diff options
Diffstat (limited to 'guides/index.xml')
-rw-r--r-- | guides/index.xml | 407 |
1 files changed, 407 insertions, 0 deletions
diff --git a/guides/index.xml b/guides/index.xml new file mode 100644 index 0000000..829b98f --- /dev/null +++ b/guides/index.xml @@ -0,0 +1,407 @@ +<?xml version="1.0" encoding="utf-8" standalone="yes"?> +<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"> + <channel> + <title>Guides on dd</title> + <link>https://drainerdomain.xyz/guides/</link> + <description>Recent content in Guides on dd</description> + <language>Page(/guides)</language> + <lastBuildDate>Fri, 19 Aug 2022 14:31:59 -0300</lastBuildDate><atom:link href="https://drainerdomain.xyz/guides/index.xml" rel="self" type="application/rss+xml" /> + <item> + <title>Newsboat</title> + <link>https://drainerdomain.xyz/guides/consume-media-the-right-way-newsboat/</link> + <pubDate>Fri, 19 Aug 2022 14:31:59 -0300</pubDate> + + <guid>https://drainerdomain.xyz/guides/consume-media-the-right-way-newsboat/</guid> + <description><p>Allthough I&rsquo;ve riced <a href="https://github.com/newsboat/newsboat">newsboat</a>, this will be a guide focusing on the important aspect of the program. Newsboat allows the user +to read RSS/Atom feeds, which are usually generated by the website itself or sometimes by a frontend or third party app. The main +reason to use this program is the fact that you won&rsquo;t need an account in sites such as Youtube, Reddit, or Twitter anymore. Also, that you&rsquo;ll +have sort of a centralized way to consume (which includes reading text, listening to podcasts or watching videos) pretty much any site on the +internet by using only a terminal program, which is by far faster and more desirable. This guide includes:</p> +<ul> +<li>Brief explanation on how it works (program is very intuitive to use)</li> +<li>Setup of other programs</li> +<li>Running newsboat in the background so it notifies the user when new article appears (optional)</li> +<li>Multiple macro configurations that you might find very useful (optional but HIGHLY recommended)</li> +</ul> +<h1 id="installation">Installation</h1> +<p>The software is at almost any repository. In case it is not on your distro, you can always build it from source.</p> +<p>For Arch-based systems:</p> +<pre tabindex="0"><code>pacman -S newsboat mpv +</code></pre><p>I use <code>firefox</code> for opening up links (unless is the article has only text) and <code>mpv</code> to reproduce videos and audios. +You can use any other browser and media player obviously. Or, you can use something like <code>w3m</code> to read text, but remember to change +it as the browser when setting up the program.</p> +<p>Also, if you want to download videos/audios I recommend installing <a href="https://github.com/yt-dlp/yt-dlp">yt-dlp</a> from its github&rsquo;s repository. +The installation is straightforward and the software is easier to update by using <code>yt-dlp -U</code> once needed. This program is a fork of the discontinued +<code>youtube-dl</code> which may still appear in some distro&rsquo;s repositories.</p> +<h1 id="configuration">Configuration</h1> +<h2 id="newsboat">Newsboat</h2> +<p>Newsboat won&rsquo;t run unless the file <code>urls</code> has something inside. Both <code>config</code> and <code>urls</code> files are at either <code>$HOME/.newsboat</code> or <code>$XDG_CONFIG_HOME/newsboat</code>. +Put something inside the <code>urls</code> file. I recommend using the following frontends for getting the feeds:</p> +<ul> +<li>Twitter -&gt; nitter</li> +<li>Youtube -&gt; Invidious</li> +<li>Reddit -&gt; teddit</li> +</ul> +<p>Say you want to add the youtube channel <code>HydeWars</code> to your feed. It will look like this:</p> +<pre tabindex="0"><code>https://vid.puffyan.us/feed/channel/UCfUaZ8Ra7m7BqUEACv2jySw +</code></pre><p>So basically, you need to get the channel&rsquo;s ID which is <code>UCfUaZ8Ra7m7BqUEACv2jySw</code> and add it at the end of the url, where +<code>vid.puffyan.us</code> is an instance of Invidious. How you find the ID of a YT channel is a matter of having at least a 2 digits IQ. +If you don&rsquo;t want to use an Invidious instance, you can go to any Youtube channel and view the souce code, filter keyword <code>rss</code> and +see how the URL looks.