Public | Automated Build

Last pushed: 20 days ago
Short Description
XMPP server Prosody with BoringSSL
Full Description

XMPP server Prosody

… with BoringSSL, curve negotiation, certificate pinning (using SHA256),
passwords stored hashed using PBKDF2, and a safe pre-configuration.

Not compatible with old Jabber/XMPP clients or those with a crippled TLS implementation.
Pidgin, for example, needs to be version 2.10.11 or later.

Follow me on Twitter for updates:


The default behaviour is to start Prosody:

docker run -d --name "my_prosody" --hostname "domain.tld" \
  -v /my/prosody-data:/var/lib/prosody \
  -v /my/prosody-conf:/etc/prosody/conf.d \
  -v /my/prosody-certs:/etc/prosody/certs \
  --tmpfs /run \
  -p 5000:5000 \
  -p 5222:5222 \
  -p 5269:5269 \
  -p 5347:5347 \

When run with arguments prosodyctl is called instead,
which enables you to create a new user me@domain.tld like this:

docker run -ti --rm \
  -v ...:... \
  wmark/prosody register me domain.tld SecretPasswd

# or

docker exec -ti "my_prosody" \
  prosodyctl register me domain.tld SecretPasswd


  • /var/lib/prosody — data directory of Prosody, needs to be persisted
  • /etc/prosody/conf.d — place your configuration here; the suffix must be .cfg.lua
  • /etc/prosody/certs — this is where any certificates go


Create in /etc/prosody/conf.d/ (/my/prosody-conf/ on the host for the quickstart example)
a file domain-tld.cfg.lua like this:

VirtualHost "domain.tld"
    enable = true
    ssl = {
        key = "/etc/prosody/certs/domain-tld.key";
        certificate = "/etc/prosody/certs/domain-tld.crt";
        dhparam = "/etc/prosody/certs/dhparam";

Component "conference.domain.tld" "muc"
Component "proxy.domain.tld" "proxy65"

To host more than one domain just copy that file and adjust the domain name and
paths to your SSL certificates accordingly.

You don't need to set ciphers or curve. I've already done that for you.
And yes, curve negotiation is used whenever possible.

Modern Android will arrive at curve X25519 and cipher CHACHA20-POLY1305.

Docker Pull Command
Source Repository