我想使用prosody或者其他xmpp服务器来测试我的xmpp bot。我希望它只接受来自地址/ localhost的连接(不想配置防火墙来阻止访问)。我想知道实现这一目标的最简单方法。
答案 0 :(得分:3)
仅允许来自localhost的连接将服务器绑定到127.0.0.1。将其绑定到0.0.0.0将允许来自任何主机的连接。
检查http://prosody.im/doc/configure并将c2s_interface和s2s_interface值更改为“127.0.0.1”
要允许来自其他地方但不是所有地方的连接,您需要配置防火墙来执行此操作。
答案 1 :(得分:0)
我的prosody.cfg.lua感谢Tuomas
-- Prosody XMPP Server Configuration
--
-- If it wasn't already obvious, -- starts a comment, and all
-- text after it on a line is ignored by Prosody.
--
-- The config is split into sections, a global section, and one
-- for each defined host that we serve. You can add as many host
-- sections as you like.
--
-- Lists are written { "like", "this", "one" }
-- Lists can also be of { 1, 2, 3 } numbers, etc.
-- Either commas, or semi-colons; may be used
-- as seperators.
--
-- A table is a list of values, except each value has a name. An
-- example table would be:
--
-- ssl = { key = "keyfile.key", certificate = "certificate.cert" }
--
-- Whitespace (that is tabs, spaces, line breaks) is mostly insignificant, so
-- can
-- be placed anywhere
-- that you deem fitting.
--
-- Tip: You can check that the syntax of this file is correct when you have finished
-- by running: luac -p /etc/prosody/prosody.cfg.lua
-- If there are any errors, it will let you know what and where they are, otherwise it
-- will keep quiet.
--
-- Good luck, and happy Jabbering!
-- Global settings go in this section
-- (ie. those that apply to all hosts)
Host "*"
c2s_interface = "127.0.0.1"
s2s_interface = "127.0.0.1"
-- This is a (by default, empty) list of accounts that are admins
-- for the server. Note that you must create the accounts separately
-- (see http://prosody.im/doc/creating_accounts for info)
-- Example: admins = { "user1@example.com", "user2@example.net" }
admins = { }
-- This is the list of modules Prosody will load on startup.
-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
modules_enabled = {
-- Generally required
"roster"; -- Allow users to have a roster. Recommended ;)
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
"tls"; -- Add support for secure TLS on c2s/s2s connections
"dialback"; -- s2s dialback support
"disco"; -- Service discovery
-- Not essential, but recommended
"private"; -- Private XML storage (for room bookmarks, etc.)
"vcard"; -- Allow users to set vCards
-- Nice to have
"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
"version"; -- Replies to server version requests
"uptime"; -- Report how long server has been running
"time"; -- Let others know the time here on this server
"ping"; -- Replies to XMPP pings with pongs
"pep"; -- Enables users to publish their mood, activity, playing music and more
"register"; -- Allow users to register on this server using a client and change passwords
-- Required for daemonizing, and logging
"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
-- Other specific functionality
--"console"; -- telnet to port 5582 (needs console_enabled = true)
--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
--"httpserver"; -- Serve static files from a directory over HTTP
};
-- These modules are auto-loaded, should you
-- for (for some mad reason) want to disable
-- them then uncomment them below
modules_disabled = {
-- "presence";
-- "message";
-- "iq";
};
-- Disable account creation by default, for security
-- For more information see http://prosody.im/doc/creating_accounts
allow_registration = false;
-- These are the SSL/TLS-related settings. If you don't want
-- to use SSL/TLS, you may comment or remove this
ssl = {
key = "/etc/prosody/certs/localhost.key";
certificate = "/etc/prosody/certs/localhost.cert";
}
-- Hint: If you create a new log file or rename them, don't forget to update the
-- logrotate config at /etc/logrotate.d/prosody
log = {
-- Log all error messages to prosody.err
{ levels = { min = "error" }, to = "file", filename = "/var/log/prosody/prosody.err" };
-- Log everything of level "info" and higher (that is, all except "debug" messages)
-- to prosody.log
{ levels = { min = "info" }, to = "file", filename = "/var/log/prosody/prosody.log" };
}
pidfile = "/var/run/prosody/prosody.pid"
-- This allows clients to connect to localhost.
-- Obviously this domain cannot normally be accessed from other servers.
Host "localhost"