 5223 only supports one certificate, | ||
- | -- use the global one. | ||
- | ssl = { | ||
- | key = "/ | ||
- | certificate = "/ | ||
- | |||
- | -- We do not want SSL2 and SSL3, no compression, | ||
- | options = { " | ||
- | --options = { " | ||
- | --options = { " | ||
- | -- Only FS (Forward Secrecy) Ciphers | ||
- | ciphers = " | ||
- | dhparam = "/ | ||
- | } | ||
- | |||
- | ------ Components ------ | ||
- | -- You can specify components to add hosts that provide special services, | ||
- | -- like multi-user conferences, | ||
- | -- For more information on components, see http:// | ||
- | |||
- | -- Set up a MUC (multi-user chat) room server on conference.example.com: | ||
- | --Component " | ||
- | |||
- | -- Set up a SOCKS5 bytestream proxy for server-proxied file transfers: | ||
- | --Component " | ||
- | |||
- | ---Set up an external component (default component port is 5347) | ||
- | --Component " | ||
- | -- component_secret = " | ||
</ | </ | ||