Wiki - Freifunk Pinneberg

Freies WLAN im Kreis Pinneberg

Benutzer-Werkzeuge

Webseiten-Werkzeuge


prosody

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen RevisionVorhergehende Überarbeitung
Nächste Überarbeitung
Vorhergehende Überarbeitung
prosody [24.12.2015 20:52] x1lentprosody [25.12.2015 11:13] (aktuell) – [Konfiguration] x1lent
Zeile 2: Zeile 2:
  
   * Installation auf ffpi-services   * Installation auf ffpi-services
-  * Wird unter xmpp.ffpi oder xmpp.pinneberg.freifunk.net erreichbar sein+  * Ist unter xmpp.ffpi oder xmpp.pinneberg.freifunk.net erreichbar 
  
 ===== Warum Prosody? ===== ===== Warum Prosody? =====
  
-Sicher fragt man sich warum wir kein ejabberd nutzen. Dies ist schlicht und ergreifend eigenen Präferenz. Ich persöhnlich störe mich daran bei ejabberd die Cipher-Suites für den verschlüsselten Austausch mit anderen Servern nicht manuell einstellen zu können. Weiterhin lässt sich ejabberd meiner Meinung schlechter warten, da es mit erlang geschrieben wurde. Prosody im Kontrast wurde mit lua geschrieben. Alleine schon die Packages die für den Betrieb benötigt werden sind kleiner und weniger von der Anzahl her. Weiterhin verbraucht Prosody nur 1/3 des Speicherbedarf von ejabberd.+Sicher fragt man sich warum wir kein ejabberd nutzen. Dies ist schlicht und ergreifend eigenen Präferenz. Ich persönlich störe mich daran bei ejabberd die Cipher-Suites für den verschlüsselten Austausch mit anderen Servern nicht manuell einstellen zu können. Weiterhin lässt sich ejabberd meiner Meinung schlechter warten, da es mit erlang geschrieben wurde. Prosody im Kontrast wurde mit lua geschrieben. Alleine schon die Packages die für den Betrieb benötigt werden sind kleiner und weniger von der Anzahl her. Weiterhin verbraucht Prosody nur 1/3 des Speicherbedarfs von ejabberd.
  
 ===== Installation ===== ===== Installation =====
Zeile 24: Zeile 24:
 <code> <code>
 apt-get update apt-get update
-apt-get install prosody lua-sec+apt-get install prosody lua-sec lua-dbi-mysql lua-event lua-zlib
 </code> </code>
  
-Sollte die Version von lua-sec aus dem offiziellen Package Repos < 5.0 sein solltet ihr anstatt von lua-sec lua-sec-prosody installieren, dies trifft zum Beispiel auf Debian Wheezy zu.+Sollte die Version von lua-sec aus dem offiziellen Package Repos < 5.0 sein solltet ihr anstelle von lua-sec lua-sec-prosody installieren. Dies trifft zum Beispiel auf Debian Wheezy zu.
  
