Update Prosody to version 0.12
This brings a number of changes and improvements, and moves from MariaDB to SQLite for storage, which requires manual migration for pre-existing deployments using `prosody-migrator`.
This commit is contained in:
parent
0794c40310
commit
38ded924a9
Binary file not shown.
Binary file not shown.
|
@ -84,6 +84,14 @@ systemd:
|
|||
[Service]
|
||||
Environment=UPSTREAM_HOST=nginx-serve-volume-git-serve UPSTREAM_PORT=8080
|
||||
|
||||
- name: nginx-proxy-http@chat.localhost.service
|
||||
enabled: true
|
||||
dropins:
|
||||
- name: prosody-upstream.conf
|
||||
contents: |
|
||||
[Service]
|
||||
Environment=UPSTREAM_HOST=prosody UPSTREAM_PORT=5280
|
||||
|
||||
- name: nginx-proxy-http@dav.localhost.service
|
||||
enabled: true
|
||||
dropins:
|
||||
|
|
|
@ -11,15 +11,8 @@ MARIADB_ROOT_PASSWORD=password
|
|||
# Configuration for Prosody.
|
||||
PROSODY_HOST=prosody.localhost
|
||||
PROSODY_HOST_EXTERNAL=prosody-external.localhost
|
||||
|
||||
PROSODY_DATABASE_NAME=prosody
|
||||
PROSODY_DATABASE_USERNAME=prosody
|
||||
PROSODY_DATABASE_PASSWORD=password
|
||||
|
||||
PROSODY_BIBOUMI_PASSWORD=password
|
||||
PROSODY_SPECTRUM_PASSWORD=password
|
||||
PROSODY_TURN_HOST=localhost
|
||||
PROSODY_TURN_SECRET=password
|
||||
|
||||
# Configuration for Coturn.
|
||||
COTURN_AUTH_SECRET=password
|
||||
|
|
|
@ -1,18 +1,19 @@
|
|||
FROM docker.io/debian:bullseye-slim
|
||||
ARG VERSION=0.11.13
|
||||
ARG MODULES_VERSION=a1181413a0eb
|
||||
ARG VERSION=0.12.0
|
||||
ARG MODULES_VERSION=f07c9a6f19b3
|
||||
|
||||
RUN apt-get update -y && apt-get install -y --no-install-recommends \
|
||||
curl mercurial gnupg ca-certificates apt-transport-https netcat-traditional
|
||||
curl mercurial gnupg ca-certificates apt-transport-https
|
||||
|
||||
RUN addgroup --system --gid 10000 prosody
|
||||
RUN adduser --system --uid 10000 --ingroup prosody --home /var/lib/prosody prosody
|
||||
RUN install --owner prosody --group prosody --directory /run/prosody
|
||||
|
||||
RUN echo "deb https://packages.prosody.im/debian bullseye main" > /etc/apt/sources.list.d/prosody.list && \
|
||||
echo "deb-src https://packages.prosody.im/debian bullseye main" >> /etc/apt/sources.list.d/prosody.list && \
|
||||
curl -o - https://prosody.im/files/prosody-debian-packages.key | apt-key add - && \
|
||||
apt-get update -y && apt-get install -y --no-install-recommends \
|
||||
lua-dbi-mysql lua-event lua-zlib lua-sec lua-luaossl lua-bitop prosody=${VERSION}*
|
||||
lua5.2 lua-dbi-sqlite3 lua-zlib lua-sec lua-luaossl lua-bitop lua-unbound prosody=${VERSION}*
|
||||
|
||||
RUN mkdir -p /usr/lib/prosody/community-modules && \
|
||||
hg clone --rev ${MODULES_VERSION} https://hg.prosody.im/prosody-modules /usr/lib/prosody/community-modules
|
||||
|
@ -21,9 +22,6 @@ COPY container/config /etc/prosody
|
|||
RUN prosodyctl check config
|
||||
|
||||
VOLUME /var/lib/prosody
|
||||
ENV __FLUSH_LOG yes
|
||||
|
||||
USER prosody
|
||||
EXPOSE 5222 5269 5280 5347
|
||||
|
||||
ENTRYPOINT ["prosody"]
|
||||
|
|
|
@ -21,14 +21,10 @@
|
|||
-- Example: admins = { "user1@example.com", "user2@example.net" }
|
||||
admins = {}
|
||||
|
||||
-- Enable use of libevent for better performance under high load
|
||||
-- For more information see: https://prosody.im/doc/libevent
|
||||
use_libevent = true
|
||||
|
||||
-- Prosody will always look in its source directory for modules, but
|
||||
-- this option allows you to specify additional locations where Prosody
|
||||
-- will look for modules first. For community modules, see https://modules.prosody.im/
|
||||
plugin_paths = {"/usr/lib/prosody/community-modules"}
|
||||
plugin_paths = {"/usr/lib/prosody/modules", "/usr/lib/prosody/community-modules"}
|
||||
|
||||
-- This is the list of modules Prosody will load on startup.
