External Components interface configuration:
You can now configure on which network interfaces Prosody will listen for external components.
This commit is contained in:
John Livingston
parent
28c586fc09
commit
d0ba7d017d
@ -4,7 +4,11 @@
|
|||||||
|
|
||||||
### New features
|
### New features
|
||||||
|
|
||||||
* Moderation bot
|
* Moderation bot.
|
||||||
|
|
||||||
|
### Minor changes and fixes
|
||||||
|
|
||||||
|
* You can now configure on which network interfaces Prosody will listen for external components.
|
||||||
|
|
||||||
### Minor changes and fixes
|
### Minor changes and fixes
|
||||||
|
|
||||||
|
|||||||
@ -208,6 +208,7 @@ function register ({ registerHook, registerSettingsScript, peertubeHelpers }: Re
|
|||||||
case 'prosody-certificates-dir':
|
case 'prosody-certificates-dir':
|
||||||
return options.formValues['prosody-room-allow-s2s'] !== true
|
return options.formValues['prosody-room-allow-s2s'] !== true
|
||||||
case 'prosody-components-port':
|
case 'prosody-components-port':
|
||||||
|
case 'prosody-components-interfaces':
|
||||||
case 'prosody-components-list':
|
case 'prosody-components-list':
|
||||||
return options.formValues['prosody-components'] !== true
|
return options.formValues['prosody-components'] !== true
|
||||||
case 'converse-autocolors':
|
case 'converse-autocolors':
|
||||||
|
|||||||
@ -253,16 +253,30 @@ prosody_c2s_port_description: |
|
|||||||
prosody_components_label: "Enable custom Prosody external components"
|
prosody_components_label: "Enable custom Prosody external components"
|
||||||
prosody_components_description: |
|
prosody_components_description: |
|
||||||
Enable the use of external XMPP components.<br>
|
Enable the use of external XMPP components.<br>
|
||||||
This option alone only allows connections from localhost.<br>
|
This option alone only allows connections from localhost.
|
||||||
|
You have to setup the listening interfaces and open the port on your firewall to make it available from remote servers.<br>
|
||||||
This feature can, for example, be used to connect some bots to the chatting rooms.
|
This feature can, for example, be used to connect some bots to the chatting rooms.
|
||||||
|
|
||||||
prosody_components_port_label: "Prosody external components port"
|
prosody_components_port_label: "Prosody external components port"
|
||||||
prosody_components_port_description: |
|
prosody_components_port_description: |
|
||||||
The port that will be used by XMPP components to connect to the Prosody server.<br>
|
The port that will be used by XMPP components to connect to the Prosody server.<br>
|
||||||
Change it if this port is already in use on your server.<br>
|
Change it if this port is already in use on your server.<br>
|
||||||
You can keep this port closed on your firewall for now, it will not be accessed from the outer world.<br>
|
You can keep this port closed on your firewall if you don't allow access on interfaces other than localhost.<br>
|
||||||
Note: this might change in a near future, as it is planned to add a feature to activate external connections.
|
Note: this might change in a near future, as it is planned to add a feature to activate external connections.
|
||||||
|
|
||||||
|
prosody_components_interfaces_label: "Prosody external components network interfaces"
|
||||||
|
prosody_components_interfaces_description: |
|
||||||
|
The network interfaces to listen on for external components connections.<br>
|
||||||
|
List of IP to listen on, coma separated (spaces will be stripped).<br>
|
||||||
|
You can use «*» to listen on all IPv4 interfaces, and «::» for all IPv6.<br>
|
||||||
|
Examples:
|
||||||
|
<ul>
|
||||||
|
<li>*, ::</li>
|
||||||
|
<li>*</li>
|
||||||
|
<li>127.0.0.1, ::1</li>
|
||||||
|
<li>172.18.0.42</li>
|
||||||
|
</ul>
|
||||||
|
|
||||||
prosody_components_list_label: "External components"
|
prosody_components_list_label: "External components"
|
||||||
prosody_components_list_description: |
|
prosody_components_list_description: |
|
||||||
The external components to declare:
|
The external components to declare:
|
||||||
|
|||||||
@ -144,6 +144,7 @@ async function getProsodyConfig (options: RegisterServerOptionsV5): Promise<Pros
|
|||||||
'prosody-peertube-uri',
|
'prosody-peertube-uri',
|
||||||
'prosody-components',
|
'prosody-components',
|
||||||
'prosody-components-port',
|
'prosody-components-port',
|
||||||
|
'prosody-components-interfaces',
|
||||||
'prosody-components-list',
|
'prosody-components-list',
|
||||||
'chat-no-anonymous',
|
'chat-no-anonymous',
|
||||||
'federation-dont-publish-remotely'
|
'federation-dont-publish-remotely'
|
||||||
@ -230,11 +231,22 @@ async function getProsodyConfig (options: RegisterServerOptionsV5): Promise<Pros
|
|||||||
if (!/^\d+$/.test(componentsPort)) {
|
if (!/^\d+$/.test(componentsPort)) {
|
||||||
throw new Error('Invalid external components port')
|
throw new Error('Invalid external components port')
|
||||||
}
|
}
|
||||||
|
const componentsInterfaces = ((settings['prosody-components-interfaces'] as string) || '')
|
||||||
|
.split(',')
|
||||||
|
.map(s => s.trim())
|
||||||
|
// Check that there is no invalid values (to avoid injections):
|
||||||
|
componentsInterfaces.forEach(networkInterface => {
|
||||||
|
if (networkInterface === '*') return
|
||||||
|
if (networkInterface === '::') return
|
||||||
|
if (networkInterface.match(/^\d+\.\d+\.\d+\.\d+$/)) return
|
||||||
|
if (networkInterface.match(/^[a-f0-9:]+$/)) return
|
||||||
|
throw new Error('Invalid components interfaces')
|
||||||
|
})
|
||||||
const components = parseExternalComponents((settings['prosody-components-list'] as string) || '', prosodyDomain)
|
const components = parseExternalComponents((settings['prosody-components-list'] as string) || '', prosodyDomain)
|
||||||
for (const component of components) {
|
for (const component of components) {
|
||||||
valuesToHideInDiagnostic.set('Component ' + component.name + ' secret', component.secret)
|
valuesToHideInDiagnostic.set('Component ' + component.name + ' secret', component.secret)
|
||||||
}
|
}
|
||||||
config.useExternalComponents(componentsPort, components)
|
config.useExternalComponents(componentsPort, componentsInterfaces, components)
|
||||||
}
|
}
|
||||||
|
|
||||||
if (enableRoomS2S || enableRemoteChatConnections) {
|
if (enableRoomS2S || enableRemoteChatConnections) {
|
||||||
|
|||||||
@ -315,9 +315,17 @@ class ProsodyConfigContent {
|
|||||||
this.authenticated?.add('modules_enabled', 'dialback') // This allows s2s connections without certicicates!