 ===== Modifikation ===== ===== Modifikation =====
  
-Da es nur Clients aus dem FFPI Netz erlaubt werden soll einen Account beim XMPP Server zu erstellen muss die mod_register.lua modifiziert werden, da prosody das nicht von Haus aus unterstützt. Weiterhin wollen wir, dass der XMPP Server bei der Registration für mehrere VirtualHosts einen Account erstellt. +Da es nur Clients aus dem FFPI Netz erlaubt werden soll einen Account beim XMPP Server zu erstellen und dieser Account weiterhin auf beiden Hosts (xmpp.ffpi und xmpp.pinneberg.freifunk.netregistriert werden muss benutzen wir mod_register_web in einer modifizierten Version.
- +
-<file lua /usr/lib/prosody/modules/mod_register.lua> +
- +
-    [...] +
-    local blacklisted_ips = module:get_option("registration_blacklist") or {}; +
-    local whitelist_ip_starts_with = module:get_option("registration_whitelist_starts_with"); +
-    local register_hosts = module:get_option("registration_hosts"); +
-    --IP Check for FFPI -- +
-    function checkIP(ipadress,whitelist_start) +
-    for i, ipstart in ipairs(whitelist_start) do +
-    if string.sub(ipadress,1,string.len(ipstart))==ipstart then +
-    return true +
-    end +
-        end +
-        return false +
-    end +
-      +
-    [...] +
-      +
-    elseif blacklisted_ips[session.ip] or (whitelist_only and not whitelisted_ips[session.ip]then +
-        module:log("debug", "Check for WhiteList Strart"+
-        if (whitelist_only and not checkIP(session.ip,whitelist_ip_starts_with) then +
-            session.send(st.error_reply(stanza, "cancel", "not-acceptable", "You are not allowed to register an account.")); +
-    return true; +
-        end +
-    [...] +
-      +
-    else +
-    -- TODO unable to write file, file may be locked, etc, what's the correct error? +
-        local error_reply = st.error_reply(stanza, "wait", "internal-server-error", "Failed to write data to disk."); +
-      +
-        for i, reg_host in ipairs(register_hosts) do +
-    module:log("debug","host test: %s",reg_host) +
-    if usermanager_create_user(username, password, reg_host) then +
-        if next(data) and not account_details:set(username, data) then +
-            usermanager_delete_user(username, reg_host); +
-    session.send(error_reply); +
-    return true; +
-        end +
-        session.send(st.reply(stanza)); -- user created! +
-        module:log("info", "User account created: %s@%s", username, reg_host); +
-        module:fire_event("user-registered",+
-                    username = username, reg_host = reg_host, source = "mod_register", +
-    session = session }); +
-            else +
-        session.send(error_reply); +
-    end +
-       end +
-    [...+
-</file>+
  
 +<code>
 +cd /usr/lib/prosody/modules/
 +apt-get install git
 +git clone https://github.com/freifunk-pinneberg/mod_register_web.git
 +</code>
 ===== Konfiguration ===== ===== Konfiguration =====
  
Zeile 90: Zeile 45:
 openssl dhparam -out /etc/prosody/certs/dh_4096.pem 4096 openssl dhparam -out /etc/prosody/certs/dh_4096.pem 4096
 </code> </code>
-Dies kann einige Zeit dauern. In der zwischenzeit erstellen wir einen Mysqluser + DB für prosody:+Dies kann einige Zeit dauern. In der Zwischenzeit erstellen wir daher einen User und eine Datenbank für prosody:
  
 <code> <code>
Zeile 97: Zeile 52:
 mysql> grant usage on *.* to prosody@localhost identified by 'extremelySECRET'; mysql> grant usage on *.* to prosody@localhost identified by 'extremelySECRET';
 mysql> grant all privileges on prosody.* to prosody@localhost; mysql> grant all privileges on prosody.* to prosody@localhost;
-<code>+</code>
  
-Nun geht es an die eigentliche Anpassung von Prosody. Die Namen der Domainzertifikate sowie die Domain müssen natürlich entsprechend ausgefüllt werden.+Nun geht es an die eigentliche Konfiguration von Prosody. Die Namen der Domainzertifikate sowie die Domain müssen natürlich entsprechend ausgefüllt werden.
  
