Public | Automated Build

Last pushed: 21 days ago
Short Description
XMPP server Prosody with BoringSSL
Full Description

XMPP server Prosody

… with BoringSSL, curve negotiation, certificate pinning (using SHA256),
passwords stored hashed using PBKDF2, and a safe pre-configuration.

Not compatible with old Jabber/XMPP clients or those with a crippled TLS implementation.
Pidgin, for example, needs to be version 2.10.11 or later.

https://github.com/wmark/docker-prosody

Follow me on Twitter for updates:
https://twitter.com/murmosh

Quickstart

The default behaviour is to start Prosody:

docker run -d --name "my_prosody" --hostname "domain.tld" \
  -v /my/prosody-data:/var/lib/prosody \
  -v /my/prosody-conf:/etc/prosody/conf.d \
  -v /my/prosody-certs:/etc/prosody/certs \
  --tmpfs /run \
  -p 5000:5000 \
  -p 5222:5222 \
  -p 5269:5269 \
  -p 5347:5347 \
  wmark/prosody

When run with arguments prosodyctl is called instead,
which enables you to create a new user me@domain.tld like this:

docker run -ti --rm \
  -v ...:... \
  wmark/prosody register me domain.tld SecretPasswd

# or

docker exec -ti "my_prosody" \
  prosodyctl register me domain.tld SecretPasswd

Volumes

  • /var/lib/prosody — data directory of Prosody, needs to be persisted
  • /etc/prosody/conf.d — place your configuration here; the suffix must be .cfg.lua
  • /etc/prosody/certs — this is where any certificates go

Configure

Create in /etc/prosody/conf.d/ (/my/prosody-conf/ on the host for the quickstart example)
a file domain-tld.cfg.lua like this:

VirtualHost "domain.tld"
    enable = true
    ssl = {
        key = "/etc/prosody/certs/domain-tld.key";
        certificate = "/etc/prosody/certs/domain-tld.crt";
        dhparam = "/etc/prosody/certs/dhparam";
    }

Component "conference.domain.tld" "muc"
Component "proxy.domain.tld" "proxy65"

To host more than one domain just copy that file and adjust the domain name and
paths to your SSL certificates accordingly.

You don't need to set ciphers or curve. I've already done that for you.
And yes, curve negotiation is used whenever possible.

Modern Android will arrive at curve X25519 and cipher CHACHA20-POLY1305.

Docker Pull Command
Owner
wmark
Source Repository