</p> +<p>You can also tag URLs and then press <code>t</code> by adding the tag at the end of the string after a blank space:</p> +<pre tabindex="0"><code>https://vid.puffyan.us/feed/channel/UCfUaZ8Ra7m7BqUEACv2jySw MDE +</code></pre><p>Now open <code>config</code> file and add:</p> +<pre tabindex="0"><code># GENERAL # +reload-time 30 +auto-reload yes +browser &#34;setsid -f $BROWSER --new-tab %u &gt; /dev/null 2&gt;&amp;1&#34; +cleanup-on-quit yes +history-limit 2000 +show-keymap-hint no +goto-next-feed no +error-log &#34;.config/newsboat/error.log&#34; +prepopulate-query-feeds yes +suppress-first-reload yes + +# NOTIFICATIONS # +notify-always no +notify-program &#34;/usr/bin/dunstify&#34; +notify-format &#34;Newsboat: %d new articles&#34; +</code></pre><p>Line 4 sets up the browser and forks it, while opening the url in a new tab. In my case, I have an env var set to <code>firefox</code>. Change <code>$BROWSER</code> to your browser&rsquo;s name or software for reading text, if you need to. +Then, for notifications I use dunstify but you can use whatever you like. Rest is self explanatory, but keep in mind that if you are going to setup notifications you should +keep <code>reload-time</code> and <code>auto-reload</code> as they are.</p> +<p>Optionally, you can set up vim-like bindings:</p> +<pre tabindex="0"><code># Vim keybindings +unbind-key j +unbind-key k +unbind-key ENTER +unbind-key o + +bind-key o open +bind-key k up +bind-key j down +</code></pre><h2 id="mpv">Mpv</h2> +<p>Open <code>$XDG_CONFIG_HOME/mpv/mpv.conf</code> and add:</p> +<pre tabindex="0"><code># Cache +cache=yes +--stream-buffer-size=8MiB + +# Quality stream +ytdl-format=bestvideo[height&lt;=?720]+bestaudio/best + +# Yt-dlp hook +script-opts-append=ytdl_hook-ytdl_path=yt-dlp +</code></pre><p>This sets up a <code>yt-dlp</code> hook that will make the streaming faster. Also, if you want higher/lesser quality, change the height value.</p> +<h2 id="yt-dlp">Yt-dlp</h2> +<p>I recommend you to set up a download folder. Open up <code>$XDG_CONFIG_HOME/yt-dlp/config</code> and add:</p> +<pre tabindex="0"><code>-o &#39;/path/to/folder/%(title)s.%(ext)s&#39; +</code></pre><p>This will save the video/audio to a folder using metadata.</p> +<h1 id="running-newsboat-through-a-script-for-notifications">Running newsboat through a script for notifications</h1> +<p>Instead of running newsboat directly, I use a simple script so it is always on the background. You can also achieve this with cronjobs.</p> +<pre tabindex="0"><code>#!/bin/sh + +while true; do + kill $(pidof newsboat) + rm $XDG_CONFIG_HOME/newsboat/queue + $TERMINAL -e newsboat + if [[ $? == 0 ]] ; then + exec newsboat &amp;&amp; break + else + break + fi +done +</code></pre><p><code>chmod +x</code> the script and remember to use it instead of directly executing newsboat. In my case, I use an i3&rsquo;s keybinding for quick access, and also +for executing the script only one time as soon as the window manager initializes.</p> +<h1 id="macros">Macros</h1> +<p>A macro is used for executing a sequence of commands by pressing a key or a combination of keys. In our case, for using the browser setting as not really a browser, but anything we like. For example, as a media player +to reproduce a YT video. To execute a macro press <code>,</code> + <code>key</code>.</p> +<p>Here is a list of some macros I&rsquo;ve came up with that are very useful (add them to newsboat&rsquo;s config file):</p> +<h2 id="queue-videos-clear-playlist-and-reproduce-playlist">Queue videos, clear playlist and reproduce playlist</h2> +<pre tabindex="0"><code>macro a set browser &#34;echo %u &gt;&gt; ~/.config/newsboat/queue&#34; ; open-in-browser ; set browser &#34;$BROWSER %u&#34; +macro c set browser &#34;rm $HOME/.config/newsboat/queue &gt; /dev/null 2&gt;&amp;1&#34; ; open-in-browser ; set browser &#34;$BROWSER %u&#34; +macro p set browser &#34;kill $(pidof mpv) ; setsid -f mpv --playlist=$HOME/.config/newsboat/queue &gt; /dev/null 2&gt;&amp;1&#34; ; open-in-browser ; set browser &#34;$BROWSER %u&#34; +</code></pre><p>The idea of these 3 macros is creating, playing or deleting a playlist. If you take a look at the script in the previous section, this file named <code>queue</code> gets deleted when the script executes. +For adding videos or even audios to said file you need to focus the article on a feed.