next up previous contents
Next: Prosody Client Up: XMPP 即時通訊伺服器 Prosody Previous: 設定 prosody 用戶   Contents

Prosody 安全設定

  1. 字串 ssl 設定關於 SSL/TLS 安全及加密,以下例子,表示允許用戶自行註冊,啟動 ssl 加密認證,私鑰及證書檔如設定。
    [root@kvm8 ~]# grep ^ssl /etc/prosody/prosody.cfg.lua -C4
    allow_registration = true;
    
    -- These are the SSL/TLS-related settings. If you don't want
    -- to use SSL/TLS, you may comment or remove this
    	key = "/etc/pki/tls/private/prosody.key";
    	certificate = "/etc/pki/tls/certs/prosody.crt";
    }
    
  2. 以下是設定 virtual host 連線,不使用 SSL/TLS 安全及加密。
    [root@kvm8 ~]# grep '\-\-[[:space:]]*ssl =' /etc/prosody/prosody.cfg.lua -B7 -A3
    VirtualHost "deyu.wang"
    	enabled = true -- Remove this line to enable this host
    
    	-- Assign this host a certificate for TLS, otherwise it would use the one
    	-- set in the global section (if any).
    	-- Note that old-style SSL on port 5223 only supports one certificate, and will always
    	-- use the global one.
    --	ssl = {
    --		key = "certs/example.com.key";
    --		certificate = "certs/example.com.crt";
    --	}
    
  3. 更改設定後,必須重新啟動 prosody 服務。
    [root@kvm8 ~]# /etc/init.d/prosody restart
    Stopping prosody: Stopped
                                                               [  OK  ]
    Starting prosody: Started
                                                               [  OK  ]
    
  4. 查看 prosody 服務預設的 ports。
    [root@kvm8 ~]# netstat -tlunp | grep lua
    tcp    0    0 0.0.0.0:5269        0.0.0.0:*    LISTEN      28232/lua           
    tcp    0    0 127.0.0.1:5347      0.0.0.0:*    LISTEN      28232/lua           
    tcp    0    0 0.0.0.0:5222        0.0.0.0:*    LISTEN      28232/lua
    
  5. 防火牆 iptables 必須開啟 5269,5347,5222 等埠號。



2017-10-27