Commit e6c86353 authored by Valo's avatar Valo

Adds HTTPS configuration + remove spaces at EOL

parent 28c37edc
......@@ -44,7 +44,7 @@ modules_enabled = {
-- Not essential, but recommended
"private"; -- Private XML storage (for room bookmarks, etc.)
"vcard"; -- Allow users to set vCards
-- These are commented by default as they have a performance impact
--"privacy"; -- Support privacy lists
--"compression"; -- Stream compression (requires the lua-zlib package installed)
......@@ -167,7 +167,7 @@ https_ports = { 5281 }
https_interfaces = { "*" }
-- Configuration for http_upload
-- Configuration for http_upload
http_max_content_size = 5000000000
http_upload_file_size_limit = 5000000000
http_upload_expire_after = 60 * 60 * 24 * 60 -- a 2 months in seconds
......@@ -175,13 +175,19 @@ http_upload_expire_after = 60 * 60 * 24 * 60 -- a 2 months in seconds
https_ssl = {
certificate = "/path/to/cert.pem";
key = "/path/to/privkey.pem";
ciphers = "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305-D:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305-D:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA"; -- order in which ciphers should be used, only this ciphers are allowed
dhparam = "/path/to/dhparam4096.pem"; -- Diffie-Helmann parameters to use
curve = "secp384r1"; -- which elliptic curve should be used
protocol = "tlsv1_2"; -- enables only TLSv1.2 other should be retained insecure
options = { "no_sslv2", "no_sslv3", "no_tlsv1", "no_tlsv1_1", "no_ticket", "no_compression", "cipher_server_preference", "single_dh_use", "single_ecdh_use" } ; -- Various options, diabling SSLv2 and v3 as well as TLS v1,v1.1. Cipher server order should be honored. ...
verifyext = { };
}
http_host = "xmpp.server.org"
http_external_url = "https://xmpp.server.org/prosody//"
VirtualHost "localhost"
enabled = false
enabled = false
VirtualHost "server.org"
......@@ -190,8 +196,8 @@ VirtualHost "server.org"
"proxy65"; -- It should be configured, allows clients behind nat to share files how it behaves with http_upload
-- "compression"; Disabled as per https://mail.jabber.org/pipermail/standards/2014-October/029215.html/co
"register";
"disco"; -- Autodiscover of services present on server
"smacks"; -- Adds a feature to resend messages to a client resuming a session if it's offline for a certain amount of time
"disco"; -- Autodiscover of services present on server
"smacks"; -- Adds a feature to resend messages to a client resuming a session if it's offline for a certain amount of time
"mam"; -- Adds archiving of messages, a user can request last n messages from server. Better to configure it tu use mysql (maybe the whole prosody as well)
"csi"; -- Adds client state indication,clients -expecialy mobile ones- inform server whether they are used or not so less informations are sent to client using less battery
"throttle_presence"; -- Do not send contact presence updates if client sent csi
......@@ -215,14 +221,14 @@ VirtualHost "server.org"
http_host = "xmpp.server.org"
http_external_url = "https://xmpp.server.org/prosody//"
ssl = {
ssl = {
--key = "/etc/ssl/letsencrypt/server.org/privkey.pem";
--certificate = "/etc/ssl/letsencrypt/server.org/fullchain.pem";
key = "/etc/letsencrypt/live/xmpp.server.org/privkey.pem";
certificate = "/etc/letsencrypt/live/xmpp.server.org/fullchain.pem";
}
-- Configuration for MUC
-- Configuration for MUC
Component "conference.server.org" "muc"
name = "Our shining fucking beautiful chatroom server yeah"
restrict_room_creation = "local"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment