From c36fc42e9cd6c83d232ca203be1e4f65083fd8c6 Mon Sep 17 00:00:00 2001 From: Jochen Schalanda Date: Fri, 23 Feb 2018 19:01:52 +0100 Subject: [PATCH] Initial commit --- Dockerfile | 34 +++++++ LICENSE | 21 +++++ README.md | 93 ++++++++++++++++++ docker-entrypoint.sh | 14 +++ hooks/build | 9 ++ prosody.cfg.lua | 218 +++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 389 insertions(+) create mode 100644 Dockerfile create mode 100644 LICENSE create mode 100644 README.md create mode 100755 docker-entrypoint.sh create mode 100644 hooks/build create mode 100644 prosody.cfg.lua diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..5a55b0b --- /dev/null +++ b/Dockerfile @@ -0,0 +1,34 @@ +FROM alpine:3.7 +MAINTAINER Jochen Schalanda + +ENV PROSODY_VERSION 0.10.0-r2 + +# Build-time metadata as defined at http://label-schema.org +ARG BUILD_DATE +ARG VCS_REF +ARG VERSION + +LABEL org.label-schema.build-date=$BUILD_DATE \ + org.label-schema.name="Prosody IM Alpine Docker Image" \ + org.label-schema.description="Prosody IM Docker image based on Alpine Linux" \ + org.label-schema.url="https://prosody.im/" \ + org.label-schema.vcs-ref=$VCS_REF \ + org.label-schema.vcs-url="https://github.com/joschi/docker-prosody-alpine" \ + org.label-schema.version=$VERSION \ + org.label-schema.schema-version="1.0" \ + com.microscaling.docker.dockerfile="/Dockerfile" \ + com.microscaling.license="MIT" + +RUN apk add --no-cache bash "prosody=${PROSODY_VERSION}" +RUN mkdir -p /etc/prosody/conf.d /usr/local/lib/prosody/modules + +COPY prosody.cfg.lua /etc/prosody/prosody.cfg.lua +COPY docker-entrypoint.sh / +ENTRYPOINT ["/docker-entrypoint.sh"] + +EXPOSE 80 443 5222 5269 5347 5280 5281 +VOLUME ["/etc/prosody/", "/etc/prosody/conf.d/", "/usr/local/lib/prosody/modules/", "/var/lib/prosody/", "/var/run/prosody/prosody.pid"] + +USER prosody +ENV __FLUSH_LOG yes +CMD ["prosody"] diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..1b86231 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2018 Jochen Schalanda + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..ded572f --- /dev/null +++ b/README.md @@ -0,0 +1,93 @@ +# Prosody + +[![Docker Stars](https://img.shields.io/docker/stars/joschi/prosody-alpine.svg)][hub] +[![Docker Pulls](https://img.shields.io/docker/pulls/joschi/prosody-alpine.svg)][hub] +[![Image Size](https://images.microbadger.com/badges/image/joschi/prosody-alpine.svg)][microbadger] +[![Image Version](https://images.microbadger.com/badges/version/joschi/prosody-alpine.svg)][microbadger] +[![Image License](https://images.microbadger.com/badges/license/joschi/prosody-alpine.svg)][microbadger] + + +[hub]: https://hub.docker.com/r/joschi/prosody-alpine/ +[microbadger]: https://microbadger.com/images/joschi/prosody-alpine + +## What is Prosody? + +Prosody is a modern XMPP communication server. It aims to be easy to set up and configure, and efficient with system resources. + +Additionally, for developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols. + +### Example + +``` +# docker run -d \ + --name prosody + -p 5222:5222 \ + -p 5269:5269 \ + -e LOCAL=romeo \ + -e DOMAIN=shakespeare.lit \ + -e PASSWORD=juliet4ever \ + -v /data/prosody/vhosts:/etc/prosody/conf.d \ + -v /data/prosody/modules:/usr/local/lib/prosody/modules \ + joschi/prosody-alpine:0.10.0-1 +``` + +## Configuration + +The default [Prosody configuration file](prosody.cfg.lua) can be overwritten entirely (`/etc/prosody/prosody.cfg.lua`) or extended by adding configuration snippets into the `/etc/prosody/conf.d/` directory. + +### Virtual hosts + +New domains can be added by placing configuration snippets with the virtual host definitions to `/etc/prosody/conf.d/`.i + +Minimal example: + +``` +# cat vhosts/example-org.cfg.lua +VirtualHost "example.org" + enable = true +# docker run -d \ + --name prosody + -p 5222:5222 \ + -p 5269:5269 \ + -v /data/prosody/vhosts:/etc/prosody/conf.d \ + joschi/prosody-alpine:0.10.0-1 +``` + +### Creating a user + +This Docker image supports creating a single user on startup by providing the following environment variables: + +* `LOCAL`: local part of the JID +* `DOMAIN`: domain part of the JID +* `PASSWORD`: plaintext password of the user + +For example, the environment variables `LOCAL=foobar`, `DOMAIN=example.com`, `PASSWORD=supersecret` would create a user named "foobar@example.com" with the password "supersecret". + +Other than that, users can be created using [`prosodyctl`](https://prosody.im/doc/prosodyctl) in a running container: + +``` +# docker exec -it prosody prosodyctl register foobar example.com supersecret +``` + + +## Prosody modules + +Additional modules, e. g. from the [Prosody Community Modules](https://modules.prosody.im/), can be added by putting the Lua files into the `/usr/local/lib/prosody/modules/` directory. + + +## Persistent data + +Prosody only writes data into two locations, which have to be persisted in Docker volumes to survive a container restart: + +* `/var/lib/prosody/`: The Prosody [`data_path`](https://prosody.im/doc/configure#general_server_settings) +* `/var/run/prosody/prosody.pid`: The Prosody [`pidfile`](https://prosody.im/doc/configure#posix-only_options). + + +## Acknowledgements + +This Docker image is partly based on the official [prosody/prosody](https://github.com/prosody/prosody-docker) Docker image. + + +## License + +This Docker image is licensed under the MIT license, see [LICENSE](LICENSE). diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh new file mode 100755 index 0000000..54e85fa --- /dev/null +++ b/docker-entrypoint.sh @@ -0,0 +1,14 @@ +#!