 <file lua /etc/prosody/prosody.cfg.lua> <file lua /etc/prosody/prosody.cfg.lua>
 +-- Prosody XMPP Server Configuration
 +--
 +-- Information on configuring Prosody can be found on our
 +-- website at http://prosody.im/doc/configure
 +--
 +-- Tip: You can check that the syntax of this file is correct
 +-- when you have finished by running: luac -p prosody.cfg.lua
 +-- If there are any errors, it will let you know what and where
 +-- they are, otherwise it will keep quiet.
 +--
 +-- Good luck, and happy Jabbering!
 + 
 + 
 +---------- Server-wide settings ----------
 +-- Settings in this section apply to the whole server and are the default settings
 +-- for any virtual hosts
 + 
 +-- This is a (by default, empty) list of accounts that are admins
 +-- for the server. Note that you must create the accounts separately
 +-- (see http://prosody.im/doc/creating_accounts for info)
 +-- Example: admins = { "user1@example.com", "user2@example.net" }
 +admins = {}
 + 
 +-- Enable use of libevent for better performance under high load
 +-- For more information see: http://prosody.im/doc/libevent
 +use_libevent = true;
 +
 +
 +plugin_paths = {"" }
 + 
 +-- This is the list of modules Prosody will load on startup.
 +-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
 +-- Documentation on modules can be found at: http://prosody.im/doc/modules
 +modules_enabled = {
 + 
 +        -- Generally required
 +                "roster"; -- Allow users to have a roster. Recommended ;)
 +                "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
 +                "tls"; -- Add support for secure TLS on c2s/s2s connections
 +                "dialback"; -- s2s dialback support
 +                "disco"; -- Service discovery
 +                "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
 + 
 +        -- Not essential, but recommended
 +                "private"; -- Private XML storage (for room bookmarks, etc.)
 +                "vcard"; -- Allow users to set vCards
 + 
 +        -- These are commented by default as they have a performance impact
 +                --"privacy"; -- Support privacy lists
 +                "compression"; -- Stream compression (requires the lua-zlib package installed)
 + 
 +        -- Nice to have
 + "http";
 + "register_web";
 +                "version"; -- Replies to server version requests
 +                "uptime"; -- Report how long server has been running
 +                "time"; -- Let others know the time here on this server
 +                "ping"; -- Replies to XMPP pings with pongs
 +                "pep"; -- Enables users to publish their mood, activity, playing music and more
 +                --"register"; -- Allow users to register on this server using a client and change passwords
 + 
 +        -- Admin interfaces
 +                "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
 +                --"admin_telnet"; -- Opens telnet console interface on localhost port 5582
 + 
 +        -- HTTP modules
 +                --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
 +                "http_files"; -- Serve static files from a directory over HTTP
 + 
 +        -- Other specific functionality
 +                --"groups"; -- Shared roster support
 +                --"announce"; -- Send announcement to all online users
 +                --"welcome"; -- Welcome users who register accounts
 +                --"watchregistrations"; -- Alert admins of registrations
 +                --"motd"; -- Send a message to users when they log in
 +                --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
