3:02 p.m.
Hi Maciej,
thanks for your answer.
It should work with the prosody package from Debian Stretch. Not sure
about
the service itself though, I just tried the role to see if the service is
configured, haven't deployed any XMPP service in production yet.
Anybody else using the debops.prosody role in production?
> - Is debops.prosody integrated with debops.pki and esp. the ACME
support?
Yes, the role is integrated with debops.pki. For the ACME support, you will
have to install the nginx via debops.nginx role; you could use the webserver
to redirect users to the main page if you don't plan to set up anything else
on that host besides the XMPP server.
I don't know prosody well, and probably I still do not understand debops
acme-support, but for me it looks like the service if configures
partially only.
*
The playbook service/prosody does not include the roles pki nor nginx.
*
According to https://prosody.im/doc/certificates#automatic_location,
there has to be a certificate for each VirtualHost and Component
definition (e.g. example.com and conference.example.com).
* I could not find any of these name in /etc/ansible nor in /etc/pki.
Thus even if run manually, neither the ACME role not the nginx role
will pick it up, I assume. Thus the ACME certificate will not
include these domain-names.
*
The same is true for "{{ prosody__domain }}" (but I guess this does
not require a certificate).
My configuration is straight forward:
prosody__domain: im.my-ngo.org
prosody__config_virtual_hosts:
- name: my-ngo.org
enabled: true
pki_realm: host
Also some bugs
* Changing the pki_system_realm has no effect on the prosody
configuration. I assume since the debops.pki role is not used.
Any hints? Shall I file some bug-reports?
--
Regards
Hartmut Goebel
| Hartmut Goebel | h.goebel(a)crazy-compilers.com |
| www.crazy-compilers.com | compilers which you thought are impossible |