docker-compose, prosody: Switch to host networking for the container

This simplifies things in preparation for adding coturn and its large
number of ports.

As Prosody now must listen on the "real" HTTP ports, we had to give
permission to the Lua binary to bind low network ports.

ansible/files/prosody.cfg.lua

@@ -75,6 +75,9 @@ registration_notification = "New user registered: $username"
 
 reload_global_modules = { "http" }
 
+http_ports  = { ENV_SNIKKET_TWEAK_HTTP_PORT or 80 }
+https_ports = { ENV_SNIKKET_TWEAK_HTTPS_PORT or 443 }
+
 legacy_ssl_ports = { 5223 }
 
 allow_registration = true

ansible/tasks/prosody.yml

@@ -46,6 +46,8 @@
   service:
     name: prosody
     state: stopped
+- name: "Allow Prosody to bind service ports"
+  command: setcap 'cap_net_bind_service=+ep' /usr/bin/lua5.1
 
 - name: Install Mercurial
   apt:

docker-compose.yml

@@ -3,18 +3,7 @@ version: "3.3"
 services:
   snikket:
     image: snikket:latest
-    ports:
-      # HTTP port
-      - "80:5280"
-      # HTTPS port
-      - "443:5281"
-      # XMPP client connections (STARTTLS and Direct TLS)
-      - "5222:5222"
-      - "5223:5223"
-      # XMPP server-to-server connections
-      - "5269:5269"
-      # Mail viewer (dev only)
-      - "8025:8025"
+    network_mode: host
     volumes:
       - type: "volume"
         source: snikket_data

docker/Dockerfile

@@ -23,6 +23,7 @@ RUN apt-get update \
         software-properties-common \
         gpg gpg-agent \
         ansible python-passlib python3-passlib \
+        libcap2-bin \
     && rm -rf /var/lib/apt/lists/* \
     && ansible-playbook -c local -i localhost, --extra-vars "ansible_python_interpreter=/usr/bin/python2" /opt/ansible/snikket.yml \
     && apt-get remove -y \
@@ -30,7 +31,7 @@ RUN apt-get update \
          software-properties-common \
          gpg gpg-agent \
          python-passlib python3-passlib \
-         mercurial \
+         mercurial libcap2-bin \
     && apt-get autoremove -y \
     && rm -rf /var/cache/*