/bin/bash +set -e + +if [[ "$1" != "prosody" ]]; then + exec prosodyctl $* + exit 0; +fi + +if [ "$LOCAL" -a "$PASSWORD" -a "$DOMAIN" ] ; then + echo "Creating user ${LOCAL}@${DOMAIN}" + prosodyctl register $LOCAL $DOMAIN $PASSWORD +fi + +exec "$@" diff --git a/hooks/build b/hooks/build new file mode 100644 index 0000000..aeff965 --- /dev/null +++ b/hooks/build @@ -0,0 +1,9 @@ +#!/bin/bash + +# Custom build for Docker Hub +# see: https://medium.com/microscaling-systems/labelling-automated-builds-on-docker-hub-f3d073fb8e1 + +docker build --build-arg BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"` \ + --build-arg VCS_REF=$GIT_SHA1 \ + --build-arg VERSION=$DOCKER_TAG \ + --tag $IMAGE_NAME . diff --git a/prosody.cfg.lua b/prosody.cfg.lua new file mode 100644 index 0000000..4a9baa2 --- /dev/null +++ b/prosody.cfg.lua @@ -0,0 +1,218 @@ +-- Prosody Example Configuration File +-- +-- Information on configuring Prosody can be found on our +-- website at https://prosody.im/doc/configure +-- +-- Tip: You can check that the syntax of this file is correct +-- when you have finished by running this command: +-- prosodyctl check config +-- If there are any errors, it will let you know what and where +-- they are, otherwise it will keep quiet. +-- +-- The only thing left to do is rename this file to remove the .dist ending, and fill in the +-- blanks. Good luck, and happy Jabbering! + + +daemonize = false +pidfile = "/var/run/prosody/prosody.pid" + +---------- Server-wide settings ---------- +-- Settings in this section apply to the whole server and are the default settings +-- for any virtual hosts + +-- This is a (by default, empty) list of accounts that are admins +-- for the server. Note that you must create the accounts separately +-- (see https://prosody.im/doc/creating_accounts for info) +-- Example: admins = { "user1@example.com", "user2@example.net" } +admins = { } + +-- Enable use of libevent for better performance under high load +-- For more information see: https://prosody.im/doc/libevent +--use_libevent = true + +-- Prosody will always look in its source directory for modules, but +-- this option allows you to specify additional locations where Prosody +-- will look for modules first. For community modules, see https://modules.prosody.im/ +plugin_paths = { "/usr/local/lib/prosody/modules/" } + +-- This is the list of modules Prosody will load on startup. +-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too. +-- Documentation for bundled modules can be found at: https://prosody.im/doc/modules +modules_enabled = { + + -- Generally required + "roster"; -- Allow users to have a roster. Recommended ;) + "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. + "tls"; -- Add support for secure TLS on c2s/s2s connections + "dialback"; -- s2s dialback support + "disco"; -- Service discovery + + -- Not essential, but recommended + "carbons"; -- Keep multiple clients in sync + "pep"; -- Enables users to publish their mood, activity, playing music and more + "private"; -- Private XML storage (for room bookmarks, etc.) + "blocklist"; -- Allow users to block communications with other users + "vcard"; -- Allow users to set vCards + + -- Nice to have + "version"; -- Replies to server version requests + "uptime"; -- Report how long server has been running + "time"; -- Let others know the time here on this server + "ping"; -- Replies to XMPP pings with pongs + "register"; -- Allow users to register on this server using a client and change passwords + --"mam"; -- Store messages in an archive and allow users to access it + + -- Admin interfaces + "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands + --"admin_telnet"; -- Opens telnet console interface on localhost port 5582 + + -- HTTP modules + --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" + --"websocket"; -- XMPP over WebSockets + --"http_files"; -- Serve static files from a directory over HTTP + + -- Other specific functionality + --"limits"; -- Enable bandwidth limiting for XMPP connections + --"groups"; -- Shared roster support + --"server_contact_info"; -- Publish contact information for this service + --"announce"; -- Send announcement to all online users + --"welcome"; -- Welcome users who register accounts + --"watchregistrations"; -- Alert admins of registrations + --"motd"; -- Send a message to users when they log in + --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. + --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use +} + +-- These modules are auto-loaded, but should you want +-- to disable them then uncomment them here: +modules_disabled = { + -- "offline"; -- Store offline messages + -- "c2s"; -- Handle client connections + -- "s2s"; -- Handle server-to-server connections + "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. +} + +-- Disable account