</p> +<h2 id="play-queued-videos-fullscreen-second-monitor">Play queued videos fullscreen second monitor</h2> +<pre tabindex="0"><code>macro P set browser &#34;kill $(pidof mpv) ; setsid -f mpv --x11-name=newsboatfs --fullscreen=yes --playlist=$HOME/.config/newsboat/queue &gt; /dev/null 2&gt;&amp;1&#34; ; open-in-browser ; set browser &#34;$BROWSER %u&#34; +</code></pre><h2 id="play-video">Play video</h2> +<pre tabindex="0"><code>macro v set browser &#34;kill $(pidof mpv) ; setsid -f mpv %u &gt; /dev/null 2&gt;&amp;1&#34; ; open-in-browser-and-mark-read ; set browser &#34;$BROWSER %u&#34; +</code></pre><h2 id="play-video-floating-mode">Play video floating mode</h2> +<pre tabindex="0"><code>macro i set browser &#34;kill $(pidof mpv) ; setsid -f mpv --x11-name=mpvfloat %u &gt; /dev/null 2&gt;&amp;1&#34; ; open-in-browser-and-mark-read ; set browser &#34;$BROWSER %u&#34; +</code></pre><h2 id="play-audio-only">Play audio only</h2> +<pre tabindex="0"><code>macro A set browser &#34;kill $(pidof mpv) ; setsid -f mpv %u --no-video &gt; /dev/null 2&gt;&amp;1&#34; ; open-in-browser-and-mark-read ; set browser &#34;$BROWSER %u&#34; +</code></pre><h2 id="play-fullscreen-i3-sends-it-to-second-monitor-useful-for-playing-all-the-videos-from-a-channel">Play fullscreen, i3 sends it to second monitor (useful for playing all the videos from a channel)</h2> +<pre tabindex="0"><code>macro f set browser &#34;kill $(pidof mpv) ; setsid -f mpv --x11-name=newsboatfs --fullscreen=yes %u &gt; /dev/null 2&gt;&amp;1&#34; ; open-in-browser ; set browser &#34;$BROWSER %u&#34; +</code></pre><h2 id="download-video">Download video</h2> +<pre tabindex="0"><code>macro y set browser &#34;yt-dlp %u&#34; ; open-in-browser ; set browser &#34;$BROWSER %u&#34; +</code></pre><h2 id="open-in-default-browser">Open in default browser</h2> +<pre tabindex="0"><code>macro o open-in-browser +</code></pre><p>NOTE: Keep in mind that for sending the videos/articles to another monitor you need to rename the X instance to whatever you like so you can then manipulate it with your window manager. +Using i3 would look like this:</p> +<pre tabindex="0"><code>for_window [instance=&#34;newsboatfs&#34;] move container to workspace $ws10 +for_window [instance=&#34;mpvfloat&#34;] floating enable, resize set 960 540, move container position center +</code></pre><p>Where <code>$ws10</code> outputs to <code>HDMI-1</code>:</p> +<pre tabindex="0"><code>workspace &#34;10&#34; output HDMI-1 +</code></pre><p>Use <code>xrandr</code> to know display names.</p> +</description> + </item> + + <item> + <title>Firefox</title> + <link>https://drainerdomain.xyz/guides/harden-firefox/</link> + <pubDate>Mon, 16 May 2022 22:05:11 -0300</pubDate> + + <guid>https://drainerdomain.xyz/guides/harden-firefox/</guid> + <description><p>A guide and explanation for making Firefox more secure/private using <code>arkenfox user.js</code> and some essential addons. This is a compilation from +various sources that are linked at the bottom of this article, and from my useless and extensive attempt for having a useful yet &lsquo;privacy-oriented&rsquo; +and &lsquo;secure browser&rsquo;, things that are mutually exclusive. Still, this guide will leave the user with a better than nothing tool to navigate the net.</p> +<h2 id="a-little-test-before">A little test before</h2> +<p>You should check your browser against fingerprinting just so you can compare after. For that use this website: <a href="https://deviceinfo.me">deviceinfo.me</a>. +This is all the data that first-party and third-party sites get from you, but we will minimize it. Keep in mind that some information won&rsquo;t be concealed, +such as your IP or location. Please do the test again after you finish.