 +};
 + 
 +-- These modules are auto-loaded, but should you want
 +-- to disable them then uncomment them here:
 +modules_disabled = {
 +        -- "offline"; -- Store offline messages
 +        -- "c2s"; -- Handle client connections
 +        -- "s2s"; -- Handle server-to-server connections
 +};
 + 
 +-- Disable account creation by default, for security
 +-- For more information see http://prosody.im/doc/creating_accounts
 +allow_registration = true;
 +registration_hosts={'xmpp.ffpi', 'xmpp.pinneberg.freifunk.net'}
 + 
 +daemonize = true;
 +-- Required for init scripts and prosodyctl
 +pidfile = "/var/run/prosody/prosody.pid";
 +
 +http_files_dir="/usr/lib/prosody/modules/mod_register_web/templates/ressources/";
 +http_dir_listing=true;
 +
 +http_ports = { 5280 }
 +http_interfaces = { "127.0.0.1","::1" }
 +
 +-- These are the SSL/TLS-related settings. If you don't want
 +-- to use SSL/TLS, you may comment or remove this
 +ssl = {
 +        key = "/etc/prosody/certs/localhost.key";
 +        certificate = "/etc/prosody/certs/localhost.crt";
 +}
 + 
 +-- Force clients to use encrypted connections? This option will
 +-- prevent clients from authenticating unless they are using encryption.
 + 
 +c2s_require_encryption = true
 + 
 +-- Force certificate authentication for server-to-server connections?
 +-- This provides ideal security, but requires servers you communicate
 +-- with to support encryption AND present valid, trusted certificates.
 +-- NOTE: Your version of LuaSec must support certificate verification!
 +-- For more information see http://prosody.im/doc/s2s#security
 + 
 +s2s_require_encryption = true
 +s2s_secure_auth = false
 + 
 +-- Many servers don't support encryption or have invalid or self-signed
 +-- certificates. You can list domains here that will not be required to
 +-- authenticate using certificates. They will be authenticated using DNS.
 + 
 +s2s_insecure_domains = { "gmail.com" }
 + 
 +-- Even if you leave s2s_secure_auth disabled, you can still require valid
 +-- certificates for some domains by specifying a list here.
 + 
 +s2s_secure_domains = { "jabber.org" }
 + 
 +-- Select the authentication backend to use. The 'internal' providers
 +-- use Prosody's configured data storage to store the authentication data.
 +-- To allow Prosody to offer secure authentication mechanisms to clients, the
 +-- default provider stores passwords in plaintext. If you do not trust your
 +-- server please see http://prosody.im/doc/modules/mod_auth_internal_hashed
 +-- for information about using the hashed backend.
 + 
 +--authentication = "internal_plain"
 + 
 +-- we want passwords to be hashed on disk!
 +authentication = "internal_hashed"
 + 
 +-- Select the storage backend to use. By default Prosody uses flat files
 +-- in its configured data directory, but it also supports more backends
 +-- through modules. An "sql" backend is included by default, but requires
 +-- additional dependencies. See http://prosody.im/doc/storage for more info.
 + 
 +storage = "sql" -- Default is "internal"
 + 
 +-- For the "sql" backend, you can uncomment *one* of the below to configure:
 +--sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename.
 +sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "extremelySECRET", host = "localhost" }
 +--sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
 + 
 +-- Logging configuration
 +-- For advanced logging see http://prosody.im/doc/logging
 +log = {
 +        info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
 +        error = "/var/log/prosody/prosody.err";
 +       -- Syslog:
 +       { levels = { "error" }; to = "syslog";  };
