Compare commits
No commits in common. "0de34e5f74f842e7d2b4ab2e6905e78346152e89" and "73838d1aa545beee8291721054a2d44fccb9701a" have entirely different histories.
0de34e5f74
...
73838d1aa5
1
.gitignore
vendored
1
.gitignore
vendored
@ -3,6 +3,5 @@ certs/
|
||||
extras/matterbridge/*.t*
|
||||
tests/certs/
|
||||
tests/venv/
|
||||
tests/bats/*
|
||||
tests/__pycache__/
|
||||
*.swp
|
||||
|
11
CHANGELOG.md
11
CHANGELOG.md
@ -1,16 +1,5 @@
|
||||
# Changelog
|
||||
|
||||
## Unreleased 2024-05-05
|
||||
|
||||
### Adjust config
|
||||
|
||||
* Replace deprecated legacy_ssl with c2s_direct_tls.
|
||||
* Removed use_libevent = true. This means the default is now used which is epoll.
|
||||
|
||||
### Test
|
||||
|
||||
Added a test to check that no deprecated config settings are used.
|
||||
|
||||
## v1.3.2
|
||||
|
||||
* Added Firewall module with optional custom blacklist
|
||||
|
@ -102,13 +102,13 @@ COPY *.bash /usr/local/bin/
|
||||
|
||||
RUN download-prosody-modules.bash \
|
||||
&& docker-prosody-module-install.bash \
|
||||
#bookmarks `# XEP-0411: Bookmarks Conversion` \
|
||||
#carbons `# message carbons (XEP-0280)` \
|
||||
bookmarks `# XEP-0411: Bookmarks Conversion` \
|
||||
carbons `# message carbons (XEP-0280)` \
|
||||
cloud_notify `# XEP-0357: Push Notifications` \
|
||||
#csi `# client state indication (XEP-0352)` \
|
||||
csi `# client state indication (XEP-0352)` \
|
||||
e2e_policy `# require end-2-end encryption` \
|
||||
filter_chatstates `# disable "X is typing" type messages` \
|
||||
#smacks `# stream management (XEP-0198)` \
|
||||
smacks `# stream management (XEP-0198)` \
|
||||
throttle_presence `# presence throttling in CSI` \
|
||||
vcard_muc `# XEP-0153: vCard-Based Avatar (MUC)` \
|
||||
firewall `# anti-spam firewall` \
|
||||
|
@ -6,11 +6,11 @@ local domain_pubsub = os.getenv("DOMAIN_PUBSUB")
|
||||
|
||||
-- XEP-0368: SRV records for XMPP over TLS
|
||||
-- https://compliance.conversations.im/test/xep0368/
|
||||
c2s_direct_tls_ssl = {
|
||||
certificate = "certs/" .. domain .. "/fullchain.pem";
|
||||
legacy_ssl_ssl = {
|
||||
certificate = "certs/" .. domain .. "/fullchain.pem";
|
||||
key = "certs/" .. domain .. "/privkey.pem";
|
||||
}
|
||||
c2s_direct_tls_ports = { 5223 }
|
||||
legacy_ssl_ports = { 5223 }
|
||||
|
||||
-- https://prosody.im/doc/certificates#service_certificates
|
||||
-- https://prosody.im/doc/ports#ssl_configuration
|
||||
|
@ -1,12 +1,14 @@
|
||||
-- see example config at https://hg.prosody.im/-1.9/file/0.9.10/prosody.cfg.lua.dist
|
||||
-- easily extendable by putting into different config files within conf.d folder
|
||||
|
||||
local stringy = require "stringy"
|
||||
local stringy = require "stringy"
|
||||
|
||||
admins = stringy.split(os.getenv("PROSODY_ADMINS"), ", ");
|
||||
|
||||
pidfile = "/var/run/prosody/prosody.pid"
|
||||
|
||||
use_libevent = true; -- improves performance
|
||||
|
||||
allow_registration = os.getenv("ALLOW_REGISTRATION");
|
||||
|
||||
c2s_require_encryption = os.getenv("C2S_REQUIRE_ENCRYPTION");
|
||||
|
@ -1,6 +1,8 @@
|
||||
version: "3.9"
|
||||
|
||||
services:
|
||||
prosody:
|
||||
image: prosody/xmpp:latest
|
||||
image: prosody
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "5000:5000"
|
||||
@ -17,7 +19,7 @@ services:
|
||||
- ./certs:/usr/local/etc/prosody/certs
|
||||
|
||||
prosody_postgres:
|
||||
image: prosody/xmpp:latest
|
||||
image: prosody
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "5000:5000"
|
||||
@ -51,7 +53,7 @@ services:
|
||||
POSTGRES_PASSWORD: prosody
|
||||
|
||||
prosody_ldap:
|
||||
image: prosody/xmpp:latest
|
||||
image: prosody
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "5000:5000"
|
||||
|
@ -57,8 +57,8 @@ load 'bats/bats-assert/load'
|
||||
assert_output
|
||||
}
|
||||
|
||||
@test "Should activate c2s_direct_tls" {
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'c2s_direct_tls' on (\[::\]:5223|\[\*\]:5223), (\[::\]:5223|\[\*\]:5223)\""
|
||||
@test "Should activate legacy_ssl" {
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'legacy_ssl' on (\[::\]:5223|\[\*\]:5223), (\[::\]:5223|\[\*\]:5223)\""
|
||||
assert_success
|
||||
assert_output
|
||||
}
|
||||
@ -82,17 +82,7 @@ load 'bats/bats-assert/load'
|
||||
}
|
||||
|
||||
@test "Should show upload URL" {
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep \"Serving 'file_share' at https:\/\/upload.example.com:5281\/file_share\""
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep \"URL: <https:\/\/upload.example.com:5281\/upload> - Ensure this can be reached by users\""
|
||||
assert_success
|
||||
assert_output
|
||||
}
|
||||
|
||||
@test "Should not use deprecated config" {
|
||||
run bash -c "sudo docker-compose exec $batsContainerName /bin/bash -c \"/entrypoint.bash check\" | grep 'deprecated' -A 3"
|
||||
assert_failure
|
||||
}
|
||||
|
||||
@test "Should not have warnings in log" {
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"warn\""
|
||||
assert_failure
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user