{"id":21044818,"url":"https://github.com/opusvl/prosody-bundle","last_synced_at":"2025-05-15T17:33:15.533Z","repository":{"id":148072130,"uuid":"337681832","full_name":"OpusVL/prosody-bundle","owner":"OpusVL","description":"A docker container set that provides a prosody XMPP service with LDAP authentication and user registration via Keycloak. Also with a movim instance for client access.","archived":false,"fork":false,"pushed_at":"2021-02-11T17:52:21.000Z","size":12360,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":5,"default_branch":"main","last_synced_at":"2024-10-24T15:38:30.724Z","etag":null,"topics":["docker-compose","jabber","keycloak","movim","oauth2","openidc","openldap","prosody","prosody-im","xmpp","xmpp-server"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OpusVL.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-02-10T09:58:27.000Z","updated_at":"2023-01-27T00:13:13.000Z","dependencies_parsed_at":"2023-05-19T01:46:03.315Z","dependency_job_id":null,"html_url":"https://github.com/OpusVL/prosody-bundle","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpusVL%2Fprosody-bundle","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpusVL%2Fprosody-bundle/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpusVL%2Fprosody-bundle/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpusVL%2Fprosody-bundle/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OpusVL","download_url":"https://codeload.github.com/OpusVL/prosody-bundle/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225366066,"owners_count":17463005,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker-compose","jabber","keycloak","movim","oauth2","openidc","openldap","prosody","prosody-im","xmpp","xmpp-server"],"created_at":"2024-11-19T14:18:46.451Z","updated_at":"2024-11-19T14:18:47.128Z","avatar_url":"https://github.com/OpusVL.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"![prosody logo](./.assets/prosody_logo.png)\n\n# MPLK - Movim, prosody, LDAP and Keycloak\n\nprosody XMPP Server with Keycloak registration, LDAP authentication and PostgreSQL Storage\n\n## Perquisites\n\nYou must have a working Nginx instance, with the ability to handle the path `.well-known` for the deployment of ACME certificates by using certbot.\n\ncurl, jq, Python with python-dotenv and jinja2\n\n```shell\nsudo apt install curl jq\nsudo pip install python-dotenv jinja2\n```\n\n`python-ldap` is also required if you want to run the roster Python script locally.\n\n# Initial Usage\n\nCreate and edit the `.env` file and change the settings to suit your environment. Copy the example file and update as required.\n\nFetch the certificates:\n\n`./getcerts`\n\nRun the deployment script. This will configure and start the container set with settings from the `.env`.\n\n`./deploy`\n\nAt any change in configuration after the initial deployment use the configure script to recreate files from the templates and deliver them.\n\n`./configure`\n\nYou may  want to restart the container set after any configuration change.\n\n```shell\ndocker-compose down\ndocker-compose up -d\n```\n\n## Prosody\n\nThe `${CONTAINER_VOLUME}` path must belong to a user other than root or prosody fails to start with:\n\n```shell\nprosody_1   | usermod: UID '0' already exists\n```\n\nIt uses `usermod` to change the containers prosody user id to the same as the folder which it obtains similarly to this:\n\n```shell\nstat -c %u /srv/container-volumes/prosody-bundle\n```\n\nProsody uses `supervisord` to run both prosody and `cron`. The cron runs a daily job, which is a templated python file, that updates the roster using the credentials and details in the `.env` at deploy time. It can be updated by rerunning the template using `./configure`\n\nIt is possible to restart prosody alone by using the `supervisorctl` command from within the container.\n\n`docker-compose exec prosody supervisorctl restart prosody`\n\n### Certificates\n\nProsody relies upon the use of Let's Encrypt certificates. The script `getcerts` will initially fetch certificates for prosody wih all the correct SAN's. The `configure script will then deploy them to prosody and setup the automation of copying them into prosody each time they are renewed.\n\n### Configuration Templates\n\nTo build the `cfg.lua` files and other templates I have switched to using Jinja2. As part of the `./deploy` script it renders the config files from `*cfg.*.template.lua` substituting the contained environment variables with their value.\n\n### Deploy Script\n\nThe `./deploy` is a bash script that renders the lua config files, `nginx.conf` and keycloak templates from the `.env`. After the templates it also restarts prosody if it was running, deploys the `nginx.conf` config to `/etc/nginx/conf.d/${SERIAL}.conf` and reloads Nginx. Then runs a series of API calls to Keycloak to deploy the realm and LDAP configuration.\n\n## PostgreSQL\n\nAt initial db startup The `init-db.sh` __should__ take care of creating the database and assigning permissions.\n\n## Keycloak\n\nThis was added to allow users to register for accounts and be added into the LDAP schema automatically. It brings self service to the external users.\n\nSelf Service URL: [http://SERVER:PORT/auth/realms/REALM/account](#)\n\nConfiguration templating is done using the python jinja2 module.\n\n## Movim\n\nIt's important to add in the headers required to any front end Nginx proxy you are using:\n\n```nginx\n    location / {\n        proxy_pass http://movim;\n        # force timeouts if the backend dies\n        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;\n\n        # set headers\n        proxy_set_header X-Real-IP $remote_addr;\n        proxy_set_header X-Forwarded-Host $remote_addr;\n        proxy_set_header X-Forwarded-Port $server_port;\n        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n        proxy_set_header X-Server-Select $scheme;\n        proxy_set_header X-Forwarded-Proto $scheme;\n        proxy_set_header X-Url-Scheme: $scheme;\n        proxy_set_header Host $host;\n        proxy_set_header Connection \"Upgrade\";\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_http_version 1.1;\n\n        # by default, do not forward anything\n        proxy_redirect off;\n    }\n```    \n\nThis is done automatically by the configure script.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopusvl%2Fprosody-bundle","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopusvl%2Fprosody-bundle","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopusvl%2Fprosody-bundle/lists"}