 +--        "*syslog";
 +}
 + 
 +
 +
 +
 +http_paths = {
 + register_web = "/";
 + files="/files";
 +}
 +
 +http_host = "127.0.0.1"
 +
 +----------- Virtual hosts -----------
 +-- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
 +-- Settings under each VirtualHost entry apply *only* to that host.
 +
 + 
 +--VirtualHost "localhost"
 + 
 +-- Section for host
 + 
 +VirtualHost "xmpp.ffpi"
 +        --enabled = false -- Remove this line to enable this host
 + 
 +        -- Assign this host a certificate for TLS, otherwise it would use the one
 +        -- set in the global section (if any).
 +        -- Note that old-style SSL on port 5223 only supports one certificate, and will always
 +        -- use the global one.
 +        ssl = {
 +                key = "/etc/prosody/certs/localhost.key";
 +                certificate = "/etc/prosody/certs/localhost.crt";
 + 
 +                -- We do not want SSL2 and SSL3, no compression, no client cipher preference.
 +                options = { "no_sslv2", "no_sslv3", "no_ticket", "no_compression", "cipher_server_preference", "single_dh_use", "single_ecdh_use" };
 +                --options = { "no_sslv2", "no_sslv3", "no_ticket", "no_compression", "single_dh_use", "single_ecdh_use" };
 +                --options = { "no_sslv2", "no_sslv3", "no_compression", "cipher_server_preference" };
 +                -- Only FS (Forward Secrecy) Ciphers
 +                ciphers = "EECDH+AESGCM:EDH+AESGCM:EECDH:EDH:AES256-GCM-SHA384:AES128-GCM-SHA256:!MD5:!RC4:!LOW:!MEDIUM:!CAMELLIA:!ECDSA:!DES:!DSS:!3DES:!NULL";
 +                dhparam = "/etc/prosody/certs/dh_4096.pem";
 +                }
 +
 +
 +
 +VirtualHost "xmpp.pinneberg.freifunk.net"
 +        --enabled = false -- Remove this line to enable this host
 + 
 +        -- Assign this host a certificate for TLS, otherwise it would use the one
 +        -- set in the global section (if any).
 +        -- Note that old-style SSL on port 5223 only supports one certificate, and will always
 +        -- use the global one.
 +        ssl = {
 +                key = "/etc/prosody/certs/localhost.key";
 +                certificate = "/etc/prosody/certs/localhost.crt";
 + 
 +                -- We do not want SSL2 and SSL3, no compression, no client cipher preference.
 +                options = { "no_sslv2", "no_sslv3", "no_ticket", "no_compression", "cipher_server_preference", "single_dh_use", "single_ecdh_use" };
 +                --options = { "no_sslv2", "no_sslv3", "no_ticket", "no_compression", "single_dh_use", "single_ecdh_use" };
 +                --options = { "no_sslv2", "no_sslv3", "no_compression", "cipher_server_preference" };
 +                -- Only FS (Forward Secrecy) Ciphers
 +                ciphers = "EECDH+AESGCM:EDH+AESGCM:EECDH:EDH:AES256-GCM-SHA384:AES128-GCM-SHA256:!MD5:!RC4:!LOW:!MEDIUM:!CAMELLIA:!ECDSA:!DES:!DSS:!3DES:!NULL";
 +                dhparam = "/etc/prosody/certs/dh_4096.pem";
 +                }
 + 
 +------ Components ------
 +-- You can specify components to add hosts that provide special services,
 +-- like multi-user conferences, and transports.
 +-- For more information on components, see http://prosody.im/doc/components
 + 
 +-- Set up a MUC (multi-user chat) room server on conference.example.com:
 +--Component "conference.example.com" "muc"
 + 
 +-- Set up a SOCKS5 bytestream proxy for server-proxied file transfers:
 +--Component "proxy.example.com" "proxy65"
 + 
 +---Set up an external component (default component port is 5347)
 +--Component "gateway.example.com"
 +--        component_secret = "password"
  
