Confusion with http_file_share
Nikita Sorokin
---------- Server-wide settings ----------
admins = { "sor...@jabber.main.com" }
modules_enabled = {
-- Generally required
"disco"; -- Service discovery
"roster"; -- Allow users to have a roster. Recommended ;)
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
"tls"; -- Add support for secure TLS on c2s/s2s connections
-- Not essential, but recommended
"blocklist"; -- Allow users to block communications with other users
"bookmarks"; -- Synchronise the list of open rooms between clients
"carbons"; -- Keep multiple online clients in sync
"dialback"; -- Support for verifying remote servers using DNS
"limits"; -- Enable bandwidth limiting for XMPP connections
"pep"; -- Allow users to store public and private data in their account
"private"; -- Legacy account storage mechanism (XEP-0049)
"smacks"; -- Stream management and resumption (XEP-0198)
"vcard4"; -- User profiles (stored in PEP)
"vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard
-- Nice to have
"account_activity"; -- Record time when an account was last used
"cloud_notify"; -- Push notifications for mobile devices
"csi_simple"; -- Simple but effective traffic optimizations for mobile devices
"invites"; -- Create and manage invites
"invites_adhoc"; -- Allow admins/users to create invitations via their client
"invites_register"; -- Allows invited users to create accounts
"ping"; -- Replies to XMPP pings with pongs
-- "register"; -- Allow users to register on this server using a client and change passwords
"time"; -- Let others know the time here on this server
"uptime"; -- Report how long server has been running
"version"; -- Replies to server version requests
"mam"; -- Store recent messages to allow multi-device synchronization
"turn_external"; -- Provide external STUN/TURN service for e.g. audio/video calls
-- "muc_mam";
"cloud_notify_extensions";
"pubsub";
-- "http_file_share";
-- Admin interfaces
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
"admin_shell"; -- Allow secure administration via 'prosodyctl shell'
-- HTTP modules
"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
--"http_openmetrics"; -- for exposing metrics to stats collectors
"websocket"; -- XMPP over WebSockets
-- Other specific functionality
--"announce"; -- Send announcement to all online users
--"groups"; -- Shared roster support
--"mimicking"; -- Prevent address spoofing
--"motd"; -- Send a message to users when they log in
--"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
--"s2s_bidi"; -- Bi-directional server-to-server (XEP-0288)
--"server_contact_info"; -- Publish contact information for this service
--"tombstones"; -- Prevent registration of deleted accounts
--"watchregistrations"; -- Alert admins of registrations
--"welcome"; -- Welcome users who register accounts
"sasl2";
"sasl_ssdp";
}
modules_disabled = {
"register";
}
-- Server-to-server authentication
s2s_secure_auth = true
-- Rate limits
limits = {
c2s = {
rate = "50kb/s";
burst = "100kb";
};
s2sin = {
rate = "100kb/s";
burst = "200kb";
};
}
-- Required for init scripts and prosodyctl
pidfile = "/var/run/prosody/prosody.pid"
-- Authentication
authentication = "internal_hashed"
-- Storage
storage = "sql" -- Default is "internal"
-- For the "sql" backend, you can uncomment *one* of the below to configure:
sql = { driver = "SQLite3", database = "/var/lib/prosody/prosody.sqlite", sql_manage_tables = true } -- Default. 'database' is the filename.