|
||||
-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
|
||||
|
@ -40,6 +36,7 @@ modules_enabled = {
|
|||
"tls"; -- Add support for secure TLS on c2s/s2s connections
|
||||
"dialback"; -- s2s dialback support
|
||||
"disco"; -- Service discovery
|
||||
"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
|
||||
|
||||
-- Not essential, but recommended
|
||||
"carbons"; -- Keep multiple clients in sync
|
||||
|
@ -53,13 +50,9 @@ modules_enabled = {
|
|||
"uptime"; -- Report how long server has been running
|
||||
"time"; -- Let others know the time here on this server
|
||||
"ping"; -- Replies to XMPP pings with pongs
|
||||
"register"; -- Allow users to register on this server using a client and change passwords
|
||||
"mam"; -- Store messages in an archive and allow users to access it
|
||||
"smacks"; -- Stream management for resuming dropped connections.
|
||||
"csi"; -- Chat state information.
|
||||
"csi_simple"; -- Enables simple traffic optimisation for clients that have reported themselves as inactive.
|
||||
"filter_chatstates"; -- Don't send chat state notifications when client is inactive.
|
||||
"throttle_presence"; -- Don't send presence information when client is inactive.
|
||||
|
||||
-- Push notifications
|
||||
"cloud_notify"; -- Support for push notifications.
|
||||
|
@ -70,27 +63,20 @@ modules_enabled = {
|
|||
"watch_spam_reports"; -- Alert admins of spam/abuse reports by users
|
||||
|
||||
-- Admin interfaces
|
||||
"admin_telnet"; -- Opens telnet console interface on localhost port 5582
|
||||
"admin_shell"; -- Allows for Prosody administration over a local shell
|
||||
|
||||
-- HTTP modules
|
||||
"websocket"; -- XMPP over WebSockets
|
||||
|
||||
-- Other specific functionality
|
||||
"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
|
||||
"conversejs"; -- Web-based frontend for XMPP
|
||||
"bookmarks2"; -- Next-generation group-chat bookmarks
|
||||
"turncredentials"; -- Connect to TURN/STUN server
|
||||
"bookmarks"; -- Next-generation group-chat bookmarks
|
||||
"turn_external"; -- Connect to TURN/STUN server
|
||||
}
|
||||
|
||||
-- These modules are auto-loaded, but should you want
|
||||
-- to disable them then uncomment them here:
|
||||
modules_disabled = {
|
||||
"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
|
||||
}
|
||||
|
||||
-- Disable account creation by default, for security
|
||||
-- For more information see https://prosody.im/doc/creating_accounts
|
||||
allow_registration = false
|
||||
modules_disabled = {}
|
||||
|
||||
-- Force clients to use encrypted connections? This option will
|
||||
-- prevent clients from authenticating unless they are using encryption.
|
||||
|
@ -136,11 +122,8 @@ authentication = "internal_hashed"
|
|||
|
||||
storage = "sql" -- Default is "internal"
|
||||
sql = {
|
||||
driver = "MySQL",
|
||||
host = os.getenv("PROSODY_DATABASE_HOST") or "localhost",
|
||||
database = os.getenv("PROSODY_DATABASE_NAME") or "prosody",
|
||||
username = os.getenv("PROSODY_DATABASE_USERNAME") or "prosody",
|
||||
password = os.getenv("PROSODY_DATABASE_PASSWORD") or ""
|
||||
driver = "SQLite3",
|
||||
database = "/var/lib/prosody/prosody.sqlite",
|
||||
}
|
||||
|
||||
-- For the "sql" backend, you can uncomment *one* of the below to configure:
|
||||
|
@ -163,6 +146,10 @@ archive_expires_after = "1w" -- Remove archived messages after 1 week
|
|||
-- For advanced logging see https://prosody.im/doc/logging
|
||||
log = {{to = "console", levels = {min = "info"}, timestamps = true}}
|
||||
|
||||
-- Set PID file and socket in ephemeral path.
