Adds HTTPS configuration + remove spaces at EOL

serviceconf/prosody/prosody.cfg.lua

@@ -44,7 +44,7 @@ modules_enabled = {
 	-- Not essential, but recommended
 		"private"; -- Private XML storage (for room bookmarks, etc.)
 		"vcard"; -- Allow users to set vCards
-	
+
 	-- These are commented by default as they have a performance impact
 		--"privacy"; -- Support privacy lists
 		--"compression"; -- Stream compression (requires the lua-zlib package installed)
@@ -167,7 +167,7 @@ https_ports = { 5281 }
 https_interfaces = { "*" }
 
 
--- Configuration for http_upload 
+-- Configuration for http_upload
 http_max_content_size = 5000000000
 http_upload_file_size_limit = 5000000000
 http_upload_expire_after = 60 * 60 * 24 * 60 -- a 2 months in seconds
@@ -175,13 +175,19 @@ http_upload_expire_after = 60 * 60 * 24 * 60 -- a 2 months in seconds
 https_ssl = {
 	certificate = "/path/to/cert.pem";
 	key = "/path/to/privkey.pem";
+   	ciphers = "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305-D:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305-D:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA"; -- order in which ciphers should be used, only this ciphers are allowed
+	dhparam = "/path/to/dhparam4096.pem"; -- Diffie-Helmann parameters to use
+	curve = "secp384r1"; -- which elliptic curve should be used
+	protocol = "tlsv1_2"; -- enables only TLSv1.2 other should be retained insecure
+	options = { "no_sslv2", "no_sslv3", "no_tlsv1", "no_tlsv1_1", "no_ticket", "no_compression", "cipher_server_preference", "single_dh_use", "single_ecdh_use" } ; -- Various options, diabling SSLv2 and v3 as well as TLS v1,v1.1. Cipher server order should be honored. ...
+	verifyext = { };
 }
 
 http_host = "xmpp.server.org"
 http_external_url = "https://xmpp.server.org/prosody//"
 
 VirtualHost "localhost"
-	enabled = false 
+	enabled = false
 
 VirtualHost "server.org"
 
@@ -190,8 +196,8 @@ VirtualHost "server.org"
 		"proxy65"; -- It should be configured, allows clients behind nat to share files how it behaves with http_upload
 		-- "compression"; Disabled as per https://mail.jabber.org/pipermail/standards/2014-October/029215.html/co
 		"register";
-		"disco"; -- Autodiscover of services present on server 
-		"smacks"; -- Adds a feature to resend messages to a client resuming a session if it's offline for a certain amount of time 
+		"disco"; -- Autodiscover of services present on server
+		"smacks"; -- Adds a feature to resend messages to a client resuming a session if it's offline for a certain amount of time
 		"mam"; -- Adds archiving of messages, a user can request last n messages from server. Better to configure it tu use mysql (maybe the whole prosody as well)
 		"csi"; -- Adds client state indication,clients -expecialy mobile ones- inform server whether they are used or not so less informations are sent to client using less battery
 		"throttle_presence"; -- Do not send contact presence updates if client sent csi
@@ -215,14 +221,14 @@ VirtualHost "server.org"
 	http_host = "xmpp.server.org"
 	http_external_url = "https://xmpp.server.org/prosody//"
 
-	ssl = { 
+	ssl = {
 		--key = "/etc/ssl/letsencrypt/server.org/privkey.pem";
 		--certificate = "/etc/ssl/letsencrypt/server.org/fullchain.pem";
 		key = "/etc/letsencrypt/live/xmpp.server.org/privkey.pem";
 		certificate = "/etc/letsencrypt/live/xmpp.server.org/fullchain.pem";
 	}
 
-    -- Configuration for MUC 
+    -- Configuration for MUC
 	Component "conference.server.org" "muc"
 		name = "Our shining fucking beautiful chatroom server yeah"
 		restrict_room_creation = "local"