216
edits
(→Prosody: Encryption is required now and random configuration snippets on the interwebs is considered harmful) |
Neustradamus (talk | contribs) m |
||
(One intermediate revision by one other user not shown) | |||
Line 10: | Line 10: | ||
=== Step1: Get a server certificate=== | === Step1: Get a server certificate=== | ||
Let's say you run an XMPP service for <code> | Let's say you run an XMPP service for <code>domain.tld</code> (jids of user@domain.tld), you will need to order a certificate for with a subject or alt-name of <code>domain.tld</code> (not <code>server.domain.tld</code>) from your preferred cert provider. The certificate should also include alt-names for subomains such as <code>conference.domain.tld</code>, at least for services that should be accessible to remote users. | ||
=== Step 2: Disable cleartext connections === | === Step 2: Disable cleartext connections === | ||
Line 42: | Line 42: | ||
==== Prosody ==== | ==== Prosody ==== | ||
Prosody is secure by default, as of version 0.12.x no changes to the default configuration is required to enable or enforce encrypted connections. | Prosody is aiming to be secure by default, as of version 0.12.x no changes to the default configuration is required to enable or enforce encrypted connections. | ||
Further help: | Further help: |
edits