aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* prosody.cfg.lua.dist: Remove allow_registration in favor of invitesKim Alvefur2022-02-111-3/+0
| | | | | This settings should now only be used by public servers, which have their own documentation
* prosody.cfg.lua.dist: Comment improvements: s2s authenticationMatthew Wild2022-02-141-2/+2
|
* prosody.cfg.lua.dist: Comment improvements: authenticationMatthew Wild2022-02-141-0/+5
|
* prosody.cfg.lua.dist: Improve section-like layout via headers and spacingMatthew Wild2022-02-141-0/+9
|
* prosody.cfg.lua.dist: Comment improvementsMatthew Wild2022-02-141-2/+3
|
* prosody.cfg.lua.dist: Update s2s_secure_auth comment and defaultMatthew Wild2022-02-141-2/+3
|
* prosody.cfg.lua.dist: TURN configuration improvements and exampleMatthew Wild2022-02-141-1/+12
|
* prosody.cfg.lua.dist: Enable csi_simple by defaultMatthew Wild2022-02-141-1/+1
| | | | | It was added here in 2018, and at that time probably a bit too new to be enabled by default. Times change, and most people have this enabled now.
* usermanager, mod_saslauth: Default to internal_hashed if no auth module ↵Matthew Wild2022-02-103-2/+3
| | | | | | | | | | specified The default config was updated in this way long ago, but if no option was present in the config, Prosody would load internal_plain. This change can result in changes (for the better) for people using very old configuration files lacking an 'authentication' setting.
* prosody.cfg.lua.dist: Remove require_encryption optionsMatthew Wild2022-02-141-10/+0
| | | | | | | | | Reasons: - These now default to enabled when not specified since 38b5b05407be - Practically all servers require encryption these days for c2s/s2s. - Disabling encryption can be considered a special case that doesn't need to be in the default config file.
* core.certmanager: Turn soft dependency on LuaSec into a hardKim Alvefur2022-02-102-14/+4
| | | | | | The default network backend server_epoll already requires LuaSec so Prosody won't even start without it, so we can get rid of these lines here too.
* various: Require encryption by default for realKim Alvefur2021-12-256-6/+7
| | | | | | | | | These options have been specified (and enabled) in the default config file for a long time. However if unspecified in the config, they were not enabled. Now they are. This may result in a change of behaviour for people using very old config files that lack the require_encryption options. But that's what we want.
* mod_invites_register: Default to require encryptionMatthew Wild2022-02-101-1/+1
| | | | In line with the Prosody-wide default change for 0.12.
* mod_legacyauth: Default to require encryptionMatthew Wild2022-02-101-1/+1
|
* prosody.cfg.lua.dist: Remove mod_http_filesKim Alvefur2022-02-101-1/+0
| | | | | | | Serving web pages outside of specialized modules seems like a rare use case that doesn't warrant a spot in the default config file. Many users seem to have it confused with mod_http_upload, so removing it should help with that.
* prosody.cfg.lua.dist: Move Dialback downKim Alvefur2022-02-101-1/+1
| | | | Mostly a source of security issues lately
* prosody.cfg.lua.dist: Remove https_certificate, this should Just Work nowKim Alvefur2022-02-051-3/+0
|
* prosody.cfg.lua.dist: Remove mention of deprecated daemonize optionKim Alvefur2022-02-051-1/+1
| | | | Just run ./prosody like me!
* prosody.cfg.lua.dist: Remove installer_plugin_pathKim Alvefur2022-02-051-4/+0
| | | | | Most users shouldn't need to add this, and it works out of the box. Not important enough to justify having it in the default config.
* prosody.cfg.lua.dist: Add new modulesKim Alvefur2022-02-101-0/+14
| | | | | | | | | | | | | | mod_admin_shell enabled by default because it's awesome! mod_smacks and mod_bookmarks under recommended since they're recommended by the compliance suite XEP-0459 Invites under nice to have and enabled by default to enable a somewhat nice out of the box experience Other new modules mostly under Other mod_external_services left out since it's an advanced thing
* prosody.cfg.lua.dist: Add note about 'localhost'Kim Alvefur2021-02-041-0/+3
|
* mod_admin_shell: Use a table to show help sectionsKim Alvefur2022-02-201-17/+19
| | | | Because tables make everything better and more readable!
* CHANGES: Mention graceful shutdownKim Alvefur2022-02-181-0/+3
|
* mod_c2s: Ignore unused event payload [luacheck]Kim Alvefur2022-02-181-1/+1
|
* mod_c2s,mod_s2s: Wait for sessions to close before proceeding with shutdown ↵Kim Alvefur2022-02-172-2/+32
| | | | | | | | | | steps Ensures unavailable presence and other outgoing stanzas are sent. Waiting for c2s sessions to close first before proceeding to disable and close s2s ensures that unavailable presence can go out, even if it requires dialback to complete first.
