aitzol/prosody-docker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: aitzol:73838d1aa545beee8291721054a2d44fccb9701a
Branches Tags
aitzol:main
aitzol:v1.3.2
aitzol:v1.3.1
aitzol:v1.3.0
aitzol:v1.2.9
...
compare: aitzol:0de34e5f74f842e7d2b4ab2e6905e78346152e89
Branches Tags
aitzol:main
aitzol:v1.3.2
aitzol:v1.3.1
aitzol:v1.3.0
aitzol:v1.2.9

3 Commits
73838d1aa5 ... 0de34e5f74

Author SHA1 Message Date
aitzol
0de34e5f74 2024-05-05 eguneraketa 2024-05-05 16:47:07 +02:00
aitzol
4857ee42e9 2024-05-05 eguneraketa 2024-05-05 16:45:21 +02:00
aitzol
da5371f30f 2024-05-05 eguneraketa 2024-05-05 16:40:57 +02:00
7 changed files with 36 additions and 18 deletions
Show Stats Expand all files Collapse all files

1
.gitignore vendored
View File

@ -3,5 +3,6 @@ certs/
extras/matterbridge/*.t*
tests/certs/
tests/venv/
tests/bats/*
tests/__pycache__/
*.swp

11
CHANGELOG.md
View File

@ -1,5 +1,16 @@
# Changelog
## Unreleased 2024-05-05
### Adjust config
* Replace deprecated legacy_ssl with c2s_direct_tls.
* Removed use_libevent = true. This means the default is now used which is epoll.
### Test
Added a test to check that no deprecated config settings are used.
## v1.3.2
* Added Firewall module with optional custom blacklist

8
Dockerfile
View File

@ -102,13 +102,13 @@ COPY *.bash /usr/local/bin/
RUN download-prosody-modules.bash \
&& docker-prosody-module-install.bash \
bookmarks `# XEP-0411: Bookmarks Conversion` \
carbons `# message carbons (XEP-0280)` \
#bookmarks `# XEP-0411: Bookmarks Conversion` \
#carbons `# message carbons (XEP-0280)` \
cloud_notify `# XEP-0357: Push Notifications` \
csi `# client state indication (XEP-0352)` \
#csi `# client state indication (XEP-0352)` \
e2e_policy `# require end-2-end encryption` \
filter_chatstates `# disable "X is typing" type messages` \
smacks `# stream management (XEP-0198)` \
#smacks `# stream management (XEP-0198)` \
throttle_presence `# presence throttling in CSI` \
vcard_muc `# XEP-0153: vCard-Based Avatar (MUC)` \
firewall `# anti-spam firewall` \

6
conf.d/05-vhost.cfg.lua
View File

@ -6,11 +6,11 @@ local domain_pubsub = os.getenv("DOMAIN_PUBSUB")
-- XEP-0368: SRV records for XMPP over TLS
-- https://compliance.conversations.im/test/xep0368/
legacy_ssl_ssl = {
certificate = "certs/" .. domain .. "/fullchain.pem";
c2s_direct_tls_ssl = {
certificate = "certs/" .. domain .. "/fullchain.pem";
key = "certs/" .. domain .. "/privkey.pem";
}
legacy_ssl_ports = { 5223 }
c2s_direct_tls_ports = { 5223 }
-- https://prosody.im/doc/certificates#service_certificates
-- https://prosody.im/doc/ports#ssl_configuration

2
prosody.cfg.lua
View File

@ -7,8 +7,6 @@ admins = stringy.split(os.getenv("PROSODY_ADMINS"), ", ");
pidfile = "/var/run/prosody/prosody.pid"
use_libevent = true; -- improves performance
allow_registration = os.getenv("ALLOW_REGISTRATION");
c2s_require_encryption = os.getenv("C2S_REQUIRE_ENCRYPTION");

8
tests/docker-compose.yml
View File

@ -1,8 +1,6 @@
version: "3.9"
services:
prosody:
image: prosody
image: prosody/xmpp:latest
restart: unless-stopped
ports:
- "5000:5000"
@ -19,7 +17,7 @@ services:
- ./certs:/usr/local/etc/prosody/certs
prosody_postgres:
image: prosody
image: prosody/xmpp:latest
restart: unless-stopped
ports:
- "5000:5000"
@ -53,7 +51,7 @@ services:
POSTGRES_PASSWORD: prosody
prosody_ldap:
image: prosody
image: prosody/xmpp:latest
restart: unless-stopped
ports:
- "5000:5000"

16
tests/tests.bats
View File

@ -57,8 +57,8 @@ load 'bats/bats-assert/load'
assert_output
}
@test "Should activate legacy_ssl" {
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'legacy_ssl' on (\[::\]:5223|\[\*\]:5223), (\[::\]:5223|\[\*\]:5223)\""
@test "Should activate c2s_direct_tls" {
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'c2s_direct_tls' on (\[::\]:5223|\[\*\]:5223), (\[::\]:5223|\[\*\]:5223)\""
assert_success
assert_output
}
@ -82,7 +82,17 @@ load 'bats/bats-assert/load'
}
@test "Should show upload URL" {
run bash -c "sudo docker-compose logs $batsContainerName | grep \"URL: <https:\/\/upload.example.com:5281\/upload> - Ensure this can be reached by users\""
run bash -c "sudo docker-compose logs $batsContainerName | grep \"Serving 'file_share' at https:\/\/upload.example.com:5281\/file_share\""
assert_success
assert_output
}
@test "Should not use deprecated config" {
run bash -c "sudo docker-compose exec $batsContainerName /bin/bash -c \"/entrypoint.bash check\" | grep 'deprecated' -A 3"
assert_failure
}
@test "Should not have warnings in log" {
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"warn\""
assert_failure
}