</p> +<h2 id="arkenfox-userjs">arkenfox user.js</h2> +<ul> +<li><a href="https://github.com/arkenfox/user.js/">LINK</a></li> +</ul> +<p>This tool is just a user config template that interacts with the inner functions of Firefox. It is highly recommended that you read the <a href="https://github.com/arkenfox/user.js/wiki">wiki</a> +so you can customize it. Otherwise, with just downloading the file and making the browser use it would be more than enough in most cases. So for that:</p> +<pre tabindex="0"><code>firefox -no-remote -CreateProfile &lt;userprofile&gt; +</code></pre><p>That will create a user directory under <code>$HOME/.mozilla/firefox/</code> that contains the string <code>&lt;userprofile&gt;</code> at the end of it. +Now delete its content, download <code>arkenfox user.js</code> and activate the profile:</p> +<pre tabindex="0"><code>cd $HOME/.mozilla/firefox/&lt;userprofile&gt;/ &amp;&amp; rm times.json +wget https://raw.githubusercontent.com/arkenfox/user.js/master/user.js +firefox -P &lt;userprofile&gt; +</code></pre><p>Note: <code>firefox -P &lt;userprofile&gt;</code> where <code>&lt;userprofile&gt;</code> is just the string you used to create the profile (not the random numbers from the directory)</p> +<p>Check <code>/usr/lib/firefox/</code> for these plugins (some may not be included) and delete them:</p> +<ul> +<li>firefox@getpocket.com.xpi</li> +<li>followonsearch@mozilla.com.xpi</li> +<li>activity-stream@mozilla.org.xpi</li> +<li>screenshots@mozilla.org.xpi</li> +<li>onboarding@mozilla.org.xpi</li> +<li>formautofill@mozilla.org.xpi</li> +<li>webcompat@mozilla.org.xpi</li> +</ul> +<p>Those are the basics, as I said read the extense wiki for customizing the template.</p> +<p>Note: notice that the content of the explorer have borders. That is a letterboxing option that strengthens against fingerprinting. +If it bothers you, edit your <code>user.js</code> and search for <code>user_pref(&quot;privacy.resistFingerprinting.letterboxing&quot;, true);</code>. Then replace +<code>true</code> with <code>false</code>.</p> +<p>Now start firefox we are going to install some addons.</p> +<h2 id="umatrix">uMatrix</h2> +<ul> +<li><a href="https://addons.mozilla.org/en-US/firefox/addon/umatrix/">LINK</a></li> +</ul> +<p>The superior blocker. If configured properly, it will restrict any malicious site you may misstakenly enter to and block any pop up window or annoying ad, guaranteed. +Other extensions or even the built-in anti ad options of for example, Brave Browser, are useless and do not work properly.</p> +<p>This extension gives you a per site list that shows first and third party domains that you are establishing a connection to. If you click on the extension icon and look at the grid, +you will notice 8 elements. These are simply the reason why this addon is superior to others. It will block ANYTHING because it doesn&rsquo;t block per domain. In other words and as an example, +if you deny <code>script</code>, it will block JavaScript in every site you visit. Inferior extensions have a gigantic database of domains to work with, so if a domain is missing it is impossible for +it to block its elements.</p> +<p>First, go to uMatrix&rsquo;s configuration panel and open the <code>Settings</code> tab. Copy this:</p> +<img src="https://drainerdomain.xyz/images/umatrix-01.webp" width="100%" height="auto" alt="settings"> +<p>I recommend you use <code>Domain</code> as an option to <code>Default scope level</code> so you can create more flexible rules such as the one from the example that comes later in the guide. +Cookies are trapped locally by uMatrix. This allows you to inspect the contents of it and blocks the sender from getting it back. Turn on the option and set +a timer for deleting non-blocked cookies if you want.</p> +<p>Moving on, lets generate some rules. Go to uMatrix&rsquo;s panel and then to <code>My Rules</code>. Observing, you can see two sections: left is for permanent rules and right is for temporary rules. For editing a rule in, +type in the right section, then save it and click commit. Rules consist of 4 parts (<code>*</code> is a wildcard, which means any):</p> +<pre tabindex="0"><code>* * * allow/deny +| | | +| | |______ Element +| |________ Domain +|__________ Scope +</code></pre><p>So for a start, consider adding these strong rules:</p> +<pre tabindex="0"><code>* * * block +* * css allow +* * image allow +</code></pre><p>The first line blocks ANYTHING on any scope and domain. Then the second and third overrides first and allows css and image on ANY scope and domain. Pretty easy. +This is a good start for then tweaking and adding more rules.