diff --git a/.gitignore b/.gitignore index 82a9adb9a..46f688972 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,7 @@ # XMPP certificates, keys and user data -config/vines/*.crt -config/vines/*.key +config/certs/*.crt +config/certs/*.key +config/prosody.cfg.lua # Trademark sillyness app/views/home/_show.* diff --git a/Gemfile b/Gemfile index 3472389b0..5d3da9ec3 100644 --- a/Gemfile +++ b/Gemfile @@ -155,7 +155,7 @@ gem "openid_connect", "0.10.0" gem "active_model_serializers", "0.9.4" # XMPP chat dependencies -gem "diaspora-vines", "~> 0.2.0.develop" +gem "diaspora-prosody-config", "~> 0.0.4" gem "rails-assets-diaspora_jsxc", "~> 0.1.5.develop", source: "https://rails-assets.org" # Tags diff --git a/Gemfile.lock b/Gemfile.lock index f30b592d6..5c16af4c4 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -173,13 +173,7 @@ GEM devise_lastseenable (0.0.6) devise rails (>= 3.0.4) - diaspora-vines (0.2.0.develop.4) - activerecord (~> 4.1) - bcrypt (~> 3.1) - em-hiredis (~> 0.3.0) - eventmachine (~> 1.0.8) - http_parser.rb (~> 0.6) - nokogiri (~> 1.6) + diaspora-prosody-config (0.0.4) diaspora_federation (0.0.13) faraday (~> 0.9.0) faraday_middleware (~> 0.10.0) @@ -202,16 +196,12 @@ GEM execjs eco-source (1.1.0.rc.1) ejs (1.1.1) - em-hiredis (0.3.1) - eventmachine (~> 1.0) - hiredis (~> 0.6.0) entypo-rails (3.0.0.pre.rc2) railties (>= 4.1, <= 5) equalizer (0.0.10) erubis (2.7.0) ethon (0.8.1) ffi (>= 1.3.0) - eventmachine (1.0.9.1) excon (0.45.4) execjs (2.6.0) eye (0.8) @@ -406,7 +396,6 @@ GEM hashdiff (0.2.3) hashie (3.4.3) hike (1.2.3) - hiredis (0.6.1) hitimes (1.2.3) http (1.0.2) addressable (~> 2.3) @@ -915,7 +904,7 @@ DEPENDENCIES devise (= 3.5.6) devise-token_authenticatable (~> 0.4.0) devise_lastseenable (= 0.0.6) - diaspora-vines (~> 0.2.0.develop) + diaspora-prosody-config (~> 0.0.4) diaspora_federation-rails (= 0.0.13) diaspora_federation-test (= 0.0.13) entypo-rails (= 3.0.0.pre.rc2) diff --git a/config/certs/README b/config/certs/README new file mode 100644 index 000000000..2e8573574 --- /dev/null +++ b/config/certs/README @@ -0,0 +1,7 @@ +If you want to encrypt your chat streams with prosody. +Add to `config/certs` your server certificate and key. + +The domain name should be included in the file name e.g.: + +* example.com.crt +* example.com.key diff --git a/config/defaults.yml b/config/defaults.yml index f5ba510d5..bb9da9c1b 100644 --- a/config/defaults.yml +++ b/config/defaults.yml @@ -51,30 +51,16 @@ defaults: enabled: false server: enabled: true - certs: 'config/vines' - accept_self_signed: false - cross_domain_messages: true - max_offline_msgs: 150 - c2s: - address: '0.0.0.0' - port: 5222 - max_stanza_size: 65536 - max_resources_per_account: 5 - s2s: - address: '0.0.0.0' - port: 5269 - max_stanza_size: 131072 - blacklist: [] + certs: "config/certs" bosh: proxy: false address: '0.0.0.0' port: 5280 bind: '/http-bind' - max_stanza_size: 65536 - max_resources_per_account: 5 log: - file: 'log/vines.log' - level: 'info' + info: 'log/prosody.log' + error: 'log/prosody.err' + debug: false map: mapbox: enabled: false diff --git a/config/diaspora.yml.example b/config/diaspora.yml.example index 109e89ee1..7b0c93ef6 100644 --- a/config/diaspora.yml.example +++ b/config/diaspora.yml.example @@ -194,23 +194,9 @@ configuration: ## Section ## increase environment.sidekiq.concurrency instead! #sidekiq_workers: 1 - ## Diaspora has an internal XMPP server. If you want to enable the chat + ## Diaspora has an internal XMPP web-client. If you want to enable the chat ## functionality or want to use a custom XMPP server, then you should edit ## the following configuration. - ## - ## The internal XMPP server does not support https - ## and even if we implement it, we would ran into certificate issues. - ## The problem with mixed-content is described here: - ## https://wiki.diasporafoundation.org/Vines#Browser_blocks_mixed-content - ## - ## The easiest way of avoiding certificate and mixed-content issues - ## is to use a proxy, e.g.: - ## - ## Apache: https://wiki.diasporafoundation.org/Vines#Apache2 - ## Nginx: https://wiki.diasporafoundation.org/Vines#Nginx - ## - ## If you configured your proxy correctly, you should adjust - ## the configuration in the BOSH section. chat: ## Section ## Enable the chat service and all its components. @@ -219,77 +205,23 @@ configuration: ## Section ## Custom XMPP server configuration goes here. server: ## Section - ## Start built-in XMPP server (default=true). - ## In case you want to run your own server, you should disable it. + ## Use the configuration bridge to prosody (default=true). + ## In case you want to run your own server or want to configure + ## prosody on your own, you should disable it. #enabled: false ## Set the directory in which to look for virtual hosts TLS certificates. - ## Check documentation on how to generate or configure your existing - ## certficates correctly: - ## - ## https://wiki.diasporafoundation.org/Vines#Certificates - #certs: 'config/vines' - - ## The server accepts