aitzol/prosody-docker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: aitzol:0de34e5f74f842e7d2b4ab2e6905e78346152e89
Branches Tags
aitzol:main
aitzol:v1.3.2
aitzol:v1.3.1
aitzol:v1.3.0
aitzol:v1.2.9
..
compare: aitzol:73838d1aa545beee8291721054a2d44fccb9701a
Branches Tags
aitzol:main
aitzol:v1.3.2
aitzol:v1.3.1
aitzol:v1.3.0
aitzol:v1.2.9

No commits in common. "0de34e5f74f842e7d2b4ab2e6905e78346152e89" and "73838d1aa545beee8291721054a2d44fccb9701a" have entirely different histories.
0de34e5f74 ... 73838d1aa5

7 changed files with 18 additions and 36 deletions
Show Stats Expand all files Collapse all files

1
.gitignore vendored
View File

@ -3,6 +3,5 @@ certs/
extras/matterbridge/*.t* extras/matterbridge/*.t*
tests/certs/ tests/certs/
tests/venv/ tests/venv/
tests/bats/*
tests/__pycache__/ tests/__pycache__/
*.swp *.swp

11
CHANGELOG.md
View File

@ -1,16 +1,5 @@
# Changelog # Changelog
## Unreleased 2024-05-05
### Adjust config
* Replace deprecated legacy_ssl with c2s_direct_tls.
* Removed use_libevent = true. This means the default is now used which is epoll.
### Test
Added a test to check that no deprecated config settings are used.
## v1.3.2 ## v1.3.2
* Added Firewall module with optional custom blacklist * Added Firewall module with optional custom blacklist

8
Dockerfile
View File

@ -102,13 +102,13 @@ COPY *.bash /usr/local/bin/
RUN download-prosody-modules.bash \ RUN download-prosody-modules.bash \
&& docker-prosody-module-install.bash \ && docker-prosody-module-install.bash \
#bookmarks `# XEP-0411: Bookmarks Conversion` \ bookmarks `# XEP-0411: Bookmarks Conversion` \
#carbons `# message carbons (XEP-0280)` \ carbons `# message carbons (XEP-0280)` \
cloud_notify `# XEP-0357: Push Notifications` \ cloud_notify `# XEP-0357: Push Notifications` \
#csi `# client state indication (XEP-0352)` \ csi `# client state indication (XEP-0352)` \
e2e_policy `# require end-2-end encryption` \ e2e_policy `# require end-2-end encryption` \
filter_chatstates `# disable "X is typing" type messages` \ filter_chatstates `# disable "X is typing" type messages` \
#smacks `# stream management (XEP-0198)` \ smacks `# stream management (XEP-0198)` \
throttle_presence `# presence throttling in CSI` \ throttle_presence `# presence throttling in CSI` \
vcard_muc `# XEP-0153: vCard-Based Avatar (MUC)` \ vcard_muc `# XEP-0153: vCard-Based Avatar (MUC)` \
firewall `# anti-spam firewall` \ firewall `# anti-spam firewall` \

6
conf.d/05-vhost.cfg.lua
View File

@ -6,11 +6,11 @@ local domain_pubsub = os.getenv("DOMAIN_PUBSUB")
-- XEP-0368: SRV records for XMPP over TLS -- XEP-0368: SRV records for XMPP over TLS
-- https://compliance.conversations.im/test/xep0368/ -- https://compliance.conversations.im/test/xep0368/
c2s_direct_tls_ssl = { legacy_ssl_ssl = {
certificate = "certs/" .. domain .. "/fullchain.pem"; certificate = "certs/" .. domain .. "/fullchain.pem";
key = "certs/" .. domain .. "/privkey.pem"; key = "certs/" .. domain .. "/privkey.pem";
} }
c2s_direct_tls_ports = { 5223 } legacy_ssl_ports = { 5223 }
-- https://prosody.im/doc/certificates#service_certificates -- https://prosody.im/doc/certificates#service_certificates
-- https://prosody.im/doc/ports#ssl_configuration -- https://prosody.im/doc/ports#ssl_configuration

4
prosody.cfg.lua
View File

@ -1,12 +1,14 @@
-- see example config at https://hg.prosody.im/-1.9/file/0.9.10/prosody.cfg.lua.dist -- see example config at https://hg.prosody.im/-1.9/file/0.9.10/prosody.cfg.lua.dist
-- easily extendable by putting into different config files within conf.d folder -- easily extendable by putting into different config files within conf.d folder
local stringy = require "stringy" local stringy = require "stringy"
admins = stringy.split(os.getenv("PROSODY_ADMINS"), ", "); admins = stringy.split(os.getenv("PROSODY_ADMINS"), ", ");
pidfile = "/var/run/prosody/prosody.pid" pidfile = "/var/run/prosody/prosody.pid"
use_libevent = true; -- improves performance
allow_registration = os.getenv("ALLOW_REGISTRATION"); allow_registration = os.getenv("ALLOW_REGISTRATION");
c2s_require_encryption = os.getenv("C2S_REQUIRE_ENCRYPTION"); c2s_require_encryption = os.getenv("C2S_REQUIRE_ENCRYPTION");

8
tests/docker-compose.yml
View File

@ -1,6 +1,8 @@
version: "3.9"
services: services:
prosody: prosody:
image: prosody/xmpp:latest image: prosody
restart: unless-stopped restart: unless-stopped
ports: ports:
- "5000:5000" - "5000:5000"
@ -17,7 +19,7 @@ services:
- ./certs:/usr/local/etc/prosody/certs - ./certs:/usr/local/etc/prosody/certs
prosody_postgres: prosody_postgres:
image: prosody/xmpp:latest image: prosody
restart: unless-stopped restart: unless-stopped
ports: ports:
- "5000:5000" - "5000:5000"
@ -51,7 +53,7 @@ services:
POSTGRES_PASSWORD: prosody POSTGRES_PASSWORD: prosody
prosody_ldap: prosody_ldap:
image: prosody/xmpp:latest image: prosody
restart: unless-stopped restart: unless-stopped
ports: ports:
- "5000:5000" - "5000:5000"

16
tests/tests.bats
View File

@ -57,8 +57,8 @@ load 'bats/bats-assert/load'
assert_output assert_output
} }
@test "Should activate c2s_direct_tls" { @test "Should activate legacy_ssl" {
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'c2s_direct_tls' on (\[::\]:5223|\[\*\]:5223), (\[::\]:5223|\[\*\]:5223)\"" run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'legacy_ssl' on (\[::\]:5223|\[\*\]:5223), (\[::\]:5223|\[\*\]:5223)\""
assert_success assert_success
assert_output assert_output
} }
@ -82,17 +82,7 @@ load 'bats/bats-assert/load'
} }
@test "Should show upload URL" { @test "Should show upload URL" {
run bash -c "sudo docker-compose logs $batsContainerName | grep \"Serving 'file_share' at https:\/\/upload.example.com:5281\/file_share\"" run bash -c "sudo docker-compose logs $batsContainerName | grep \"URL: <https:\/\/upload.example.com:5281\/upload> - Ensure this can be reached by users\""
assert_success assert_success
assert_output assert_output
} }
@test "Should not use deprecated config" {
run bash -c "sudo docker-compose exec $batsContainerName /bin/bash -c \"/entrypoint.bash check\" | grep 'deprecated' -A 3"
assert_failure
}
@test "Should not have warnings in log" {
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"warn\""
assert_failure
}