|
this.authenticated?.add('modules_enabled', 'dialback') // This allows s2s connections without certicicates!
|
||||||
}
|
}
|
||||||
|
|
||||||
useExternalComponents (componentsPort: string, components: ExternalComponent[]): void {
|
useExternalComponents (
|
||||||
|
componentsPort: string,
|
||||||
|
componentsInterfaces: string[] | null,
|
||||||
|
components: ExternalComponent[]
|
||||||
|
): void {
|
||||||
this.global.set('component_ports', [componentsPort])
|
this.global.set('component_ports', [componentsPort])
|
||||||
this.global.set('component_interfaces', ['127.0.0.1', '::1'])
|
if (componentsInterfaces !== null) {
|
||||||
|
this.global.set('component_interfaces', componentsInterfaces)
|
||||||
|
} else {
|
||||||
|
this.global.set('component_interfaces', [])
|
||||||
|
}
|
||||||
|
|
||||||
for (const component of components) {
|
for (const component of components) {
|
||||||
const c = new ProsodyConfigComponent(component.name)
|
const c = new ProsodyConfigComponent(component.name)
|
||||||
|
|||||||
@ -358,6 +358,15 @@ Please read
|
|||||||
descriptionHTML: loc('prosody_components_port_description')
|
descriptionHTML: loc('prosody_components_port_description')
|
||||||
})
|
})
|
||||||
|
|
||||||
|
registerSetting({
|
||||||
|
name: 'prosody-components-interfaces',
|
||||||
|
label: loc('prosody_components_interfaces_label'),
|
||||||
|
type: 'input',
|
||||||
|
default: '127.0.0.1, ::1',
|
||||||
|
private: true,
|
||||||
|
descriptionHTML: loc('prosody_components_interfaces_description')
|
||||||
|
})
|
||||||
|
|
||||||
registerSetting({
|
registerSetting({
|
||||||
name: 'prosody-components-list',
|
name: 'prosody-components-list',
|
||||||
label: loc('prosody_components_list_label'),
|
label: loc('prosody_components_list_label'),
|
||||||
|
|||||||
@ -159,8 +159,25 @@ As example, this option can allow an instance of Matterbridge (once it could use
|
|||||||
### {{% livechat_label prosody_components_label %}}
|
### {{% livechat_label prosody_components_label %}}
|
||||||
|
|
||||||
This settings enable XMPP external components to connect to the server.
|
This settings enable XMPP external components to connect to the server.
|
||||||
For now, this option **only allows connections from localhost components**.
|
By default, this option **only allows connections from localhost components**.
|
||||||
|
You have to change the "{{% livechat_label prosody_components_interfaces_label %}}" value to listen on other network interfaces.
|
||||||
|
|
||||||
This feature could be used to connect bridges or bots.
|
This feature could be used to connect bridges or bots.
|
||||||
|
|
||||||
More informations on Prosody external components [here](https://prosody.im/doc/components).
|
More informations on Prosody external components [here](https://prosody.im/doc/components).
|
||||||
|
|
||||||
|
#### {{% livechat_label prosody_components_label %}}
|
||||||
|
|
||||||
|
{{% livechat_label prosody_components_description %}}
|
||||||
|
|
||||||
|
#### {{% livechat_label prosody_components_port_label %}}
|
||||||
|
|
||||||
|
{{% livechat_label prosody_components_port_description %}}
|
||||||
|
|
||||||
|
#### {{% livechat_label prosody_components_interfaces_label %}}
|
||||||
|
|
||||||
|
{{% livechat_label prosody_components_interfaces_description %}}
|
||||||
|
|
||||||
|
#### {{% livechat_label prosody_components_list_label %}}
|
||||||
|
|
||||||
|
{{% livechat_label prosody_components_list_description %}}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user