Show pageBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ===== Setting up a Prosody XMPP chat server ===== \\ ==== Firewall ==== The following ports have to be opened in your firewall: <code> 5222/tcp # XMPP Client-to-Server 5269/tcp # XMPP Server-to-Server 5281/tcp # XMPP HTTPS (for file sharing) </code> ---- \\ ==== Prosody ==== > [[https://en.wikipedia.org/wiki/Prosody_(software)|Prosody]] (formerly lxmppd) is a cross-platform XMPP server written in Lua. Its development goals include low resource usage, ease of use, and extensibility.\\ \\ === Installation === <code bash> sudo apt install prosody prosody-modules lua-unbound </code> Add the ''prosody'' user to the ''ssl-cert'' group: <code bash> sudo usermod -aG ssl-cert prosody </code> \\ === Configuration === Create a virtual host configuration: <code lua /etc/prosody/conf.avail/quietlife.nl.cfg.lua> VirtualHost "quietlife.nl" admins = { "user1@quietlife.nl" } modules_enabled = { "carbons"; "cloud_notify"; "mam"; "seclabels"; "smacks"; } ssl = { certificate = "/etc/prosody/certs/quietlife.nl.crt"; key = "/etc/prosody/certs/quietlife.nl.key"; protocol = "tlsv1_2+"; ciphers = "EECDH+AESGCM:EDH+AESGCM"; dhparam = "/etc/ssl/dhparams.pem"; } Component "conference.quietlife.nl" "muc" Component "upload.quietlife.nl" "http_file_share" http_file_share_size_limit = 100000000 </code> Enable the configuration: <code bash> cd /etc/prosody/conf.d/ sudo ln -s ../conf.avail/quietlife.nl.cfg.lua . </code> \\ === SSL certificate creation === Generate a certificate with ''certbot'' that contains your base hostname and subdomains **conference** and **upload**: <code bash> sudo certbot certonly -d quietlife.nl -d conference.quietlife.nl -d upload.quietlife.nl </code> If your base hostname is on a subdomain, use sub-subdomains: <code bash> sudo certbot certonly -d chat.quietlife.nl -d conference.chat.quietlife.nl -d upload.chat.quietlife.nl </code> If you already have a certificate for your base hostname, you can expand it to include these subdomains: <code bash> sudo certbot certonly --expand -d quietlife.nl -d conference.quietlife.nl -d upload.quietlife.nl </code> \\ === DH parameters generation === If you don't have one already, generate ''dhparams.pem'' with ''openssl'': <code bash> cd /tmp/ openssl dhparam -out dhparams.pem 4096 sudo mv dhparams.pem /etc/ssl/ sudo chown root:ssl-cert /etc/ssl/dhparams.pem sudo chmod 640 /etc/ssl/dhparams.pem </code> \\ === SSL certificate import === Unlike Apache, nginx, Dovecot and Postfix, Prosody does not shortly run as root when started in order to read from ''/etc/letsencrypt/''. So certificates have to be copied to the ''/etc/prosody/certs/'' directory: <code bash> sudo prosodyctl --root cert import quietlife.nl /etc/letsencrypt/live </code> \\ === SSL certificate renewal === If you use Let's Encrypt, you have to renew your certificates every three months. They also have to be re-imported by Prosody after every renewal. This can be automated with a script you put in ''/etc/letsencrypt/renewal-hooks/post/'': <code bash /etc/letsencrypt/renewal-hooks/post/prosody.sh> #!/bin/sh prosodyctl --root cert import quietlife.nl /etc/letsencrypt/live </code> Make it executable: <code bash> sudo chmod +x /etc/letsencrypt/renewal-hooks/post/prosody.sh </code> \\ === Restart Prosody === <code bash> sudo systemctl restart prosody.service </code> \\ ==== Add users ==== <code bash> sudo prosodyctl adduser user1@quietlife.nl sudo prosodyctl adduser user2@quietlife.nl ... </code> ----