Add guschin.info VirtualHost alongside xmpp.guschin.info
Users can now register as name@guschin.info or name@xmpp.guschin.info. Added Let's Encrypt cert mounting and install for guschin.info domain. Refactored entrypoint cert install into reusable function. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
mguschin
@@ -1,7 +1,7 @@
|
|||||||
-- Prosody XMPP Server Configuration
|
-- Prosody XMPP Server Configuration
|
||||||
-- Domain: xmpp.guschin.info
|
-- Domain: xmpp.guschin.info
|
||||||
|
|
||||||
admins = { "admin@xmpp.guschin.info" }
|
admins = { "admin@guschin.info", "admin@xmpp.guschin.info" }
|
||||||
|
|
||||||
modules_enabled = {
|
modules_enabled = {
|
||||||
-- Generally required
|
-- Generally required
|
||||||
@@ -69,7 +69,14 @@ archive_expires_after = "never"
|
|||||||
-- Certificates directory (global, before VirtualHost)
|
-- Certificates directory (global, before VirtualHost)
|
||||||
certificates = "/etc/prosody/certs"
|
certificates = "/etc/prosody/certs"
|
||||||
|
|
||||||
-- Virtual host definition
|
-- Primary virtual host (user@guschin.info)
|
||||||
|
VirtualHost "guschin.info"
|
||||||
|
ssl = {
|
||||||
|
key = "/etc/prosody/certs/guschin.info.key";
|
||||||
|
certificate = "/etc/prosody/certs/guschin.info.crt";
|
||||||
|
}
|
||||||
|
|
||||||
|
-- Secondary virtual host (user@xmpp.guschin.info)
|
||||||
VirtualHost "xmpp.guschin.info"
|
VirtualHost "xmpp.guschin.info"
|
||||||
ssl = {
|
ssl = {
|
||||||
key = "/etc/prosody/certs/xmpp.guschin.info.key";
|
key = "/etc/prosody/certs/xmpp.guschin.info.key";
|
||||||
@@ -77,6 +84,6 @@ VirtualHost "xmpp.guschin.info"
|
|||||||
}
|
}
|
||||||
|
|
||||||
-- Component for MUC (Multi-User Chat)
|
-- Component for MUC (Multi-User Chat)
|
||||||
Component "muc.xmpp.guschin.info" "muc"
|
Component "muc.guschin.info" "muc"
|
||||||
modules_enabled = { "muc_mam" }
|
modules_enabled = { "muc_mam" }
|
||||||
storage = "sql"
|
storage = "sql"
|
||||||
|
|||||||
@@ -25,6 +25,8 @@ services:
|
|||||||
- ./data/prosody/configuration:/etc/prosody/conf.d
|
- ./data/prosody/configuration:/etc/prosody/conf.d
|
||||||
- /etc/letsencrypt/live/xmpp.guschin.info:/etc/prosody/certs/letsencrypt/live/xmpp.guschin.info:ro
|
- /etc/letsencrypt/live/xmpp.guschin.info:/etc/prosody/certs/letsencrypt/live/xmpp.guschin.info:ro
|
||||||
- /etc/letsencrypt/archive/xmpp.guschin.info:/etc/prosody/certs/letsencrypt/archive/xmpp.guschin.info:ro
|
- /etc/letsencrypt/archive/xmpp.guschin.info:/etc/prosody/certs/letsencrypt/archive/xmpp.guschin.info:ro
|
||||||
|
- /etc/letsencrypt/live/guschin.info:/etc/prosody/certs/letsencrypt/live/guschin.info:ro
|
||||||
|
- /etc/letsencrypt/archive/guschin.info:/etc/prosody/certs/letsencrypt/archive/guschin.info:ro
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
mem_limit: 200M
|
mem_limit: 200M
|
||||||
healthcheck:
|
healthcheck:
|
||||||
|
|||||||
@@ -38,30 +38,36 @@ fi
|
|||||||
# (directories are already created in Dockerfile with proper ownership)
|
