Files
@ 3dd7f39302f8
Branch filter:
Location: majic-ansible-roles/roles/xmpp_server/templates/prosody.cfg.lua.j2 - annotation
3dd7f39302f8
3.1 KiB
text/plain
MAR-29: Implemented tests for php_website role:
- Install some additional tools for testing everything.
- Updated test playbook to change allowed extensions for running PHP scripts on
parameters-optional.
- Updated error page to use correct extension for parameters-optional test
instance.
- Expanded rewrite configuration slightly for parameters-optional.
- Install libmariadb-client-lgpl-dev-compat to test mysql_config symlink
creation.
- Deploy a number of PHP pages used for testing if pages are served correctly.
- Set file permissions on deployed PHP FPM pool configuraiton files.
- Use expanded syntax when deploying TLS keys/certificates in order to avoid
issues with TAB mangling.
- Fixed set-up of Strict-Transport-Security header when HTTPS enforcement is
disabled.
- Added a number of PHP and static test pages.
- Wrote tests covering full functionality of the role.
- Install some additional tools for testing everything.
- Updated test playbook to change allowed extensions for running PHP scripts on
parameters-optional.
- Updated error page to use correct extension for parameters-optional test
instance.
- Expanded rewrite configuration slightly for parameters-optional.
- Install libmariadb-client-lgpl-dev-compat to test mysql_config symlink
creation.
- Deploy a number of PHP pages used for testing if pages are served correctly.
- Set file permissions on deployed PHP FPM pool configuraiton files.
- Use expanded syntax when deploying TLS keys/certificates in order to avoid
issues with TAB mangling.
- Fixed set-up of Strict-Transport-Security header when HTTPS enforcement is
disabled.
- Added a number of PHP and static test pages.
- Wrote tests covering full functionality of the role.
2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 1b76d272e529 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c 8b0cbc64f6e9 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 18cd76ec050d 18cd76ec050d 2e1ff733350e 2e1ff733350e 8b0cbc64f6e9 8b0cbc64f6e9 8b0cbc64f6e9 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 1b76d272e529 011f651f90ce 1b76d272e529 011f651f90ce 011f651f90ce e1f36d36827b 011f651f90ce 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e c8875611c9ef df7ad64eec5c df7ad64eec5c 2e1ff733350e 2e1ff733350e c8875611c9ef c8875611c9ef 1b76d272e529 2e1ff733350e c8875611c9ef c8875611c9ef c8875611c9ef c8875611c9ef 2e1ff733350e | -- Additional paths to search for modules.
plugin_paths = { "/usr/local/lib/prosody/modules/" }
-- List of server administrators.
admins = { {% for admin in xmpp_administrators %}"{{ admin }}", {% endfor %} }
-- List of modules to load on startup.
modules_enabled = {
-- Generally required
"roster"; -- Allow users to have a roster. Recommended ;)
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
"tls"; -- Add support for secure TLS on c2s/s2s connections
"dialback"; -- s2s dialback support
"disco"; -- Service discovery
"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
-- Not essential, but recommended
"private"; -- Private XML storage (for room bookmarks, etc.)
"vcard"; -- Allow users to set vCards
-- Nice to have
"version"; -- Replies to server version requests
"uptime"; -- Report how long server has been running
"time"; -- Let others know the time here on this server
"ping"; -- Replies to XMPP pings with pongs
"pep"; -- Enables users to publish their mood, activity, playing music and more
"register"; -- Allow users to register on this server using a client and change passwords
-- Admin interfaces
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
-- Other specific functionality
"announce"; -- Send announcement to all online users
"legacyauth"; -- Allow legacy authentication and SSL
};
-- Disable account creation by default, for security
-- For more information see http://prosody.im/doc/creating_accounts
allow_registration = false;
-- These are the SSL/TLS-related settings. If you don't want
-- to use SSL/TLS, you may comment or remove this
ssl = {
key = "/etc/ssl/private/{{ ansible_fqdn }}_xmpp.key";
certificate = "/etc/ssl/certs/{{ ansible_fqdn }}_xmpp.pem";
}
-- Ports on which to have direct TLS/SSL.
legacy_ssl_ports = { 5223 }
-- Force clients to use encrypted connection.
c2s_require_encryption = true
-- Disable certificate validation for server-to-server connections.
s2s_secure_auth = false
-- Path to Prosody's PID file.
pidfile = "/var/run/prosody/prosody.pid"
-- Authentication backend.
authentication = "ldap"
ldap_server = "{{ xmpp_ldap_server }}"
ldap_rootdn = "cn=prosody,ou=services,{{ xmpp_ldap_base_dn }}"
ldap_password = "{{ xmpp_ldap_password }}"
ldap_filter = "(&(mail=$user@$host)(memberOf=cn=xmpp,ou=groups,{{xmpp_ldap_base_dn}}))"
ldap_scope = "onelevel"
ldap_tls = true
ldap_base = "ou=people,{{ xmpp_ldap_base_dn }}"
-- Storage backend.
storage = "internal"
-- Logging configuration.
log = {
info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
error = "/var/log/prosody/prosody.err";
"*syslog";
}
-- Domains which should be handled by Prosody, with dedicated MUC and file
-- proxying components.
{% for domain in xmpp_domains -%}
VirtualHost "{{ domain }}"
Component "conference.{{ domain }}" "muc"
restrict_room_creation = "local"
Component "proxy.{{ domain }}" "proxy65"
proxy65_acl = { "{{ domain }}" }
{% endfor -%}
|