* mod_c2s: Close ports in a separate, earlier event from closing sessionsKim Alvefur2022-02-181-0/+2
| | | | | Lets other things step in and do things while c2s ports are closed, e.g. mod_smacks, or other modules with port handlers that forward to c2s.
* mod_s2s: Disable creation of new outgoing connections during shutdownKim Alvefur2022-02-111-0/+7
|
* mod_c2s,mod_s2s: Disable and close port listeners before closing sessionsKim Alvefur2022-02-113-0/+15
| | | | This ensures no new clients can start connecting during shutdown
* mod_posix: Run signal handlers in the startup threadKim Alvefur2021-10-061-7/+13
|
* prosody: Expose main thread on the 'prosody' globalKim Alvefur2021-10-062-0/+5
| | | | To allow running things in it.
* prosody: Run shutdown procedure in async threadKim Alvefur2019-01-011-1/+1
|
* prosody: Move last cleanup and shutdown code into util.startupKim Alvefur2019-01-012-13/+17
|
* mod_admin_shell: Squeeze some characters out of the Certificate columnKim Alvefur2022-02-171-2/+2
| | | | The more compact these are, the better
* prosodyctl: Restore 'list --outdated'Kim Alvefur2022-02-171-0/+4
| | | | | Parsing --flags puts it into 'opts', so --outdated wasn't passed to luarocks, breaking that functionality
* mod_admin_shell: Fix description of muc:room() (thanks Link Mauve)Kim Alvefur2022-02-151-1/+1
| | | | | But then this is the internal API which is weird and unfriendly to expose externally. Lots of methods to wrap tho ... one day.
* mod_turn_external: Fix type of config option (thanks mirux)Kim Alvefur2022-02-151-1/+1
| | | | | | There was a separate boolean option to enable TLS before, but it was merged with the port number option and it seems the typed API interface got confused.
* util.dns: Remove compat for pre-0.11 lack of inet_ntop bindingKim Alvefur2022-02-151-32/+3
| | | | The inet_ntop binding was added in 8b612ec00e4a and included in 0.11.0
* util.dns: Replace base16 implementation with util.hexKim Alvefur2022-02-151-10/+1
| | | | Less code!
* core.certmanager: Relax certificate filename check #1713Kim Alvefur2022-02-141-8/+2
| | | | | After a survey of ACME clients it seems *.crt and *fullchain* should work for the majority. The rest get to manually copy their files.
* util.dependencies: Refer to 'apt' instead of 'apt-get'Kim Alvefur2022-02-132-7/+7
| | | | | The more modern and user friendly frontend, should be in every supported version of Debian and Ubuntu by now
* mod_invites_register: Load mod_register_ibr in invite only modeKim Alvefur2022-02-101-0/+4
| | | | | This ensures that registration actually works even if allow_registration is not enabled.
* mod_invites_register: Replace COMPAT hackKim Alvefur2022-02-101-1/+1
| | | | | This hack is not needed since a9c975a0f113 so can be removed when included with Prosody.
* mod_turn_external: Add option to enable TURN over TLSKim Alvefur2022-02-101-2/+6
| | | | | | Usually on port 443 to avoid restrictive firewalls. Thanks to Holger for discussion
* mod_turn_external: Simplify configurationKim Alvefur2022-02-101-2/+9
| | | | | Much harder to get boolean options wrong than accidentally adding something unrecognised to a Set.
* mod_admin_shell: Track connected events instead of createdKim Alvefur2022-02-061-3/+3
| | | | | | | | The connection events are more appropriate here, where the s2s-created events happens a bit later or earlier in a sessions lifetime depending on its direction and for outgoing connections isn't actually the creation time (which happens immediately after pressing enter, so not very interesting), but rather closer to the connection time.
* mod_s2s: Add new early s2s-connected eventsKim Alvefur2022-02-061-0/+3
| | | | | Allows doing things based on connections rather than sessions, which may have been created before or after.
* doap: Reference some JSON RFCsKim Alvefur2022-02-051-0/+2
| | | | | RFC 4627 JSON - util.json RFC 6901 JSON Pointer - util.jsonpointer
* doap: Reference RFC 6331 which deprecated SASL DIGEST-MD5Kim Alvefur2022-02-051-0/+1
|
* prosody.cfg.lua.dist: Link to website (thanks eta)Kim Alvefur2021-07-171-0/+2
|
* prosody.cfg.lua.dist: Warn about adding settings at the end of the fileKim Alvefur2021-07-171-0/+9
| | | | It is very often a confusing mistake that leads to support questions