Changeset - 8b0cbc64f6e9
[Not reviewed]
0 2 0
Branko Majic (branko) - 10 years ago 2015-03-08 11:24:07
branko@majic.rs
MAR-3: Added legacyauth module, including support for deprecated TLS/SSL on port 5223.
2 files changed with 6 insertions and 2 deletions:
0 comments (0 inline, 0 general)
docs/rolereference.rst
Show inline comments
 
@@ -487,27 +487,27 @@ Prosody
 
The ``prosody`` role can be used for setting-up Prosody, an XMPP server, on
 
destination machine.
 

	
 
The role implements the following:
 

	
 
* Sets-up the Prosody apt repository.
 
* Installs Prosody.
 
* Configures Prosody.
 

	
 
Prosody is configured as follows:
 

	
 
* Modules enabled: roster, saslauth, tls, dialback, posix, private, vcard,
 
  version, uptime, time, ping, pep, register, admin_adhoc, announce.
 
  version, uptime, time, ping, pep, register, admin_adhoc, announce, legacyauth.
 
* Self-registration is not allowed.
 
* TLS is configured.
 
* TLS is configured. Legacy TLS is available on port 5223.
 
* Client-to-server communication requires encryption (TLS).
 
* Authentication is done via LDAP. For setting the LDAP TLS truststore, see
 
  :ref:`LDAP Client <ldap_client>`.
 
* Internal storage is used.
 
* For each domain specified, a dedicated conference/multi-user chat (MUC)
 
  service is set-up, with FQDN set to ``conference.DOMAIN``.
 
* For each domain specified, a dedicated file proxy service will be set-up, with
 
  FQDN set to ``proxy.DOMAIN``.
 

	
 

	
 
Parameters
 
~~~~~~~~~~
roles/prosody/templates/prosody.cfg.lua.j2
Show inline comments
 
@@ -23,37 +23,41 @@ modules_enabled = {
 
    "version"; -- Replies to server version requests
 
    "uptime"; -- Report how long server has been running
 
    "time"; -- Let others know the time here on this server
 
    "ping"; -- Replies to XMPP pings with pongs
 
    "pep"; -- Enables users to publish their mood, activity, playing music and more
 
    "register"; -- Allow users to register on this server using a client and change passwords
 

	
 
  -- Admin interfaces
 
    "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
 

	
 
  -- Other specific functionality
 
    "announce"; -- Send announcement to all online users
 
    "legacyauth"; -- Allow legacy authentication and SSL
 
};
 

	
 
-- Disable account creation by default, for security
 
-- For more information see http://prosody.im/doc/creating_accounts
 
allow_registration = false;
 

	
 
-- These are the SSL/TLS-related settings. If you don't want
 
-- to use SSL/TLS, you may comment or remove this
 
ssl = {
 
  key = "{{ prosody_tls_key }}";
 
  certificate = "{{ prosody_tls_certificate }}";
 
}
 

	
 
-- Ports on which to have direct TLS/SSL.
 
legacy_ssl_ports = { 5223 }
 

	
 
-- Force clients to use encrypted connection.
 
c2s_require_encryption = true
 

	
 
-- Disable certificate validation for server-to-server connections.
 
s2s_secure_auth = false
 

	
 
-- Path to Prosody's PID file.
 
pidfile = "/var/run/prosody/prosody.pid"
 

	
 
-- Authentication backend.
 
authentication = "ldap"
 
ldap_server = "{{ prosody_ldap_server }}"
0 comments (0 inline, 0 general)