|
||||
pidfile = "/run/prosody/prosody.pid"
|
||||
admin_socket = "/run/prosody/prosody.sock"
|
||||
|
||||
-- Don't show banner when performing console commands.
|
||||
console_banner = ""
|
||||
|
||||
|
@ -180,8 +167,8 @@ auth_imap_ssl = {
|
|||
}
|
||||
|
||||
-- Configuration for TURN/STUN.
|
||||
turncredentials_host = os.getenv("PROSODY_TURN_HOST") or "localhost"
|
||||
turncredentials_secret = os.getenv("PROSODY_TURN_SECRET") or ""
|
||||
turn_external_host = os.getenv("PROSODY_TURN_HOST") or "localhost"
|
||||
turn_external_secret = os.getenv("PROSODY_TURN_SECRET") or ""
|
||||
|
||||
-- Uncomment to enable statistics
|
||||
-- For more info see https://prosody.im/doc/statistics
|
||||
|
@ -195,7 +182,7 @@ turncredentials_secret = os.getenv("PROSODY_TURN_SECRET") or ""
|
|||
-- (from e.g. Let's Encrypt) see https://prosody.im/doc/certificates
|
||||
|
||||
-- Location of directory to find certificates in (relative to main config file):
|
||||
certificates = "certificates"
|
||||
certificates = "/etc/ssl/private/certificates"
|
||||
|
||||
-- Listen on all interfaces for component connections.
|
||||
component_interface = "0.0.0.0"
|
||||
|
|
|
@ -6,22 +6,33 @@
|
|||
local host_base = os.getenv("PROSODY_HOST") or "localhost"
|
||||
local host_external = os.getenv("PROSODY_HOST_EXTERNAL") or "external.localhost"
|
||||
|
||||
-- The primary virtual host, typically anchored to the root domain (e.g. "example.com"). User JIDs
|
||||
-- will need to match this domain name.
|
||||
VirtualHost(host_base)
|
||||
http_host = host_external
|
||||
http_host = host_external
|
||||
http_external_url = "https://" .. host_external .. "/"
|
||||
certificate = "/etc/ssl/private/certificates/" .. host_base .. ".crt"
|
||||
authentication = "imap"
|
||||
auth_append_host = true
|
||||
authentication = "imap"
|
||||
auth_append_host = true
|
||||
http_paths = {
|
||||
conversejs = "/web"
|
||||
}
|
||||
|
||||
-- The component responsible for multi-user chats.
|
||||
Component(host_external) "muc"
|
||||
modules_enabled = {"muc_mam", "vcard_muc"}
|
||||
name = "The " .. host_base .. " chat-room server"
|
||||
certificate = "/etc/ssl/private/certificates/" .. host_external .. ".crt"
|
||||
name = "The " .. host_base .. " chat-room server"
|
||||
restrict_room_creation = "local"
|
||||
max_history_messages = 100
|
||||
max_history_messages = 100
|
||||
modules_enabled = {
|
||||
"muc_mam",
|
||||
"vcard_muc"
|
||||
}
|
||||
|
||||
Component(host_external) "http_upload"
|
||||
http_external_url = "https://" .. host_external .. "/"
|
||||
http_upload_expire_after = 60 * 60 * 24 * 7
|
||||
http_upload_file_size_limit = 1024 * 1024 * 32
|
||||
http_upload_quota = 1024 * 1024 * 1024
|
||||
-- The component responsible for HTTP file uploads.
|
||||
Component(host_external) "http_file_share"
|
||||
http_file_share_expire_after = 60 * 60 * 24 * 31
|
||||
http_file_share_size_limit = 1024 * 1024 * 32
|
||||
http_file_share_daily_quota = 1024 * 1024 * 128
|
||||
http_file_share_global_quota = 1024 * 1024 * 1024 * 5
|
||||
http_paths = {
|
||||
file_share = "/upload"
|
||||
}
|
||||
|
|
|
@ -2,12 +2,6 @@
|
|||
PROSODY_HOST=${PROSODY_HOST}
|
||||
PROSODY_HOST_EXTERNAL=${PROSODY_HOST_EXTERNAL}
|
||||
|
||||
# Database connection options.
|
||||
PROSODY_DATABASE_HOST=mariadb
|
||||
PROSODY_DATABASE_NAME=${PROSODY_DATABASE_NAME}
|
||||
PROSODY_DATABASE_USERNAME=${PROSODY_DATABASE_USERNAME}
|
||||
PROSODY_DATABASE_PASSWORD=${PROSODY_DATABASE_PASSWORD}
|
||||
|
||||
# Authentication options.
|
||||
PROSODY_IMAP_AUTH_HOST=dovecot
|
||||
PROSODY_IMAP_AUTH_PORT=993
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
-- Create default database.