-    -- Prosody XMPP Server Configuration 
-    -- 
-    -- Information on configuring Prosody can be found on our 
-    -- website at http://prosody.im/doc/configure 
-    -- 
-    -- Tip: You can check that the syntax of this file is correct 
-    -- when you have finished by running: luac -p prosody.cfg.lua 
-    -- If there are any errors, it will let you know what and where 
-    -- they are, otherwise it will keep quiet. 
-    -- 
-    -- Good luck, and happy Jabbering! 
-      
-      
-    ---------- Server-wide settings ---------- 
-    -- Settings in this section apply to the whole server and are the default settings 
-    -- for any virtual hosts 
-      
-    -- This is a (by default, empty) list of accounts that are admins 
-    -- for the server. Note that you must create the accounts separately 
-    -- (see http://prosody.im/doc/creating_accounts for info) 
-    -- Example: admins = { "user1@example.com", "user2@example.net" } 
-    admins = {} 
-      
-    -- Enable use of libevent for better performance under high load 
-    -- For more information see: http://prosody.im/doc/libevent 
-    --use_libevent = true; 
-      
-    -- This is the list of modules Prosody will load on startup. 
-    -- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too. 
-    -- Documentation on modules can be found at: http://prosody.im/doc/modules 
-    modules_enabled = { 
-      
-            -- Generally required 
-                    "roster"; -- Allow users to have a roster. Recommended ;) 
-                    "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. 
-                    "tls"; -- Add support for secure TLS on c2s/s2s connections 
-                    "dialback"; -- s2s dialback support 
-                    "disco"; -- Service discovery 
-                    "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. 
-      
-            -- Not essential, but recommended 
-                    "private"; -- Private XML storage (for room bookmarks, etc.) 
-                    "vcard"; -- Allow users to set vCards 
-      
-            -- These are commented by default as they have a performance impact 
-                    --"privacy"; -- Support privacy lists 
-                    --"compression"; -- Stream compression (requires the lua-zlib package installed) 
-      
-            -- Nice to have 
-                    "version"; -- Replies to server version requests 
-                    "uptime"; -- Report how long server has been running 
-                    "time"; -- Let others know the time here on this server 
-                    "ping"; -- Replies to XMPP pings with pongs 
-                    "pep"; -- Enables users to publish their mood, activity, playing music and more 
-                    "register"; -- Allow users to register on this server using a client and change passwords 
-      
-            -- Admin interfaces 
-                    "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands 
-                    --"admin_telnet"; -- Opens telnet console interface on localhost port 5582 
-      
-            -- HTTP modules 
-                    --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" 
-                    --"http_files"; -- Serve static files from a directory over HTTP 
-      
-            -- Other specific functionality 
-                    --"groups"; -- Shared roster support 
-                    --"announce"; -- Send announcement to all online users 
-                    --"welcome"; -- Welcome users who register accounts 
-                    --"watchregistrations"; -- Alert admins of registrations 
-                    --"motd"; -- Send a message to users when they log in 
-                    --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. 
-    }; 
-      
-    -- These modules are auto-loaded, but should you want 
-    -- to disable them then uncomment them here: 
-    modules_disabled = { 
-            -- "offline"; -- Store offline messages 
-            -- "c2s"; -- Handle client connections 
-            -- "s2s"; -- Handle server-to-server connections 
-    }; 
-      
-    -- Disable account creation by default, for security 
-    -- For more information see http://prosody.im/doc/creating_accounts 
-    allow_registration = true; 
-    whitelist_registration_only = true; 
-    registration_whitelist_starts_with = { '10.137.', 'fde8:21c6:9d82:'} 
-    registration_hosts = {'xmpp.ffpi', 'xmpp.pinneberg.freifunk.net'} 
-      
-      
-    daemonize = true; 
-    -- Required for init scripts and prosodyctl 
-    pidfile = "/var/run/prosody/prosody.pid"; 
-      
-    -- These are the SSL/TLS-related settings. If you don't want 
-    -- to use SSL/TLS, you may comment or remove this 
-    ssl = { 
-            key = "/etc/prosody/certs/localhost.key"; 
-            certificate = "/etc/prosody/certs/localhost.crt"; 
-    } 
-      
-    -- Force clients to use encrypted connections? This option will 
-    -- prevent clients from authenticating unless they are using encryption. 
-      
-    c2s_require_encryption = true 
-      
-    -- Force certificate authentication for server-to-server connections? 