# (directories are already created in Dockerfile with proper ownership)
|
||||||
touch /var/log/prosody/prosody.log /var/log/prosody/prosody.err 2>/dev/null || true
|
touch /var/log/prosody/prosody.log /var/log/prosody/prosody.err 2>/dev/null || true
|
||||||
|
|
||||||
# Copy Let's Encrypt certificate to prosody certs directory if available
|
# Copy Let's Encrypt certificates to prosody certs directory
|
||||||
CERT_PATH="/etc/prosody/certs/xmpp.guschin.info.crt"
|
install_cert() {
|
||||||
KEY_PATH="/etc/prosody/certs/xmpp.guschin.info.key"
|
local domain="$1"
|
||||||
LETSENCRYPT_CERT="/etc/prosody/certs/letsencrypt/live/xmpp.guschin.info/fullchain.pem"
|
local cert_path="/etc/prosody/certs/${domain}.crt"
|
||||||
LETSENCRYPT_KEY="/etc/prosody/certs/letsencrypt/live/xmpp.guschin.info/privkey.pem"
|
local key_path="/etc/prosody/certs/${domain}.key"
|
||||||
|
local le_cert="/etc/prosody/certs/letsencrypt/live/${domain}/fullchain.pem"
|
||||||
|
local le_key="/etc/prosody/certs/letsencrypt/live/${domain}/privkey.pem"
|
||||||
|
|
||||||
if [ -f "$LETSENCRYPT_CERT" ] && [ -f "$LETSENCRYPT_KEY" ]; then
|
if [ -f "$le_cert" ] && [ -f "$le_key" ]; then
|
||||||
echo "Setting up Let's Encrypt certificate..."
|
echo "Setting up Let's Encrypt certificate for ${domain}..."
|
||||||
cp "$LETSENCRYPT_CERT" "$CERT_PATH"
|
cp "$le_cert" "$cert_path"
|
||||||
cp "$LETSENCRYPT_KEY" "$KEY_PATH"
|
cp "$le_key" "$key_path"
|
||||||
chmod 644 "$CERT_PATH"
|
chmod 644 "$cert_path"
|
||||||
chmod 600 "$KEY_PATH"
|
chmod 600 "$key_path"
|
||||||
chown prosody:prosody "$CERT_PATH" "$KEY_PATH"
|
chown prosody:prosody "$cert_path" "$key_path"
|
||||||
echo "Let's Encrypt certificate successfully installed"
|
echo "Let's Encrypt certificate for ${domain} installed"
|
||||||
elif [ ! -f "$CERT_PATH" ] || [ ! -f "$KEY_PATH" ]; then
|
elif [ ! -f "$cert_path" ] || [ ! -f "$key_path" ]; then
|
||||||
echo "Let's Encrypt certificate not found, generating self-signed certificate..."
|
echo "Let's Encrypt certificate for ${domain} not found, generating self-signed..."
|
||||||
openssl req -x509 -newkey rsa:4096 -keyout "$KEY_PATH" -out "$CERT_PATH" \
|
openssl req -x509 -newkey rsa:4096 -keyout "$key_path" -out "$cert_path" \
|
||||||
-days 365 -nodes -subj "/CN=xmpp.guschin.info"
|
-days 365 -nodes -subj "/CN=${domain}"
|
||||||
chmod 600 "$KEY_PATH"
|
chmod 600 "$key_path"
|
||||||
chmod 644 "$CERT_PATH"
|
chmod 644 "$cert_path"
|
||||||
chown prosody:prosody "$CERT_PATH" "$KEY_PATH"
|
chown prosody:prosody "$cert_path" "$key_path"
|
||||||
else
|
else
|
||||||
echo "Using existing certificates"
|
echo "Using existing certificates for ${domain}"
|
||||||
fi
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
install_cert "xmpp.guschin.info"
|
||||||
|
install_cert "guschin.info"
|
||||||
|
|
||||||
echo "Starting Prosody..."
|
echo "Starting Prosody..."
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user