[Debian-rtc-admin] [rt.debian.org #8257] Allow debvoip to sudoedit prosody config files on vogler

Martin debacle at debian.org
Sat Oct 19 15:50:54 BST 2024 

Hi Philipp,

On 2024-10-19 14:26, Philipp Kern via RT wrote:
> On 10/19/24 3:33 PM, W. Martin Borgert via RT wrote:
>> TTBOMK, full debug log shows "everything". Admin can see all contact and
>> all messages, if they are not e2ee. I can check with prosody upstream if
>> there is a debug mode, that is less problematic and still helpful for
>> our use case. In that case, I suggest, that :debvoip group can only
>> switch on and off this specific mode. E.g. by something like "touch
>> /etc/prosody/turn-on-debug && systemctl reload prosody" or whatever.
>
> It'd be good if this would not hit the disk.

I'll ask upstream about it. As prosody is written and configured in Lua,
everything should be possible.

> [...]> I believe, that we should have nginx on vogler on ports 443 and 80.
>> It's needed not only for BOSH and HTTP file upload, but it is also a
>> very good idea to run xmpps (XMPP over direct TLS) on port 443. Last
>> time in a British train, I only could connect to my private Jabber
>> server on port 443, but not the Debian server.
>
> Could we also do it with apache? We don't currently run nginx.

I guess so, but I lost all my Apache knowledge some years ago. I use
nginx on my private Jabber server to disentangle various TLS protocols
all on the same port 443:

stream {
	map $ssl_preread_alpn_protocols $upstream {
		default httpserver;
		"xmpp-client" xmppserver;
		"stun.turn" turnserver;
		"stun.nat-discovery" turnserver;
	}
}

sslh can do that, too, but I'm not sure about the syntax. Also, I
remember rumours, that nginx were somehow "better" than sslh for that
task. I can check that in the XMPP operators groups chat.

>> PS: I recently sent a git patch on the DSA mailing list improving the
>> group chat function of our server. If you or somebody else could apply
>> it, that would be great.
>
> It'd be good if you'd attach it here. Thanks!

Sure!

Cheers, Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-activate-MAM-and-vcard-for-MUC.patch
Type: text/x-diff
Size: 1037 bytes
Desc: MUC patch
URL: <http://alioth-lists.debian.net/pipermail/debian-rtc-team/attachments/20241019/e6a3f80f/attachment.patch>

More information about the Debian-rtc-team mailing list