archive_expires_after = "1w" -- Remove archived messages after 1 week
-- Logging configuration
-- For advanced logging see https://prosody.im/doc/logging
log = {
debug = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
error = "/var/log/prosody/prosody.err";
"*syslog"; -- Uncomment this for logging to syslog
-- "*console"; -- Log to the console, useful for debugging when running in the foreground
}
-- Certificates
certificates = "certs"
-- Turn server
turn_external_host = "turn.hide.com"
turn_external_port = 5349
turn_external_secret = "very_secret"
-- BOSCH/Websocket/converse.js
http_external_url = "https://hide.com"
trusted_proxies = { "127.0.0.1", "::1" }
http_ports = { 5280 }
https_ports = { 5281 }
http_cors_override = {
bosh = {
enabled = true;
access_control_allow_origins = { "https://hide.com" };
};
websocket = {
enabled = true;
access_control_allow_origins = { "https://hide.com" };
};
}
ssl = {
certificate = "/etc/letsencrypt/live/hide.com/fullchain.pem";
key = "/etc/letsencrypt/live/hide.com/privkey.pem";
}
----------- Virtual hosts -----------
VirtualHost "jabber.main.com"
ssl = {
certificate = "/etc/prosody/certs/jabber.sorokin.music.crt";
key = "/etc/prosody/certs/jabber.sorokin.music.key";
}
disco_items = {
{ "upload.main.com", "file sharing service" },
{ "conference.main.com", "group chat service" },
}
Component "upload.main.com" "http_file_share"
http_file_share_expires_after = 31 * 24 * 60 * 60
http_file_share_global_quota = 1024*1024*1024*10
ssl = {
certificate = "/etc/prosody/certs/upload.main.com.crt";
key = "/etc/prosody/certs/upload.main.com.key";
}
http_file_share_base_url = "https://upload.main.com"
http_file_share_max_size = 20485760
Component "conference.main.com" "muc"
modules_enabled = {
"muc_mam";
}
ssl = {
certificate = "/etc/prosody/certs/conference.main.com.crt";
key = "/etc/prosody/certs/conference.main.com.key";
}
restrict_room_creation = true
component_admins_as_room_owners = true
max_history_messages = 2000
Nginx
for upload.main.com
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name upload.main.com;
ssl_certificate /etc/letsencrypt/live/upload.main.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/upload.main.com/privkey.pem;
location / {
proxy_pass http://localhost:5280;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded_Proto $scheme;
limit_except GET HEAD PUT {
deny all;
}
}
}
server {
listen 443 ssl;
server_name hide.com;
ssl_certificate /etc/letsencrypt/live/hide.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/hide.com/privkey.pem;
# BOSH
location /http-bind {
proxy_pass http://localhost:5280/http-bind;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
tcp_nodelay on;
}
# WebSocket
location /xmpp-websocket {
proxy_pass http://localhost:5280/xmpp-websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
tcp_nodelay on;
}
location / {
root /var/www/hide.com;
index index.html;
}
}
sudo tail -f /var/log/prosody/prosody.log
Aug 17 19:26:28 jabber.main.com:mam debug Archive query id=MLhistory:128786E1-5D2B-429A-B8D5-EAC1A41C37DA completed, 0 items returned
Aug 17 19:26:28 c2s5bf4eca00680 debug Sending <r> from c2s-pre-ondrain - #queue=1
Aug 17 19:26:28 c2s5bf4eca00680 debug Sending[c2s]: <r xmlns='urn:xmpp:sm:3'>
