I want to use prosody or maybe another xmpp server to test my xmpp bot. I want it to only accept connection from the address/localhost(don't want to configure firewall to block access). I would like to know the easiest way to accomplish this.
+3
A:
To allow connections only from the localhost bind the server to 127.0.0.1. Binding it to 0.0.0.0 will allow connections from any host.
Check http://prosody.im/doc/configure and change the c2s_interface and s2s_interface values to "127.0.0.1"
To allow connections from somewhere else also but not everywhere, you need configure your firewall to do this.
Tuomas Pelkonen
2010-03-16 20:06:31
A:
My prosody.cfg.lua thanks to Tuomas
-- Prosody XMPP Server Configuration
--
-- If it wasn't already obvious, -- starts a comment, and all
-- text after it on a line is ignored by Prosody.
--
-- The config is split into sections, a global section, and one
-- for each defined host that we serve. You can add as many host
-- sections as you like.
--
-- Lists are written { "like", "this", "one" }
-- Lists can also be of { 1, 2, 3 } numbers, etc.
-- Either commas, or semi-colons; may be used
-- as seperators.
--
-- A table is a list of values, except each value has a name. An
-- example table would be:
--
-- ssl = { key = "keyfile.key", certificate = "certificate.cert" }
--
-- Whitespace (that is tabs, spaces, line breaks) is mostly insignificant, so
-- can
-- be placed anywhere
-- that you deem fitting.
--
-- Tip: You can check that the syntax of this file is correct when you have finished
-- by running: luac -p /etc/prosody/prosody.cfg.lua
-- If there are any errors, it will let you know what and where they are, otherwise it
-- will keep quiet.
--
-- Good luck, and happy Jabbering!
-- Global settings go in this section
-- (ie. those that apply to all hosts)
Host "*"
c2s_interface = "127.0.0.1"
s2s_interface = "127.0.0.1"
-- This is a (by default, empty) list of accounts that are admins
-- for the server. Note that you must create the accounts separately
-- (see http://prosody.im/doc/creating_accounts for info)
-- Example: admins = { "[email protected]", "[email protected]" }
admins = { }
-- This is the list of modules Prosody will load on startup.
-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
modules_enabled = {
-- Generally required
"roster"; -- Allow users to have a roster. Recommended ;)
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
"tls"; -- Add support for secure TLS on c2s/s2s connections
"dialback"; -- s2s dialback support
"disco"; -- Service discovery
-- Not essential, but recommended
"private"; -- Private XML storage (for room bookmarks, etc.)
"vcard"; -- Allow users to set vCards
-- Nice to have
"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
"version"; -- Replies to server version requests
"uptime"; -- Report how long server has been running
"time"; -- Let others know the time here on this server
"ping"; -- Replies to XMPP pings with pongs
"pep"; -- Enables users to publish their mood, activity, playing music and more
"register"; -- Allow users to register on this server using a client and change passwords
-- Required for daemonizing, and logging
"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
-- Other specific functionality
--"console"; -- telnet to port 5582 (needs console_enabled = true)
--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
--"httpserver"; -- Serve static files from a directory over HTTP
};
-- These modules are auto-loaded, should you
-- for (for some mad reason) want to disable
-- them then uncomment them below
modules_disabled = {
-- "presence";
-- "message";
-- "iq";
};
-- Disable account creation by default, for security
-- For more information see http://prosody.im/doc/creating_accounts
allow_registration = false;
-- These are the SSL/TLS-related settings. If you don't want
-- to use SSL/TLS, you may comment or remove this
ssl = {
key = "/etc/prosody/certs/localhost.key";
certificate = "/etc/prosody/certs/localhost.cert";
}
-- Hint: If you create a new log file or rename them, don't forget to update the
-- logrotate config at /etc/logrotate.d/prosody
log = {
-- Log all error messages to prosody.err
{ levels = { min = "error" }, to = "file", filename = "/var/log/prosody/prosody.err" };
-- Log everything of level "info" and higher (that is, all except "debug" messages)
-- to prosody.log
{ levels = { min = "info" }, to = "file", filename = "/var/log/prosody/prosody.log" };
}
pidfile = "/var/run/prosody/prosody.pid"
-- This allows clients to connect to localhost.
-- Obviously this domain cannot normally be accessed from other servers.
Host "localhost"
Alfred
2010-03-16 20:22:38