From c859ea8aeb624529bf61e0e9cd842e8709845336 Mon Sep 17 00:00:00 2001 From: aitzol Date: Fri, 2 Jan 2026 16:51:53 +0100 Subject: [PATCH] Lua 5.4, Luarocks 3.12.2 and Prosody 0.12.5 --- CHANGELOG.md | 7 +++++++ Dockerfile | 28 +++++++++++++------------ conf.d/02-storage.cfg.lua | 4 ++-- conf.d/03-e2e-policy.cfg.lua | 12 +++++++++-- conf.d/04-server_contact_info.cfg.lua | 30 ++++++++++++++++++++------- readme.md | 25 ++++++++++++---------- 6 files changed, 71 insertions(+), 35 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 742f3b1..f82627a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,13 @@ Added a test to check that no deprecated config settings are used. +## v 1.3.3 + +* Updated to LuaRocks 3.12.2 +* Updated to Lua 5.4 +* Updated to Prosody 0.12.5 +* Removed unused luarocks + ## v1.3.2 * Added Firewall module with optional custom blacklist diff --git a/Dockerfile b/Dockerfile index ba9b491..5cecb62 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,11 +4,11 @@ ARG BUILD_DATE ARG VCS_REF ARG VERSION -ARG LUAROCKS_VERSION=3.9.2 -ARG PROSODY_VERSION=0.12.4 +ARG LUAROCKS_VERSION=3.12.2 +ARG PROSODY_VERSION=0.12.5 -ARG LUAROCKS_SHA256="bca6e4ecc02c203e070acdb5f586045d45c078896f6236eb46aa33ccd9b94edb" -ARG PROSODY_DOWNLOAD_SHA256="47d712273c2f29558c412f6cdaec073260bbc26b7dda243db580330183d65856" +ARG LUAROCKS_SHA256="b0e0c85205841ddd7be485f53d6125766d18a81d226588d2366931e9a1484492" +ARG PROSODY_DOWNLOAD_SHA256="778fb7707a0f10399595ba7ab9c66dd2a2288c0ae3a7fe4ab78f97d462bd399f" LABEL luarocks.version="${LUAROCKS_VERSION}" LABEL org.opencontainers.image.authors="Wproject Garapenak" @@ -30,7 +30,8 @@ RUN apt-get update \ libidn2-0 \ libpq-dev \ libsqlite3-0 \ - lua5.2 \ + lua5.4 \ + liblua5.4-dev \ lua-bitop \ lua-dbi-mysql \ lua-dbi-postgresql \ @@ -73,11 +74,11 @@ RUN buildDeps='gcc git libc6-dev libidn2-dev liblua5.2-dev libsqlite3-dev libssl && make bootstrap \ && cd / && rm -r /usr/src/luarocks \ \ - && luarocks install luaevent \ + # && luarocks install luaevent \ && luarocks install luadbi \ `#&& luarocks install luadbi-mysql MYSQL_INCDIR=/usr/include/mariadb/` \ && luarocks install luadbi-sqlite3 \ - && luarocks install stringy \ + # && luarocks install stringy \ \ && apt-get purge -y --auto-remove $buildDeps @@ -90,7 +91,7 @@ RUN groupadd -r prosody \ RUN mkdir -p /var/run/prosody/ \ && chown prosody:prosody /var/run/prosody/ -ENV __FLUSH_LOG yes +ENV __FLUSH_LOG=yes VOLUME ["/usr/local/var/lib/prosody"] @@ -102,16 +103,17 @@ COPY *.bash /usr/local/bin/ RUN download-prosody-modules.bash \ && docker-prosody-module-install.bash \ - #bookmarks `# XEP-0411: Bookmarks Conversion` \ - #carbons `# message carbons (XEP-0280)` \ + bookmarks `# XEP-0411: Bookmarks Conversion` \ + carbons `# message carbons (XEP-0280)` \ cloud_notify `# XEP-0357: Push Notifications` \ - #csi `# client state indication (XEP-0352)` \ + csi `# client state indication (XEP-0352)` \ e2e_policy `# require end-2-end encryption` \ filter_chatstates `# disable "X is typing" type messages` \ - #smacks `# stream management (XEP-0198)` \ + smacks `# stream management (XEP-0198)` \ throttle_presence `# presence throttling in CSI` \ vcard_muc `# XEP-0153: vCard-Based Avatar (MUC)` \ - firewall `# anti-spam firewall` \ + #&& docker-prosody-module-pre-install.bash \ + firewall `# anti-spam firewall` \ && rm -rf "/usr/src/prosody-modules" RUN echo "TLS_REQCERT allow" >> /etc/ldap/ldap.conf diff --git a/conf.d/02-storage.cfg.lua b/conf.d/02-storage.cfg.lua index 9c49b4a..b933cf2 100644 --- a/conf.d/02-storage.cfg.lua +++ b/conf.d/02-storage.cfg.lua @@ -1,8 +1,8 @@ default_storage = "sql" sql = { - driver = os.getenv("DB_DRIVER"); - database = os.getenv("DB_DATABASE"); + driver = os.getenv("DB_DRIVER") or "SQLite3"; + database = os.getenv("DB_DATABASE") or "prosody.sqlite"; host = os.getenv("DB_HOST"); port = os.getenv("DB_PORT"); username = os.getenv("DB_USERNAME"); diff --git a/conf.d/03-e2e-policy.cfg.lua b/conf.d/03-e2e-policy.cfg.lua index 88a7ca8..5168855 100644 --- a/conf.d/03-e2e-policy.cfg.lua +++ b/conf.d/03-e2e-policy.cfg.lua @@ -1,8 +1,16 @@ -local stringy = require "stringy" +local function _split(s, sep) + if not s then return nil; end + sep = sep or ","; + local parts = {}; + for part in s:gmatch("[^"..sep.."]+") do + parts[#parts+1] = part; + end + return parts; +end e2e_policy_chat = os.getenv("E2E_POLICY_CHAT") e2e_policy_muc = os.getenv("E2E_POLICY_MUC") -e2e_policy_whitelist = stringy.split(os.getenv("E2E_POLICY_WHITELIST"), ", ") +e2e_policy_whitelist = _split(os.getenv("E2E_POLICY_WHITELIST"), ", ") e2e_policy_message_optional_chat = "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for conversations on this server." e2e_policy_message_required_chat = "For security reasons, OMEMO, OTR or PGP encryption is required for conversations on this server." e2e_policy_message_optional_muc = "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for MUC on this server." diff --git a/conf.d/04-server_contact_info.cfg.lua b/conf.d/04-server_contact_info.cfg.lua index 341edf5..d6c845c 100644 --- a/conf.d/04-server_contact_info.cfg.lua +++ b/conf.d/04-server_contact_info.cfg.lua @@ -1,12 +1,28 @@ -local stringy = require "stringy" +local function _split(s, sep) + if not s then return nil; end + sep = sep or ","; + local parts = {}; + for part in s:gmatch("[^"..sep.."]+") do + parts[#parts+1] = part; + end + return parts; +end + +local domain = os.getenv("DOMAIN") +local abuse = os.getenv("SERVER_CONTACT_INFO_ABUSE") or "xmpp:abuse@" .. domain +local admin = os.getenv("SERVER_CONTACT_INFO_ADMIN") or "xmpp:admin@" .. domain +local feedback = os.getenv("SERVER_CONTACT_INFO_FEEDBACK") or "xmpp:feedback@" .. domain +local sales = os.getenv("SERVER_CONTACT_INFO_SALES") or "xmpp:sales@" .. domain +local security = os.getenv("SERVER_CONTACT_INFO_SECURITY") or "xmpp:security@" .. domain +local support = os.getenv("SERVER_CONTACT_INFO_SUPPORT") or "xmpp:support@" .. domain contact_info = { - abuse = stringy.split(os.getenv("SERVER_CONTACT_INFO_ABUSE"), ", "); - admin = stringy.split(os.getenv("SERVER_CONTACT_INFO_ADMIN"), ", "); - feedback = stringy.split(os.getenv("SERVER_CONTACT_INFO_FEEDBACK"), ", "); - sales = stringy.split(os.getenv("SERVER_CONTACT_INFO_SALES"), ", "); - security = stringy.split(os.getenv("SERVER_CONTACT_INFO_SECURITY"), ", "); - support = stringy.split(os.getenv("SERVER_CONTACT_INFO_SUPPORT"), ", "); + abuse = _split(abuse, ", "); + admin = _split(admin, ", "); + feedback = _split(feedback, ", "); + sales = _split(sales, ", "); + security = _split(security, ", "); + support = _split(support, ", "); } welcome_message = "Kaixo $username, ongi etorri $host IM zerbitzura! Mesedez irakurri itzazu ondorengo Erabilpen baldintzak." diff --git a/readme.md b/readme.md index 706516c..7d52d05 100644 --- a/readme.md +++ b/readme.md @@ -1,5 +1,14 @@ # Prosody XMPP Docker image +![Docker](https://github.com/SaraSmiseth/prosody/workflows/Docker/badge.svg?branch=dev) +![Git repository size](https://img.shields.io/github/repo-size/SaraSmiseth/prosody) +[![Docker image](https://images.microbadger.com/badges/image/sarasmiseth/prosody:latest.svg)](https://microbadger.com/images/sarasmiseth/prosody:latest) +[![Docker version](https://images.microbadger.com/badges/version/sarasmiseth/prosody.svg)](https://microbadger.com/images/sarasmiseth/prosody:latest) +[![Docker