Aug 17 19:26:28 connb81U9bqF0L-1 debug Sent 269 out of 269 buffered bytes
Aug 17 19:26:28 c2s5bf4eca00680 debug Received[c2s]: <r xml:lang='en' xmlns='urn:xmpp:sm:3'>
Aug 17 19:26:28 c2s5bf4eca00680 debug Received ack request, acking for 33
Aug 17 19:26:28 c2s5bf4eca00680 debug Sending[c2s]: <a xmlns='urn:xmpp:sm:3' h='33'>
Aug 17 19:26:28 connb81U9bqF0L-1 debug Sent 33 out of 33 buffered bytes
Aug 17 19:26:28 c2s5bf4eca00680 debug Received[c2s]: <a xml:lang='en' xmlns='urn:xmpp:sm:3' h='42'>
Aug 17 19:26:28 c2s5bf4eca00680 debug #queue = 0 (acked: 1)
Aug 17 19:26:51 c2s5bf4ecd1b040 debug Handled 103 incoming stanzas
Aug 17 19:26:51 c2s5bf4ecd1b040 debug Received[c2s]: <iq type='get' id='0F994592-83B7-4FCD-AD01-A6FF5392C4BF' xml:lang='en' to='upload.main.com'>
Aug 17 19:26:51 upload.main.com:http_file_share info Issuing upload slot to sor...@jabber.main.com for 120 KiB
Aug 17 19:26:51 sql debug SQL transaction begin [function @mod_storage_sql.lua:370()]
Aug 17 19:26:51 sql debug SQL transaction success [function @mod_storage_sql.lua:370()]
Aug 17 19:26:51 sql debug SQL transaction begin [function @mod_storage_sql.lua:222()]
Aug 17 19:26:51 sql debug SQL transaction success [function @mod_storage_sql.lua:222()]
Aug 17 19:26:51 upload.main.com:http_file_share debug Total storage usage: 3.19 MiB / 10 GiB
Aug 17 19:26:51 c2s5bf4ecd1b040 debug Sending[c2s]: <iq type='result' to='sor...@jabber.main.com/Monal-iOS.d5616c63' from='upload.main.com' id='0F994592-83B7-4FCD-AD01-A6FF5392C4BF'>
Aug 17 19:26:51 c2s5bf4ecd1b040 debug Sending <r> from c2s-pre-ondrain - #queue=1
Aug 17 19:26:51 c2s5bf4ecd1b040 debug Sending[c2s]: <r xmlns='urn:xmpp:sm:3'>
Aug 17 19:26:51 connfM3DLKOqXCqV debug Sent 917 out of 917 buffered bytes
Aug 17 19:26:51 c2s5bf4ecd1b040 debug Received[c2s]: <r xml:lang='en' xmlns='urn:xmpp:sm:3'>
Aug 17 19:26:51 c2s5bf4ecd1b040 debug Received ack request, acking for 103
Aug 17 19:26:51 c2s5bf4ecd1b040 debug Sending[c2s]: <a xmlns='urn:xmpp:sm:3' h='103'>
Aug 17 19:26:51 connfM3DLKOqXCqV debug Sent 34 out of 34 buffered bytes
Aug 17 19:26:51 c2s5bf4ecd1b040 debug Received[c2s]: <a xml:lang='en' xmlns='urn:xmpp:sm:3' h='192'>
Aug 17 19:26:51 c2s5bf4ecd1b040 debug #queue = 0 (acked: 1)
Aug 17 19:26:51 connlOYdVw3zfK0L debug New connection FD 35 (127.0.0.1, 42962, 127.0.0.1, 5280) on server FD 18 (127.0.0.1, 5280)
Aug 17 19:26:51 connlOYdVw3zfK0L debug Connected (FD 35 (127.0.0.1, 42962, 127.0.0.1, 5280))
Aug 17 19:26:51 runnerTZwmurAjXtbV debug creating new coroutine
Aug 17 19:26:51 http.PUT-SAFM4EuQKfFI debug PUT /068a22cf-ba70-758c-a2b4-de4ec4a79b4b/4FFEBB0B-8159-4F0B-A482-F0F6C872C4C3.jpg HTTP/1.0
Aug 17 19:26:51 http.PUT-SAFM4EuQKfFI debug HTTP/1.0 404 Not Found
Aug 17 19:26:51 connlOYdVw3zfK0L debug Close after writing remaining buffered data
Aug 17 19:26:51 connlOYdVw3zfK0L debug Sent 764 out of 764 buffered bytes
Aug 17 19:26:51 connlOYdVw3zfK0L debug Closing now
Zash
>http_file_share_base_url = "https://upload.main.com"
This setting is meant to be used when something other than Prosody is
handling uploads.
It is *not* for when you run Prosody behind a reverse proxy, for that
instead use `http_external_url = "https://upload.main.com"`
--
Zash