diff --git a/data/prosody/configuration/prosody.cfg.lua b/data/prosody/configuration/prosody.cfg.lua index 0c2eaf6..4dcd56b 100644 --- a/data/prosody/configuration/prosody.cfg.lua +++ b/data/prosody/configuration/prosody.cfg.lua @@ -1,7 +1,7 @@ -- Prosody XMPP Server Configuration -- Domain: xmpp.guschin.info -admins = { "admin@xmpp.guschin.info" } +admins = { "admin@guschin.info", "admin@xmpp.guschin.info" } modules_enabled = { -- Generally required @@ -69,7 +69,14 @@ archive_expires_after = "never" -- Certificates directory (global, before VirtualHost) certificates = "/etc/prosody/certs" --- Virtual host definition +-- Primary virtual host (user@guschin.info) +VirtualHost "guschin.info" + ssl = { + key = "/etc/prosody/certs/guschin.info.key"; + certificate = "/etc/prosody/certs/guschin.info.crt"; + } + +-- Secondary virtual host (user@xmpp.guschin.info) VirtualHost "xmpp.guschin.info" ssl = { key = "/etc/prosody/certs/xmpp.guschin.info.key"; @@ -77,6 +84,6 @@ VirtualHost "xmpp.guschin.info" } -- Component for MUC (Multi-User Chat) -Component "muc.xmpp.guschin.info" "muc" +Component "muc.guschin.info" "muc" modules_enabled = { "muc_mam" } storage = "sql" diff --git a/docker-compose.yml b/docker-compose.yml index c62d00b..99d02ed 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -25,6 +25,8 @@ services: - ./data/prosody/configuration:/etc/prosody/conf.d - /etc/letsencrypt/live/xmpp.guschin.info:/etc/prosody/certs/letsencrypt/live/xmpp.guschin.info:ro - /etc/letsencrypt/archive/xmpp.guschin.info:/etc/prosody/certs/letsencrypt/archive/xmpp.guschin.info:ro + - /etc/letsencrypt/live/guschin.info:/etc/prosody/certs/letsencrypt/live/guschin.info:ro + - /etc/letsencrypt/archive/guschin.info:/etc/prosody/certs/letsencrypt/archive/guschin.info:ro restart: unless-stopped mem_limit: 200M healthcheck: diff --git a/entrypoint.sh b/entrypoint.sh index da1a625..31e4851 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -38,30 +38,36 @@ fi # (directories are already created in Dockerfile with proper ownership) touch /var/log/prosody/prosody.log /var/log/prosody/prosody.err 2>/dev/null || true -# Copy Let's Encrypt certificate to prosody certs directory if available -CERT_PATH="/etc/prosody/certs/xmpp.guschin.info.crt" -KEY_PATH="/etc/prosody/certs/xmpp.guschin.info.key" -LETSENCRYPT_CERT="/etc/prosody/certs/letsencrypt/live/xmpp.guschin.info/fullchain.pem" -LETSENCRYPT_KEY="/etc/prosody/certs/letsencrypt/live/xmpp.guschin.info/privkey.pem" +# Copy Let's Encrypt certificates to prosody certs directory +install_cert() { + local domain="$1" + local cert_path="/etc/prosody/certs/${domain}.crt" + local key_path="/etc/prosody/certs/${domain}.key" + local le_cert="/etc/prosody/certs/letsencrypt/live/${domain}/fullchain.pem" + local le_key="/etc/prosody/certs/letsencrypt/live/${domain}/privkey.pem" -if [ -f "$LETSENCRYPT_CERT" ] && [ -f "$LETSENCRYPT_KEY" ]; then - echo "Setting up Let's Encrypt certificate..." - cp "$LETSENCRYPT_CERT" "$CERT_PATH" - cp "$LETSENCRYPT_KEY" "$KEY_PATH" - chmod 644 "$CERT_PATH" - chmod 600 "$KEY_PATH" - chown prosody:prosody "$CERT_PATH" "$KEY_PATH" - echo "Let's Encrypt certificate successfully installed" -elif [ ! -f "$CERT_PATH" ] || [ ! -f "$KEY_PATH" ]; then - echo "Let's Encrypt certificate not found, generating self-signed certificate..." - openssl req -x509 -newkey rsa:4096 -keyout "$KEY_PATH" -out "$CERT_PATH" \ - -days 365 -nodes -subj "/CN=xmpp.guschin.info" - chmod 600 "$KEY_PATH" - chmod 644 "$CERT_PATH" - chown prosody:prosody "$CERT_PATH" "$KEY_PATH" -else - echo "Using existing certificates" -fi + if [ -f "$le_cert" ] && [ -f "$le_key" ]; then + echo "Setting up Let's Encrypt certificate for ${domain}..." + cp "$le_cert" "$cert_path" + cp "$le_key" "$key_path" + chmod 644 "$cert_path" + chmod 600 "$key_path" + chown prosody:prosody "$cert_path" "$key_path" + echo "Let's Encrypt certificate for ${domain} installed" + elif [ ! -f "$cert_path" ] || [ ! -f "$key_path" ]; then + echo "Let's Encrypt certificate for ${domain} not found, generating self-signed..." + openssl req -x509 -newkey rsa:4096 -keyout "$key_path" -out "$cert_path" \ + -days 365 -nodes -subj "/CN=${domain}" + chmod 600 "$key_path" + chmod 644 "$cert_path" + chown prosody:prosody "$cert_path" "$key_path" + else + echo "Using existing certificates for ${domain}" + fi +} + +install_cert "xmpp.guschin.info" +install_cert "guschin.info" echo "Starting Prosody..."