pulls](https://img.shields.io/docker/pulls/sarasmiseth/prosody.svg)](https://hub.docker.com/r/sarasmiseth/prosody/) +[![Docker stars](https://img.shields.io/docker/stars/sarasmiseth/prosody.svg)](https://hub.docker.com/r/sarasmiseth/prosody/) +[![Github open issues](https://img.shields.io/github/issues-raw/SaraSmiseth/prosody)](https://github.com/SaraSmiseth/prosody/issues) +[![Github open pull requests](https://img.shields.io/github/issues-pr-raw/SaraSmiseth/prosody)](https://github.com/SaraSmiseth/prosody/pulls) + This docker image forked from [SaraSmiseth](https://github.com/SaraSmiseth)'s [repository](https://github.com/SaraSmiseth/prosody) provides you with a configured [Prosody](https://prosody.im/) XMPP server. Includes the _prosody-migrator_ tool for data migrations between different database types and there is also an option to create a bridges between the XMPP server and the most popular messaging services like Telegram or Matrix, via [Matterbridge](https://github.com/42wim/matterbridge). The image is based on `debian:bookworm-slim`. The server was tested using the Android App [Conversations](https://conversations.im/) and the Desktop client [Gajim](https://gajim.org). Multiple [architectures](https://hub.docker.com/r/sarasmiseth/prosody/tags) are supported. I use it on my raspberry pi 4. @@ -45,7 +54,7 @@ While Conversations got everything set-up out-of-the-box, Gajim was used with th * Secure by default * SSL certificate required * End-to-end encryption required (using [OMEMO](https://conversations.im/omemo/) or [OTR](https://en.wikipedia.org/wiki/Off-the-Record_Messaging)) - * Anti-spam filter (based on [Firewall](https://modules.prosody.im/mod_firewall) module) + * Anti-spam filter (based on the pre-installed [Firewall](https://modules.prosody.im/mod_firewall) module) * Data storage * SQLite message store * Configured file upload and image sharing @@ -149,11 +158,9 @@ docker build -t prosody/xmpp . Next I recommend using a ```docker-compose.yml``` file: ```yaml -version: '3.9' - services: server: - image: sarasmiseth/prosody:latest + image: prosody/xmpp:latest restart: unless-stopped ports: - "5000:5000" @@ -168,9 +175,9 @@ services: - ./data:/usr/local/var/lib/prosody ``` -Boot it via: ```docker-compose up -d```. +Boot it via: ```docker compose up -d```. -Inspect logs: ```docker-compose logs -f```. +Inspect logs: ```docker compose logs -f```. ### Volumes permissions @@ -237,6 +244,7 @@ sudo chown 999:999 ./data | **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:security@**DOMAIN**" | | **SERVER_CONTACT_INFO_SUPPORT** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:support@**DOMAIN**" | | **PROSODY_ADMINS** | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net" | *optional* | "" | +| **ENABLE_FIREWALL** | Enable Firewall module | *optional* | false | | **SPAM_BLOCKLIST** | Blacklist to use with Firewall module. Eg. "custom-blocklist.pfw" | *optional* | | #### DNS @@ -262,11 +270,6 @@ There is also ```docker-prosody-module-pre-install.bash``` which downloads the s If you need additional configuration just overwrite the respective _cfg.lua_ file or add new ones. -#### Firewall module -By default, the Firewall module obtains the list of spamming used known domains through the CDN service provided by [cdn.jsdelivr.net](https://cdn.jsdelivr.net/) at https://cdn.jsdelivr.net/gh/jabberspam/blacklist/blacklist.txt , but additionally a custom blacklist can be used through the ```SPAM_BLOCKLIST``` environment variable. - -If you need more sophisticated rules, please refer to the module [documentation](https://modules.prosody.im/mod_firewall). - ### Upgrade When migrating from prosody 0.10, you need to update the database once: