From 6015367332a91aa79b89444b38fddd188bc4c7dd Mon Sep 17 00:00:00 2001 From: mguschin Date: Sun, 1 Mar 2026 19:31:03 +0300 Subject: [PATCH] Fix TLS cert domain mismatch: VirtualHost now matches cert domain VirtualHost changed from "guschin.info" to "xmpp.guschin.info" to match the Let's Encrypt certificate. Moved certificates directive before VirtualHost block. Removed misplaced default_realm and global ssl block. Co-Authored-By: Claude Opus 4.6 --- data/prosody/configuration/prosody.cfg.lua | 24 +++++++--------------- 1 file changed, 7 insertions(+), 17 deletions(-) diff --git a/data/prosody/configuration/prosody.cfg.lua b/data/prosody/configuration/prosody.cfg.lua index a57c547..93c7652 100644 --- a/data/prosody/configuration/prosody.cfg.lua +++ b/data/prosody/configuration/prosody.cfg.lua @@ -1,7 +1,7 @@ -- Prosody XMPP Server Configuration -- Domain: xmpp.guschin.info -admins = { "admin@guschin.info" } +admins = { "admin@xmpp.guschin.info" } modules_enabled = { -- Generally required @@ -59,30 +59,20 @@ https_ports = { 5281 } c2s_require_encryption = true s2s_require_encryption = false --- TLS/SSL options for all connections -ssl = { - protocol = "tlsv1_2+"; - ciphers = "HIGH:!aNULL:!MD5"; - options = { "no_sslv2", "no_sslv3", "no_compression", "cipher_server_preference" }; -} - --- Disable SASLauth external authentication +-- Authentication authentication = "internal_plain" +-- Certificates directory (global, before VirtualHost) +certificates = "/etc/prosody/certs" + -- Virtual host definition -VirtualHost "guschin.info" +VirtualHost "xmpp.guschin.info" ssl = { key = "/etc/prosody/certs/xmpp.guschin.info.key"; certificate = "/etc/prosody/certs/xmpp.guschin.info.crt"; } -- Component for MUC (Multi-User Chat) -Component "muc.guschin.info" "muc" +Component "muc.xmpp.guschin.info" "muc" modules_enabled = { "muc_mam" } storage = "sql" - --- Set a default realm for the server -default_realm = "guschin.info" - --- Certificates -certificates = "/etc/prosody/certs"