Patch by Robert Scheck for prosody >= 0.11.0 which sets defaults specific for Fedora and Red Hat Enterprise (including derivates like CentOS), adds helpful comments about optional dependencies and finally includes some upstream recommendations. --- prosody-0.11.0/prosody.cfg.lua.dist 2018-11-19 11:42:24.000000000 +0100 +++ prosody-0.11.0/prosody.cfg.lua.dist.config 2018-11-19 22:32:35.000000000 +0100 @@ -1,4 +1,4 @@ --- Prosody Example Configuration File +-- Prosody XMPP Configuration File -- -- Information on configuring Prosody can be found on our -- website at https://prosody.im/doc/configure @@ -9,8 +9,7 @@ -- If there are any errors, it will let you know what and where -- they are, otherwise it will keep quiet. -- --- The only thing left to do is rename this file to remove the .dist ending, and fill in the --- blanks. Good luck, and happy Jabbering! +-- Good luck, and happy Jabbering! ---------- Server-wide settings ---------- @@ -131,7 +130,8 @@ -- through modules. An "sql" backend is included by default, but requires -- additional dependencies. See https://prosody.im/doc/storage for more info. ---storage = "sql" -- Default is "internal" +--storage = "sql" -- Default is "internal" (Note: "sql" requires installed +-- lua-dbi RPM package) -- For the "sql" backend, you can uncomment *one* of the below to configure: --sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename. @@ -153,9 +153,11 @@ -- Logging configuration -- For advanced logging see https://prosody.im/doc/logging log = { - info = "prosody.log"; -- Change 'info' to 'debug' for verbose logging - error = "prosody.err"; - -- "*syslog"; -- Uncomment this for logging to syslog + -- Log everything of level "info" and higher (that is, all except "debug" messages) + -- to /var/log/prosody/prosody.log and errors also to /var/log/prosody/prosody.err + info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging + error = "/var/log/prosody/prosody.err"; -- Log errors also to file + -- error = "*syslog"; -- Log errors also to syslog -- "*console"; -- Log to the console, useful for debugging with daemonize=false } @@ -171,17 +173,20 @@ -- (from e.g. Let's Encrypt) see https://prosody.im/doc/certificates -- Location of directory to find certificates in (relative to main config file): -certificates = "certs" +certificates = "/etc/pki/prosody/" -- HTTPS currently only supports a single certificate, specify it here: --https_certificate = "certs/localhost.crt" +-- POSIX configuration +-- For more info see https://prosody.im/doc/modules/mod_posix +pidfile = "/run/prosody/prosody.pid"; +--daemonize = false -- Default is "true" + ----------- Virtual hosts ----------- -- You need to add a VirtualHost entry for each domain you wish Prosody to serve. -- Settings under each VirtualHost entry apply *only* to that host. -VirtualHost "localhost" - --VirtualHost "example.com" -- certificate = "/path/to/example.crt" @@ -203,3 +208,10 @@ -- --Component "gateway.example.com" -- component_secret = "password" + +------ Additional config files ------ +-- For organizational purposes you may prefer to add VirtualHost and +-- Component definitions in their own config files. This line includes +-- all config files in /etc/prosody/conf.d/ + +Include "conf.d/*.cfg.lua" --- prosody-0.11.0/core/certmanager.lua 2017-09-27 16:49:57.000000000 +0200 +++ prosody-0.11.0/core/certmanager.lua.config 2017-10-01 15:49:12.000000000 +0200 @@ -94,7 +94,8 @@ -- Built-in defaults local core_defaults = { - capath = "/etc/ssl/certs"; + capath = "/etc/pki/tls/certs"; + cafile = "/etc/pki/tls/certs/ca-bundle.crt"; depth = 9; protocol = "tlsv1+"; verify = (ssl_x509 and { "peer", "client_once", }) or "none";