etc/prosody.cfg.lua


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196

admins = { "vous@exemple.fr" }

-- For more information see: https://prosody.im/doc/libevent
-- use_libevent = true

plugin_paths = { "/usr/lib/prosody/modules" }

modules_enabled = {

    -- Generally required
    "roster"; -- Allow users to have a roster. Recommended ;)
    "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
    "tls"; -- Add support for secure TLS on c2s/s2s connections
    "dialback"; -- s2s dialback support
    "disco"; -- Service discovery

    -- Not essential, but recommended
    "carbons"; -- Keep multiple clients in sync
    "carbons_copies";
    "carbons_copies_adhoc";
    "pep"; -- Enables users to publish their avatar, mood, activity, playing music and more
    "private"; -- Private XML storage (for room bookmarks, etc.)
    "blocklist"; -- Allow users to block communications with other users
    "vcard4"; -- User profiles (stored in PEP)
    "vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard
    "smacks";
    "bookmarks"; -- vieux module mais compatible avec la
    -- majorité des clients XMPP contrairement
    -- à bookmarks2
    --"bookmarks2";
    "presence"; -- voir l'état de l'utilisateur (en ligne, hors
    -- ligne, etc...)
    "offline";

    -- Nice to have
    "version"; -- Replies to server version requests
    "uptime"; -- Report how long server has been running
    "time"; -- Let others know the time here on this server
    "ping"; -- Replies to XMPP pings with pongs
    "register"; -- Allow users to register on this server using a client and change passwords
    "mam"; -- Store messages in an archive and allow users to access it
    "csi";
    "csi_simple"; -- Simple Mobile optimizations
    "csi_battery_saver";
    "vjud"; -- recherche d'utilisateurs dans les salons

    -- Admin interfaces
    "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands

    -- HTTP modules
    "bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
    "websocket"; -- XMPP over WebSockets

    -- Other specific functionality
    "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
    "limits"; -- Enable bandwidth limiting for XMPP connections
    "groups"; -- Shared roster support
    "server_contact_info"; -- Publish contact information for this service
    "announce"; -- Send announcement to all online users
    "welcome"; -- Welcome users who register accounts
    "watchregistrations"; -- Alert admins of registrations
    "motd"; -- Send a message to users when they log in
    --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
    --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
    }

    -- These modules are auto-loaded, but should you want
    -- to disable them then uncomment them here:
    modules_disabled = {
    -- "offline"; -- Store offline messages
    -- "c2s"; -- Handle client connections
    -- "s2s"; -- Handle server-to-server connections
}

motd_text = [[Bonjour à tous ! Bienvenue sur mon serveur XMPP. Clavardez heureux !]]
welcome_message = "C'est ta première connexion, $username. Bienvenue à toi."

daemonize = false;
pidfile = "/run/prosody/prosody.pid";
trusted_proxies = { "127.0.0.1", "::1" }

-- Force certificate authentication for server-to-server connections
c2s_require_encryption = true -- chiffrement requis pour connexion client à serveur
s2s_require_encryption = true -- chiffrement requis pour connexion entre serveurs
s2s_secure_auth = true 
authentication = "internal_hashed"

-- mam settings
archive_expires_after = "never" -- historique permanent des chats

log = {
    -- Log files (change 'info' to 'debug' for debug logs):
    info = "/var/log/prosody/prosody.log";
    error = "/var/log/prosody/prosody.err";
    -- Syslog:
    { levels = { "error" }; to = "syslog";  };
}

-- http and certificate shenanigans
certificates = "certs"

-- Include "conf.d/*.cfg.lua"

legacy_ssl_ports =  { 5223 }
-- http_ports =  { 5280 }
-- http_interface = { "*" }
-- https_ports = { 5281 }
-- https_interfaces { "*" }


cross_domain_bosh = { "https://chat.exemple.fr" }
cross_domain_websocket = { "https://chat.exemple.fr" }
consider_bosh_secure = true
consider_websocket_secure = true
allow_registration = true -- nécessaire pour mod_invites
registration_invite_only = true -- inscription autorisé seulement avec les invitations
vjud_mode = "opt-in" -- l'utilisateur doit consentir pour que la recherche vjud 
-- le fasse remonter dans les résultats.

-- https://prosody.im/security/advisory_20210512/
gc = {
    speed = 500;
}
c2s_stanza_size_limit = 256 * 1024
s2s_stanza_size_limit = 512 * 1024

limits = {
    c2s = {
        rate = "10kb/s";
    };
    s2sin = {
        rate = "3kb/s";
    };
}
-- https://prosody.im/security/advisory_20210512/

ssl = { 
    key = "certs/exemple.fr.key";
    certificate = "certs/exemple.fr.crt";
}

VirtualHost "exemple.fr"
    invites_page = "https://chat.exemple.fr/invite?{invite.token}"
    webchat_url = "https://chat.exemple.fr/"
    http_external_url = "https://chat.exemple.fr/"
    invite_expiry = 86400 * 7 -- 7 jours avant qu'un lien d'invitation expire
    http_paths = {
        invites_page = "/invite";
        invites_register_web = "/register";
    }

    modules_enabled = {
        "invites";
        "invites_adhoc";
        "invites_page";
        "invites_register";
        "invites_register_web";
        "http_libjs";
    }

    contact_info = {
        abuse = { "mailto:vous@exemple.fr", "xmpp:vous@exemple.fr" };
        admin = { "mailto:vous@exemple.fr", "xmpp:vous@exemple.fr" };
        security = { "mailto:vous@exemple.fr", "xmpp:vous@exemple.fr" };
        support = { "mailto:vous@exemple.fr", "xmpp:vous@exemple.fr" };
    };

    https_certificate = "certs/exemple.fr.crt";
        ssl = { 
        key = "certs/exemple.fr.key";
        certificate = "certs/exemple.fr.crt";
    }

    Component "f.exemple.fr" "http_upload_external"
        http_upload_external_base_url = "https://f.exemple.fr/"
        http_upload_external_secret = "its-a-secret"
        http_upload_external_file_size_limit = 104857600 -- limite de à 100Mo pour les envois de pjs
        ssl = { 
            key = "certs/f.exemple.fr.key";
            certificate = "certs/f.exemple.fr.crt";
        }

    Component "salons.exemple.fr" "muc"
        name = "Salons (chatrooms) chez exemple.fr"
        modules_enabled = { "muc_mam", "vcard_muc" }
        muc_room_default_language = "fr"
        muc_log_expires_after = "never" -- histo permanent des groupes de
        -- chats
        log_all_rooms = true
        muc_log_by_default = true
        muc_log_presences = false
        restrict_room_creation = "admin" -- seul l'admin peut créer des salons
            ssl = { 
            key = "certs/salons.exemple.fr.key";
            certificate = "certs/salons.exemple.fr.crt";
        }