Compare commits
3 Commits
73838d1aa5
...
0de34e5f74
Author | SHA1 | Date | |
---|---|---|---|
0de34e5f74 | |||
4857ee42e9 | |||
da5371f30f |
1
.gitignore
vendored
1
.gitignore
vendored
@ -3,5 +3,6 @@ certs/
|
|||||||
extras/matterbridge/*.t*
|
extras/matterbridge/*.t*
|
||||||
tests/certs/
|
tests/certs/
|
||||||
tests/venv/
|
tests/venv/
|
||||||
|
tests/bats/*
|
||||||
tests/__pycache__/
|
tests/__pycache__/
|
||||||
*.swp
|
*.swp
|
||||||
|
11
CHANGELOG.md
11
CHANGELOG.md
@ -1,5 +1,16 @@
|
|||||||
# Changelog
|
# Changelog
|
||||||
|
|
||||||
|
## Unreleased 2024-05-05
|
||||||
|
|
||||||
|
### Adjust config
|
||||||
|
|
||||||
|
* Replace deprecated legacy_ssl with c2s_direct_tls.
|
||||||
|
* Removed use_libevent = true. This means the default is now used which is epoll.
|
||||||
|
|
||||||
|
### Test
|
||||||
|
|
||||||
|
Added a test to check that no deprecated config settings are used.
|
||||||
|
|
||||||
## v1.3.2
|
## v1.3.2
|
||||||
|
|
||||||
* Added Firewall module with optional custom blacklist
|
* Added Firewall module with optional custom blacklist
|
||||||
|
@ -102,13 +102,13 @@ COPY *.bash /usr/local/bin/
|
|||||||
|
|
||||||
RUN download-prosody-modules.bash \
|
RUN download-prosody-modules.bash \
|
||||||
&& docker-prosody-module-install.bash \
|
&& docker-prosody-module-install.bash \
|
||||||
bookmarks `# XEP-0411: Bookmarks Conversion` \
|
#bookmarks `# XEP-0411: Bookmarks Conversion` \
|
||||||
carbons `# message carbons (XEP-0280)` \
|
#carbons `# message carbons (XEP-0280)` \
|
||||||
cloud_notify `# XEP-0357: Push Notifications` \
|
cloud_notify `# XEP-0357: Push Notifications` \
|
||||||
csi `# client state indication (XEP-0352)` \
|
#csi `# client state indication (XEP-0352)` \
|
||||||
e2e_policy `# require end-2-end encryption` \
|
e2e_policy `# require end-2-end encryption` \
|
||||||
filter_chatstates `# disable "X is typing" type messages` \
|
filter_chatstates `# disable "X is typing" type messages` \
|
||||||
smacks `# stream management (XEP-0198)` \
|
#smacks `# stream management (XEP-0198)` \
|
||||||
throttle_presence `# presence throttling in CSI` \
|
throttle_presence `# presence throttling in CSI` \
|
||||||
vcard_muc `# XEP-0153: vCard-Based Avatar (MUC)` \
|
vcard_muc `# XEP-0153: vCard-Based Avatar (MUC)` \
|
||||||
firewall `# anti-spam firewall` \
|
firewall `# anti-spam firewall` \
|
||||||
|
@ -6,11 +6,11 @@ local domain_pubsub = os.getenv("DOMAIN_PUBSUB")
|
|||||||
|
|
||||||
-- XEP-0368: SRV records for XMPP over TLS
|
-- XEP-0368: SRV records for XMPP over TLS
|
||||||
-- https://compliance.conversations.im/test/xep0368/
|
-- https://compliance.conversations.im/test/xep0368/
|
||||||
legacy_ssl_ssl = {
|
c2s_direct_tls_ssl = {
|
||||||
certificate = "certs/" .. domain .. "/fullchain.pem";
|
certificate = "certs/" .. domain .. "/fullchain.pem";
|
||||||
key = "certs/" .. domain .. "/privkey.pem";
|
key = "certs/" .. domain .. "/privkey.pem";
|
||||||
}
|
}
|
||||||
legacy_ssl_ports = { 5223 }
|
c2s_direct_tls_ports = { 5223 }
|
||||||
|
|
||||||
-- https://prosody.im/doc/certificates#service_certificates
|
-- https://prosody.im/doc/certificates#service_certificates
|
||||||
-- https://prosody.im/doc/ports#ssl_configuration
|
-- https://prosody.im/doc/ports#ssl_configuration
|
||||||
|
@ -1,14 +1,12 @@
|
|||||||
-- see example config at https://hg.prosody.im/-1.9/file/0.9.10/prosody.cfg.lua.dist
|
-- see example config at https://hg.prosody.im/-1.9/file/0.9.10/prosody.cfg.lua.dist