</p> +<p>Say you want to log in to a site you frequent. This site will need cookies allowed, and maybe needs a script to run a captcha from a third-party domain like google. +Such rule would look like this:</p> +<pre tabindex="0"><code>* ineedcookies.com cookie allow +ineedcookies.com googlecaptcha.com script allow +</code></pre><p>This will allow the google&rsquo;s domain only in the site requesting for a login, which is desirable. This is pretty much it, if you are not looking for a strong blocking ruleset, you can +use uBlock Origin which is from the same creator, or search the <a href="https://github.com/gorhill/uMatrix/wiki">wiki</a> for a more suitable example.</p> +<h2 id="decentraleyes">Decentraleyes</h2> +<ul> +<li><a href="https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/">LINK</a></li> +</ul> +<p>This one is a content blocker that will deny, in the majority of cases, third party domains from trying to deliver something you don&rsquo;t need. You could say, &lsquo;but isn&rsquo;t that already done by +uMatrix?&rsquo;, and you are honestly right. The thing is that uMatrix breaks everything it touches. While adding Decentraleyes on top of it, you could still mantain some aspects of the sites you are visiting. +Decentraleyes stores content locally so you can still make use of it without the sender getting a response. On the other hand, uMatrix will prevent Decentraleyes from doing so if it is hardblocking content. +To avoid that from happening, you need to create some extra rules in uMatrix that allow traffic to some convenient domains.</p> +<p>These are the rules:</p> +<pre tabindex="0"><code>* ajax.aspnetcdn.com * allow +* ajax.googleapis.com * allow +* ajax.microsoft.com * allow +* cdn.jsdelivr.net * allow +* cdnjs.cloudflare.com * allow +* code.jquery.com * allow +* lib.sinaapp.com * allow +* libs.baidu.com * allow +* upcdn.b0.upaiyun * allow +* yandex.st * allow +* yastatic.net * allow +</code></pre><p>More rules could and should be added as long as you keep using the extensions.</p> +<h2 id="privacy-redirect">Privacy Redirect</h2> +<ul> +<li><a href="https://addons.mozilla.org/en-US/firefox/addon/privacy-redirect/">LINK</a></li> +</ul> +<p>This one is a redirector for the most famous and used sites such as Twitter, Reddit or Youtube. Simply click on the icon and turn on/off which service you want to redirect to its respective frontend. +Frontends are very useful at times when you can&rsquo;t view content that is age restricted or simply because you are not logged in, not to mention that you also skip the annoying pop up windows +from shitsites like Twitter. This shouldn&rsquo;t be a problem since you are running uMatrix now, but it is good to know. Also, using a frontend like Invidious for Youtube, allows for navigation +with no ads, no tracking (doesn&rsquo;t log your IP) and without JS enabled.</p> +<p>Here is a quote from Nitter&rsquo;s about section (logic applies to the other frontends):</p> +<blockquote> +<p>It&rsquo;s impossible to use Twitter without JavaScript enabled. For privacy-minded folks, preventing JavaScript analytics and IP-based tracking is important, but apart from using a VPN and uBlock/uMatrix, it&rsquo;s impossible. Despite being behind a VPN and using heavy-duty adblockers, you can get accurately tracked with your browser&rsquo;s fingerprint, no JavaScript required. This all became particularly important after Twitter removed the ability for users to control whether their data gets sent to advertisers. +Using an instance of Nitter (hosted on a VPS for example), you can browse Twitter without JavaScript while retaining your privacy. In addition to respecting your privacy, Nitter is on average around 15 times lighter than Twitter, and in most cases serves pages faster (eg. timelines load 2-4x faster). +In the future a simple account system will be added that lets you follow Twitter users, allowing you to have a clean chronological timeline without needing a Twitter account.