by default only valid certificates. - ## Any connection which uses self-signed ones will be closed. - ## If you'd like to accept self-signed certificates - ## on your server, set the next option to true. - #accept_self_signed: true - - ## Only edit the next option if you'd like to deny - ## your users to exchange messages between other XMPP servers. - #cross_domain_messages: false - - ## Set the maximum of offline messages stored per user (default=150). - ## If it exceeds, it will start deleting old messages. You can disable - ## offline message support completely by setting the option to zero. - #max_offline_msgs: 150 - - ## Client to server - c2s: ## Section - - ## Configure the address that vines should listen on. - #address: '0.0.0.0' - - ## Configure the client-to-server port. - ## If your server is behind a router or firewall - ## check documentation on how to forward ports: - ## - ## https://wiki.diasporafoundation.org/Vines#Firewall_Ports - #port: 5222 - - ## The maximum we'd like to allow for stanza size. - #max_stanza_size: 65536 - - ## The max_resources_per_account attribute, limits how many - ## concurrent connections one user can have to the server. - #max_resources_per_account: 5 - - ## Server to server - s2s: ## Section - - ## Configure the address that vines should listen on. - #address: '0.0.0.0' - - ## Configure the server-to-server port. - ## If your server is behind a router or firewall - ## check documentation on how to forward ports: - ## - ## https://wiki.diasporafoundation.org/Vines#Firewall_Ports - #port: 5269 - - ## The max_stanza_size attribute should be - ## much larger than the setting for client-to-server. - #max_stanza_size: 131072 - - ## By default every XMPP server with a valid certificate - ## is able to communicate with your server. In case of a - ## malicious server (e.g. spam reason), you can black-list them. - #blacklist: - # - 'example.com' - # - 'malicous.net' + #certs: 'config/certs' ## XEP-0124 BOSH requests + ## The easiest way of avoiding certificate and mixed-content issues + ## is to use a proxy, e.g.: + ## + ## Apache: https://wiki.diasporafoundation.org/Vines#Apache2 + ## Nginx: https://wiki.diasporafoundation.org/Vines#Nginx + ## + ## If you configured your proxy correctly, + ## you should set the proxy option to 'true' bosh: ## Section ## If you'd like to use a proxy, you should set the proxy @@ -306,22 +238,17 @@ configuration: ## Section ## Configure the bind endpoint. #bind: '/http-bind' - ## The maximum we'd like to allow for stanza size. - #max_stanza_size: 65536 - - ## The max_resources_per_account attribute, limits how many - ## concurrent connections one user can have to the server. - #max_resources_per_account: 5 - ## Specify log behaviour here. log: ## Section ## Log file location. - #file: 'log/vines.log' + #info: 'log/prosody.log' + + ## Error log file location. + #error: 'log/prosody.err' - ## Set the logging level to debug, info, warn, error, or fatal. ## The debug level logs all XML sent and received by the server. - #level: 'info' + #debug: false ## Displays the location of a post in a map. Per default we are using the map ## tiles of the Heidelberg University (http://giscience.uni-hd.de). diff --git a/config/eye.rb b/config/eye.rb index 2dc55f38b..fdfbed198 100644 --- a/config/eye.rb +++ b/config/eye.rb @@ -40,7 +40,7 @@ Eye.application("diaspora") do with_condition(AppConfig.chat.enabled? && AppConfig.chat.server.enabled?) do process :xmpp do - start_command "bin/bundle exec vines start" + start_command "bin/bundle exec rails runner Prosody.start" daemonize true pid_file "tmp/pids/xmpp.pid" stop_signals [:TERM, 10.seconds, :KILL] diff --git a/config/initializers/prosody.rb b/config/initializers/prosody.rb new file mode 100644 index 000000000..093dd4924 --- /dev/null +++ b/config/initializers/prosody.rb @@ -0,0 +1,22 @@ +if AppConfig.chat.enabled? && AppConfig.chat.server.enabled? + db = Rails.application.config + .database_configuration[Rails.env] + + Prosody.update_configuration( + bosh_port: AppConfig.chat.server.bosh.port, bosh_path: AppConfig.chat.server.bosh.bind, + bosh_interface: AppConfig.chat.server.bosh.address, + + log_debug: (AppConfig.chat.server.log.debug? ? "debug" : "info"), + log_info: "#{Dir.pwd}/#{AppConfig.chat.server.log.info}", + log_error: "#{Dir.pwd}/#{AppConfig.chat.server.log.error}", + + certs: "#{Dir.pwd}/#{AppConfig.chat.server.certs}", + hostname: AppConfig.environment.url, + + virtualhost_driver: db["adapter"], + virtualhost_database: db["database"], + virtualhost_username: db["username"], + virtualhost_password: db["password"], + virtualhost_host: db["host"] + ) +end diff --git a/config/vines/README b/config/vines/README deleted file mode 100644 index 819906dc7..000000000 --- a/config/vines/README +++ /dev/null @@ -1,7 +0,0 @@ -If you want to encrypt your chat streams with vines. -Add to `config/vines` your server certificate and key. - -The domain name should be included in the file name e.g.: - -* example.com.crt -* example.com.key