|
||||||
-- easily extendable by putting into different config files within conf.d folder
|
-- easily extendable by putting into different config files within conf.d folder
|
||||||
|
|
||||||
local stringy = require "stringy"
|
local stringy = require "stringy"
|
||||||
|
|
||||||
admins = stringy.split(os.getenv("PROSODY_ADMINS"), ", ");
|
admins = stringy.split(os.getenv("PROSODY_ADMINS"), ", ");
|
||||||
|
|
||||||
pidfile = "/var/run/prosody/prosody.pid"
|
pidfile = "/var/run/prosody/prosody.pid"
|
||||||
|
|
||||||
use_libevent = true; -- improves performance
|
|
||||||
|
|
||||||
allow_registration = os.getenv("ALLOW_REGISTRATION");
|
allow_registration = os.getenv("ALLOW_REGISTRATION");
|
||||||
|
|
||||||
c2s_require_encryption = os.getenv("C2S_REQUIRE_ENCRYPTION");
|
c2s_require_encryption = os.getenv("C2S_REQUIRE_ENCRYPTION");
|
||||||
|
@ -1,8 +1,6 @@
|
|||||||
version: "3.9"
|
|
||||||
|
|
||||||
services:
|
services:
|
||||||
prosody:
|
prosody:
|
||||||
image: prosody
|
image: prosody/xmpp:latest
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
ports:
|
ports:
|
||||||
- "5000:5000"
|
- "5000:5000"
|
||||||
@ -19,7 +17,7 @@ services:
|
|||||||
- ./certs:/usr/local/etc/prosody/certs
|
- ./certs:/usr/local/etc/prosody/certs
|
||||||
|
|
||||||
prosody_postgres:
|
prosody_postgres:
|
||||||
image: prosody
|
image: prosody/xmpp:latest
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
ports:
|
ports:
|
||||||
- "5000:5000"
|
- "5000:5000"
|
||||||
@ -53,7 +51,7 @@ services:
|
|||||||
POSTGRES_PASSWORD: prosody
|
POSTGRES_PASSWORD: prosody
|
||||||
|
|
||||||
prosody_ldap:
|
prosody_ldap:
|
||||||
image: prosody
|
image: prosody/xmpp:latest
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
ports:
|
ports:
|
||||||
- "5000:5000"
|
- "5000:5000"
|
||||||
|
@ -57,8 +57,8 @@ load 'bats/bats-assert/load'
|
|||||||
assert_output
|
assert_output
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "Should activate legacy_ssl" {
|
@test "Should activate c2s_direct_tls" {
|
||||||
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'legacy_ssl' on (\[::\]:5223|\[\*\]:5223), (\[::\]:5223|\[\*\]:5223)\""
|
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'c2s_direct_tls' on (\[::\]:5223|\[\*\]:5223), (\[::\]:5223|\[\*\]:5223)\""
|
||||||
assert_success
|
assert_success
|
||||||
assert_output
|
assert_output
|
||||||
}
|
}
|
||||||
@ -82,7 +82,17 @@ load 'bats/bats-assert/load'
|
|||||||
}
|
}
|
||||||
|
|
||||||
@test "Should show upload URL" {
|
@test "Should show upload URL" {
|
||||||
run bash -c "sudo docker-compose logs $batsContainerName | grep \"URL: <https:\/\/upload.example.com:5281\/upload> - Ensure this can be reached by users\""
|
run bash -c "sudo docker-compose logs $batsContainerName | grep \"Serving 'file_share' at https:\/\/upload.example.com:5281\/file_share\""
|
||||||
assert_success
|
assert_success
|
||||||
assert_output
|
assert_output
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@test "Should not use deprecated config" {
|
||||||
|
run bash -c "sudo docker-compose exec $batsContainerName /bin/bash -c \"/entrypoint.bash check\" | grep 'deprecated' -A 3"
|
||||||
|
assert_failure
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Should not have warnings in log" {
|
||||||
|
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"warn\""
|
||||||
|
assert_failure
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user