-    -- This provides ideal security, but requires servers you communicate 
-    -- with to support encryption AND present valid, trusted certificates. 
-    -- NOTE: Your version of LuaSec must support certificate verification! 
-    -- For more information see http://prosody.im/doc/s2s#security 
-      
-    s2s_require_encryption = true 
-    s2s_secure_auth = false 
-      
-    -- Many servers don't support encryption or have invalid or self-signed 
-    -- certificates. You can list domains here that will not be required to 
-    -- authenticate using certificates. They will be authenticated using DNS. 
-      
-    s2s_insecure_domains = { "gmail.com" } 
-      
-    -- Even if you leave s2s_secure_auth disabled, you can still require valid 
-    -- certificates for some domains by specifying a list here. 
-      
-    s2s_secure_domains = { "jabber.org" } 
-      
-    -- Select the authentication backend to use. The 'internal' providers 
-    -- use Prosody's configured data storage to store the authentication data. 
-    -- To allow Prosody to offer secure authentication mechanisms to clients, the 
-    -- default provider stores passwords in plaintext. If you do not trust your 
-    -- server please see http://prosody.im/doc/modules/mod_auth_internal_hashed 
-    -- for information about using the hashed backend. 
-      
-    --authentication = "internal_plain" 
-      
-    -- we want passwords to be hashed on disk! 
-    authentication = "internal_hashed" 
-      
-    -- Select the storage backend to use. By default Prosody uses flat files 
-    -- in its configured data directory, but it also supports more backends 
-    -- through modules. An "sql" backend is included by default, but requires 
-    -- additional dependencies. See http://prosody.im/doc/storage for more info. 
-      
-    --storage = "sql" -- Default is "internal" 
-      
-    -- For the "sql" backend, you can uncomment *one* of the below to configure: 
-    --sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename. 
-    --sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } 
-    --sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } 
-      
-    -- Logging configuration 
-    -- For advanced logging see http://prosody.im/doc/logging 
-    log = { 
-            info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging 
-            error = "/var/log/prosody/prosody.err"; 
-           -- Syslog: 
-           { levels = { "error" }; to = "syslog";  }; 
-    --        "*syslog"; 
-    } 
-      
-    ----------- Virtual hosts ----------- 
-    -- You need to add a VirtualHost entry for each domain you wish Prosody to serve. 
-    -- Settings under each VirtualHost entry apply *only* to that host. 
-      
-    VirtualHost "localhost" 
-      
-    -- Section for host 
-      
-    VirtualHost "hier der domain name" 
-            --enabled = false -- Remove this line to enable this host 
-      
-            -- Assign this host a certificate for TLS, otherwise it would use the one 
-            -- set in the global section (if any). 
-            -- Note that old-style SSL on port 5223 only supports one certificate, and will always 
-            -- use the global one. 
-            ssl = { 
-                    key = "/etc/prosody/certs/domain_name_dec.de.key"; 
-                    certificate = "/etc/prosody/certs/domain_name.de_chain.pem"; 
-      
-                    -- We do not want SSL2 and SSL3, no compression, no client cipher preference. 
-                    options = { "no_sslv2", "no_sslv3", "no_ticket", "no_compression", "cipher_server_preference", "single_dh_use", "single_ecdh_use" }; 
-                    --options = { "no_sslv2", "no_sslv3", "no_ticket", "no_compression", "single_dh_use", "single_ecdh_use" }; 
-                    --options = { "no_sslv2", "no_sslv3", "no_compression", "cipher_server_preference" }; 
-                    -- Only FS (Forward Secrecy) Ciphers 
-                    ciphers = "EECDH+AESGCM:EDH+AESGCM:EECDH:EDH:AES256-GCM-SHA384:AES128-GCM-SHA256:!MD5:!RC4:!LOW:!MEDIUM:!CAMELLIA:!ECDSA:!DES:!DSS:!3DES:!NULL"; 
-                    dhparam = "/etc/prosody/certs/dh_4096.pem"; 
-                    } 
-      
-    ------ Components ------ 
-    -- You can specify components to add hosts that provide special services, 
-    -- like multi-user conferences, and transports. 
-    -- For more information on components, see http://prosody.im/doc/components 
-      
-    -- Set up a MUC (multi-user chat) room server on conference.example.com: 
-    --Component "conference.example.com" "muc" 
-      
-    -- Set up a SOCKS5 bytestream proxy for server-proxied file transfers: 
-    --Component "proxy.example.com" "proxy65" 
-      
-    ---Set up an external component (default component port is 5347) 
-    --Component "gateway.example.com" 
-    --        component_secret = "password" 
 </file> </file>
  
Zeile 322: Zeile 318:
 ===== Abschluss ===== ===== Abschluss =====
  
-Anschließend Prosody einmal neustarten+Abschließend Prosody einmal neustarten
  
   service prosody restart   service prosody restart
  
  
prosody.1450986738.txt.gz · Zuletzt geändert: 24.12.2015 20:52 von x1lent