creation by default, for security +-- For more information see https://prosody.im/doc/creating_accounts +allow_registration = false + +-- Force clients to use encrypted connections? This option will +-- prevent clients from authenticating unless they are using encryption. + +c2s_require_encryption = false + +-- Force servers to use encrypted connections? This option will +-- prevent servers from authenticating unless they are using encryption. +-- Note that this is different from authentication + +s2s_require_encryption = false + + +-- Force certificate authentication for server-to-server connections? +-- This provides ideal security, but requires servers you communicate +-- with to support encryption AND present valid, trusted certificates. +-- NOTE: Your version of LuaSec must support certificate verification! +-- For more information see https://prosody.im/doc/s2s#security + +s2s_secure_auth = false + +-- Some servers have invalid or self-signed certificates. You can list +-- remote domains here that will not be required to authenticate using +-- certificates. They will be authenticated using DNS instead, even +-- when s2s_secure_auth is enabled. + +--s2s_insecure_domains = { "insecure.example" } + +-- Even if you leave s2s_secure_auth disabled, you can still require valid +-- certificates for some domains by specifying a list here. + +--s2s_secure_domains = { "jabber.org" } + +-- Select the authentication backend to use. The 'internal' providers +-- use Prosody's configured data storage to store the authentication data. +-- To allow Prosody to offer secure authentication mechanisms to clients, the +-- default provider stores passwords in plaintext. If you do not trust your +-- server please see https://prosody.im/doc/modules/mod_auth_internal_hashed +-- for information about using the hashed backend. + +authentication = "internal_hashed" + +-- Select the storage backend to use. By default Prosody uses flat files +-- in its configured data directory, but it also supports more backends +-- through modules. An "sql" backend is included by default, but requires +-- additional dependencies. See https://prosody.im/doc/storage for more info. + +--storage = "sql" -- Default is "internal" + +-- For the "sql" backend, you can uncomment *one* of the below to configure: +--sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename. +--sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } +--sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } + + +-- Archiving configuration +-- If mod_mam is enabled, Prosody will store a copy of every message. This +-- is used to synchronize conversations between multiple clients, even if +-- they are offline. This setting controls how long Prosody will keep +-- messages in the archive before removing them. + +archive_expires_after = "1w" -- Remove archived messages after 1 week + +-- You can also configure messages to be stored in-memory only. For more +-- archiving options, see https://prosody.im/doc/modules/mod_mam + +-- Logging configuration +-- For advanced logging see https://prosody.im/doc/logging +log = { + -- info = "prosody.log"; -- Change 'info' to 'debug' for verbose logging + -- error = "prosody.err"; + -- "*syslog"; -- Uncomment this for logging to syslog + "*console"; -- Log to the console, useful for debugging with daemonize=false +} + +-- Uncomment to enable statistics +-- For more info see https://prosody.im/doc/statistics +-- statistics = "internal" + +-- Certificates +-- Every virtual host and component needs a certificate so that clients and +-- servers can securely verify its identity. Prosody will automatically load +-- certificates/keys from the directory specified here. +-- For more information, including how to use 'prosodyctl' to auto-import certificates +-- (from e.g. Let's Encrypt) see https://prosody.im/doc/certificates + +-- Location of directory to find certificates in (relative to main config file): +certificates = "certs" + +----------- Virtual hosts ----------- +-- You need to add a VirtualHost entry for each domain you wish Prosody to serve. +-- Settings under each VirtualHost entry apply *only* to that host. + +VirtualHost "localhost" + +--VirtualHost "example.com" +-- certificate = "/path/to/example.crt" + +------ Components ------ +-- You can specify components to add hosts that provide special services, +-- like multi-user conferences, and transports. +-- For more information on components, see https://prosody.im/doc/components + +---Set up a MUC (multi-user chat) room server on conference.example.com: +--Component "conference.example.com" "muc" + +---Set up an external component (default component port is 5347) +-- +-- External components allow adding various services, such as gateways/ +-- transports to other networks like ICQ, MSN and Yahoo. For more info +-- see: https://prosody.im/doc/components#adding_an_external_component +-- +--Component "gateway.example.com" +-- component_secret = "password" + +------ Additional config files ------ +-- For organizational purposes you may prefer to add VirtualHost and +-- Component definitions in their own config files. This line includes +-- all config files in /etc/prosody/conf.d/ + +Include "conf.d/*.cfg.lua"