开发者

Configure lua prosody for localhost only

开发者 https://www.devze.com 2022-12-22 22:51 出处:网络
I want to use prosody or maybe another xmpp server to test my xmpp bot. I want it to only accept connecti开发者_如何学JAVAon from the address/localhost(don\'t want to configure firewall to block acces

I want to use prosody or maybe another xmpp server to test my xmpp bot. I want it to only accept connecti开发者_如何学JAVAon from the address/localhost(don't want to configure firewall to block access). I would like to know the easiest way to accomplish this.


To allow connections only from the localhost bind the server to 127.0.0.1. Binding it to 0.0.0.0 will allow connections from any host.

Check http://prosody.im/doc/configure and change the c2s_interface and s2s_interface values to "127.0.0.1"

To allow connections from somewhere else also but not everywhere, you need configure your firewall to do this.


My prosody.cfg.lua thanks to Tuomas

-- Prosody XMPP Server Configuration
-- 
-- If it wasn't already obvious, -- starts a comment, and all 
-- text after it on a line is ignored by Prosody.
--
-- The config is split into sections, a global section, and one 
-- for each defined host that we serve. You can add as many host 
-- sections as you like.
--
-- Lists are written { "like", "this", "one" } 
-- Lists can also be of { 1, 2, 3 } numbers, etc. 
-- Either commas, or semi-colons; may be used
-- as seperators.
--
-- A table is a list of values, except each value has a name. An 
-- example table would be:
--
-- ssl = { key = "keyfile.key", certificate = "certificate.cert" }
--
-- Whitespace (that is tabs, spaces, line breaks) is mostly insignificant, so 
-- can 
-- be placed anywhere
-- that     you deem fitting.
--
-- Tip: You can check that the syntax of this file is correct when you have finished
-- by running: luac -p /etc/prosody/prosody.cfg.lua
-- If there are any errors, it will let you know what and where they are, otherwise it 
-- will keep quiet.
--
-- Good luck, and happy Jabbering!

-- Global settings go in this section
-- (ie. those that apply to all hosts)

Host "*"
    c2s_interface = "127.0.0.1"
    s2s_interface = "127.0.0.1"

    -- This is a (by default, empty) list of accounts that are admins 
    -- for the server. Note that you must create the accounts separately
    -- (see http://prosody.im/doc/creating_accounts for info)
    -- Example: admins = { "user1@example.com", "user2@example.net" }
    admins = { }

    -- This is the list of modules Prosody will load on startup.
    -- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
    modules_enabled = {
            -- Generally required
                "roster"; -- Allow users to have a roster. Recommended ;)
                "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
                "tls"; -- Add support for secure TLS on c2s/s2s connections
                "dialback"; -- s2s dialback support
                "disco"; -- Service discovery

            -- Not essential, but recommended
                "private"; -- Private XML storage (for room bookmarks, etc.)
                "vcard"; -- Allow users to set vCards

            -- Nice to have
                "legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
                "version"; -- Replies to server version requests
                "uptime"; -- Report how long server has been running
                "time"; -- Let others know the time here on this server
                "ping"; -- Replies to XMPP pings with pongs
                "pep"; -- Enables users to publish their mood, activity, playing music and more
                "register"; -- Allow users to register on this server using a client and change passwords

            -- Required for daemonizing, and logging
                "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.

            -- Other specific functionality
                --"console"; -- telnet to port 5582 (needs console_enabled = true)
                --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
                --"httpserver"; -- Serve static files from a directory over HTTP
              };

    -- These modules are auto-loaded, should you
    -- for (for some mad reason) want to disable
    -- them then uncomment them below
    modules_disabled = {
            -- "presence";
            -- "message";
            -- "iq";
    };

    -- Disable account creation by default, for security
    -- For more information see http://prosody.im/doc/creating_accounts
    allow_registration = false;

    -- These are the SSL/TLS-related settings. If you don't want
    -- to use SSL/TLS, you may comment or remove this
    ssl = { 
        key = "/etc/prosody/certs/localhost.key";
        certificate = "/etc/prosody/certs/localhost.cert";
        }

    -- Hint: If you create a new log file or rename them, don't forget to update the
    --       logrotate config at /etc/logrotate.d/prosody
    log = {
        -- Log all error messages to prosody.err
        { levels = { min = "error" }, to = "file", filename = "/var/log/prosody/prosody.err" };
        -- Log everything of level "info" and higher (that is, all except "debug" messages)
        -- to prosody.log
        { levels = { min =  "info" }, to = "file", filename = "/var/log/prosody/prosody.log" };
    }

    pidfile = "/var/run/prosody/prosody.pid"

-- This allows clients to connect to localhost.
-- Obviously this domain cannot normally be accessed from other servers.
Host "localhost"
0

精彩评论

暂无评论...
验证码 换一张
取 消