v1.3.2
This commit is contained in:
parent
d8d9fd9e67
commit
e7fa66e938
@ -1,5 +1,9 @@
|
||||
# Changelog
|
||||
|
||||
## v1.3.2
|
||||
|
||||
* Added Firewall module with optional custom blacklist
|
||||
|
||||
## v1.3.1
|
||||
|
||||
* Added optional Firewall module for testing
|
||||
|
@ -111,7 +111,6 @@ RUN download-prosody-modules.bash \
|
||||
smacks `# stream management (XEP-0198)` \
|
||||
throttle_presence `# presence throttling in CSI` \
|
||||
vcard_muc `# XEP-0153: vCard-Based Avatar (MUC)` \
|
||||
&& docker-prosody-module-pre-install.bash \
|
||||
firewall `# anti-spam firewall` \
|
||||
&& rm -rf "/usr/src/prosody-modules"
|
||||
RUN echo "TLS_REQCERT allow" >> /etc/ldap/ldap.conf
|
||||
|
@ -1,7 +1,8 @@
|
||||
plugin_paths = { "/usr/local/lib/prosody/custom-modules/" };
|
||||
|
||||
-- table of enabled modules
|
||||
local mods_enabled = {
|
||||
-- local mods_enabled = {
|
||||
modules_enabled = {
|
||||
-- Generally required
|
||||
"roster"; -- Allow users to have a roster. Recommended ;)
|
||||
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
|
||||
@ -48,19 +49,7 @@ local mods_enabled = {
|
||||
"server_contact_info"; -- This module lets you advertise various contact addresses for your XMPP service via XEP-0157.
|
||||
};
|
||||
|
||||
local enabled = os.getenv("ENABLE_FIREWALL") or "false"
|
||||
local spam_blocklist = os.getenv("SPAM_BLOCKLIST") and "/usr/local/etc/prosody/firewall/" .. os.getenv("SPAM_BLOCKLIST") or "module:scripts/spam-blocklists.pfw"
|
||||
|
||||
if(enabled == "true")
|
||||
then
|
||||
table.insert(mods_enabled, "firewall");
|
||||
|
||||
firewall_scripts = {
|
||||
spam_blocklist;
|
||||
}
|
||||
end
|
||||
|
||||
modules_enabled = mods_enabled;
|
||||
-- modules_enabled = mods_enabled;
|
||||
|
||||
-- These modules are auto-loaded, but should you want
|
||||
-- to disable them then uncomment them here:
|
||||
@ -69,4 +58,3 @@ modules_disabled = {
|
||||
-- "c2s"; -- Handle client connections
|
||||
-- "s2s"; -- Handle server-to-server connections
|
||||
};
|
||||
|
||||
|
@ -43,7 +43,13 @@ for ext in $exts; do
|
||||
# Skip this if the modules should not be added to modules_enabled.
|
||||
if [ "$ext" != "http_upload" ] && [ "$ext" != "vcard_muc" ] ; then
|
||||
echo " - enabling within ${config}"
|
||||
new_config=$(cat "${config}" | module="${ext}" perl -0pe 's/(mods_enabled[ ]*=[ ]*{[^}]*)};/$1\n\t"$ENV{module}";\n};/')
|
||||
new_config=$(cat "${config}" | module="${ext}" perl -0pe 's/(modules_enabled[ ]*=[ ]*{[^}]*)};/$1\n\t"$ENV{module}";\n};/')
|
||||
echo "${new_config}" > "${config}"
|
||||
fi
|
||||
# firewall module configuration
|
||||
if [ "$ext" == "firewall" ] ; then
|
||||
echo " - setting up mod_${ext}"
|
||||
new_config=$(cat "${config}" | echo -e "\nlocal spam_blocklist = os.getenv(\"SPAM_BLOCKLIST\") and \"/usr/local/etc/prosody/firewall/\" .. os.getenv(\"SPAM_BLOCKLIST\") or \"module:scripts/spam-blocklists.pfw\"\n\nfirewall_scripts = {\n\tspam_blocklist;\n};")
|
||||
echo "${new_config}" >> "${config}"
|
||||
fi
|
||||
done
|
||||
|
@ -1,42 +0,0 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
source="/usr/src/prosody-modules"
|
||||
target="/usr/local/lib/prosody/custom-modules"
|
||||
|
||||
cd ${source}
|
||||
|
||||
usage() {
|
||||
echo "usage: $0 ext-name [ext-name ...]"
|
||||
echo " ie: $0 carbons e2e_policy proxy65"
|
||||
echo
|
||||
echo 'Possible values for ext-name:'
|
||||
find . -mindepth 1 -maxdepth 1 -type d | sort | sed s/\.\\/mod_//g | xargs
|
||||
}
|
||||
|
||||
exts=
|
||||
for ext; do
|
||||
if [ -z "mod_$ext" ]; then
|
||||
continue
|
||||
fi
|
||||
if [ ! -d "mod_$ext" ]; then
|
||||
echo >&2 "error: $PWD/mod_$ext does not exist"
|
||||
echo >&2
|
||||
usage >&2
|
||||
exit 1
|
||||
fi
|
||||
exts="$exts $ext"
|
||||
done
|
||||
|
||||
if [ -z "$exts" ]; then
|
||||
usage >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
for ext in $exts; do
|
||||
echo "Installing mod_${ext}"
|
||||
|
||||
echo " - copying to ${target}"
|
||||
cp -r "${source}/mod_${ext}" "${target}/"
|
||||
|
||||
done
|
@ -2,13 +2,16 @@ bashtel.ru
|
||||
creep.im
|
||||
darkengine.biz
|
||||
default.rs
|
||||
exploit.im
|
||||
hiddenlizard.org
|
||||
jabber.bitactive.com
|
||||
jabber.cd
|
||||
jabber.cz
|
||||
jabber.freenet.de
|
||||
jabber.ipredator.se
|
||||
jabber.npw.net
|
||||
jabber.sampo.ru
|
||||
jabbim.pl
|
||||
labas.biz
|
||||
otr.chat
|
||||
paranoid.scarab.name
|
||||
|
@ -246,7 +246,6 @@ sudo chown 999:999 ./data
|
||||
| **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:security@**DOMAIN**" |
|
||||
| **SERVER_CONTACT_INFO_SUPPORT** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:support@**DOMAIN**" |
|
||||
| **PROSODY_ADMINS** | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net" | *optional* | "" |
|
||||
| **ENABLE_FIREWALL** | Enable Firewall module | *optional* | false |
|
||||
| **SPAM_BLOCKLIST** | Blacklist to use with Firewall module. Eg. "custom-blocklist.pfw" | *optional* | |
|
||||
|
||||
#### DNS
|
||||
|
Loading…
Reference in New Issue
Block a user