|
||||
CREATE DATABASE IF NOT EXISTS `${PROSODY_DATABASE_NAME}`;
|
||||
|
||||
-- Create default user with pre-defined password.
|
||||
CREATE USER IF NOT EXISTS '${PROSODY_DATABASE_USERNAME}'@'%' IDENTIFIED BY '${PROSODY_DATABASE_PASSWORD}';
|
||||
GRANT ALL PRIVILEGES ON `${PROSODY_DATABASE_NAME}`.* TO '${PROSODY_DATABASE_USERNAME}'@'%';
|
||||
|
||||
FLUSH PRIVILEGES;
|
|
@ -8,7 +8,5 @@ storage:
|
|||
local: service/prosody/systemd/
|
||||
systemd:
|
||||
units:
|
||||
- name: prosody-firstboot.target
|
||||
enabled: true
|
||||
- name: prosody.service
|
||||
enabled: true
|
||||
|
|
|
@ -12,12 +12,12 @@ EnvironmentFile=-%E/coreos-home-server/%i/%i.env
|
|||
ExecStartPre=/bin/install --mode 0700 --directory /tmp/%N
|
||||
ExecStartPre=/bin/sh -c "envsubst < %E/coreos-home-server/prosody/service/component.cfg.lua.template > /tmp/%N/component.cfg.lua"
|
||||
ExecStartPre=/bin/podman cp --archive=false /tmp/%N/component.cfg.lua prosody:/etc/prosody/conf.d/%i.cfg.lua
|
||||
ExecStartPre=/bin/podman exec prosody sh -c "echo 'config:reload()' | nc -q 1 -w 10 127.0.0.1 5582"
|
||||
ExecStart=/bin/podman exec prosody sh -c "echo 'host:activate(\"${PROSODY_COMPONENT_NAME}\")' | nc -q 1 -w 10 127.0.0.1 5582"
|
||||
ExecStartPre=/bin/podman exec prosody prosodyctl shell config reload
|
||||
ExecStart=/bin/podman exec prosody prosodyctl shell host activate "$PROSODY_COMPONENT_NAME"
|
||||
ExecStartPost=/bin/rm -Rf /tmp/%N
|
||||
ExecStop=/bin/podman exec prosody sh -c "echo 'host:deactivate(\"${PROSODY_COMPONENT_NAME}\")' | nc -q 1 -w 10 127.0.0.1 5582"
|
||||
ExecStop=/bin/podman exec prosody prosodyctl shell host deactivate "$PROSODY_COMPONENT_NAME"
|
||||
ExecStopPost=/bin/podman exec --user=root prosody rm -f /etc/prosody/conf.d/%i.cfg.lua
|
||||
ExecStopPost=/bin/podman exec prosody sh -c "echo 'config:reload()' | nc -q 1 -w 10 127.0.0.1 5582"
|
||||
ExecStartPre=/bin/podman exec prosody prosodyctl shell config reload
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
[Unit]
|
||||
Description=Initialize Prosody XMPP Server
|
||||
Wants=mariadb-migrate@prosody.service prosody.service
|
||||
After=mariadb-migrate@prosody.service
|
||||
Before=prosody.service
|
||||
ConditionKernelCommandLine=ignition.firstboot
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,7 +1,7 @@
|
|||
[Unit]
|
||||
Description=Prosody XMPP server
|
||||
Wants=container-build@%N.service container-volume@%N.service mariadb.service dovecot.service
|
||||
After=container-build@%N.service container-volume@%N.service mariadb.service dovecot.service
|
||||
Wants=container-build@%N.service container-volume@%N.service dovecot.service
|
||||
After=container-build@%N.service container-volume@%N.service dovecot.service
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
|
@ -18,7 +18,7 @@ ExecStart=/bin/podman run --replace --name %N --net internal --sdnotify=conmon \
|
|||
localhost/%N:latest
|
||||
ExecStop=/bin/podman stop --ignore --time 10 %N
|
||||
ExecStopPost=/bin/podman rm --ignore --force %N
|
||||
ExecReload=/bin/podman exec %N sh -c 'echo "config:reload()" | nc -q 1 -w 10 127.0.0.1 5582'
|
||||
ExecReload=/bin/podman exec %N prosodyctl shell config reload
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
Loading…
Reference in New Issue