</p> +</blockquote> +<p>This is the list of sites that the extension allows to redirect:</p> +<ul> +<li>Twitter → Nitter</li> +<li>Youtube → Invidious</li> +<li>Instagram → Bibliogram</li> +<li>Reddit → Libreddit or old version</li> +<li>Google Translate → Simply Translate</li> +<li>Wikipedia → Wikiless</li> +<li>Google Maps → OpenStreetMaps</li> +<li>Search Engine → custom</li> +</ul> +<p>I recommend you go to the general options, where you can set the instance of the frontend you want to use.</p> +<p>We are done. Remember to run the test again and compare to see the results.</p> +<h3 id="not-privacysecurity-related-addons">Not privacy/security related addons</h3> +<ul> +<li>Stylus: custom/community generated css with one click</li> +<li>ff2mpv: forward links to mpv (useful for when you break js/xhr/frame on sites that have videos)</li> +<li>Vimium-FF: vimlike bindings</li> +</ul> +<h3 id="links">Links</h3> +<ul> +<li><a href="https://digdeeper.neocities.org/">digdeeper</a></li> +<li><a href="https://spyware.neocities.org/">spyware watchdog</a></li> +<li><a href="https://github.com/arkenfox/user.js/wiki">arkenfox user.js wiki</a></li> +<li><a href="hhttps://github.com/gorhill/uMatrix/wiki">uMatrix wiki</a></li> +</ul> +</description> + </item> + + <item> + <title>Prosody</title> + <link>https://drainerdomain.xyz/guides/prosody-servidor-xmpp/</link> + <pubDate>Fri, 13 May 2022 18:23:51 -0300</pubDate> + + <guid>https://drainerdomain.xyz/guides/prosody-servidor-xmpp/</guid> + <description><p>This guide is for installing Prosody, an XMPP server that is decentralized, fast, simple and FOSS. +The version we will be using is <code>0.11.12</code> and in the end the user will have a private and only c2s server. +These options are of course changeable after or during the installation.</p> +<h1 id="prerequisites">Prerequisites</h1> +<ul> +<li>GNU/Linux system</li> +<li>VPS (recommended) or a home server</li> +<li>Domain name</li> +<li>Basic terminal knowledge</li> +</ul> +<h1 id="installation">Installation</h1> +<p>We install the main packages plus some extras for TLS encryption, A/V streaming, and file transfering. If you don&rsquo;t care about these things +you can skip them.</p> +<p>On Debian/Ubuntu:</p> +<pre tabindex="0"><code>apt install prosody prosody-modules python3-certbot-nginx coturn mercurial +</code></pre><p><code>prosody</code> is the main package +<br> +<code>prosody-modules</code> are some extra packages for functionability +<br> +<code>python3-certbot-nginx</code> is for TLS encryption +<br> +<code>coturn</code> a STUN/TURN server that allows A/V streaming for users behind NAT +<br> +<code>mercurial</code> for installing community modules for the STUN/TURN server +<br></p> +<h1 id="configuration">Configuration</h1> +<p>The server&rsquo;s CFG file is at <code>/etc/prosody/prosody.cfg.lua</code>.</p> +<h2 id="admin-users-and-the-domain-name">Admin, users and the domain name</h2> +<pre tabindex="0"><code>... +admins = { &#34;admin1@domain.org&#34;, &#34;admin2@domain.org&#34; } +... +VirtualHost = &#34;domain.org&#34; +... +</code></pre><p>Now from the terminal add some users:</p> +<pre tabindex="0"><code>prosodyctl adduser user@domain.org +</code></pre><p>The program will prompt for a password. To delete a user use the command <code>deluser</code>, and for changing passwords use <code>passwd</code>, both with the JID as an option.</p> +<h2 id="modules-enableddisabled-user-registration">Modules enabled/disabled, user registration</h2> +<p>Search for the line <code>modules_enabled</code> and add the modules <code>http_files</code> (file transfer), <code>turn_external</code> (STUN/TURN server) and uncomment <code>csi_simple</code> and <code>disco</code> if they are commented. +Under <code>modules_disabled</code> only leave <code>s2s</code> uncommented. Finally, check if in the following lines <code>allow_registration</code> is set to false, which is self explanatory.</p> +<h2 id="file-transfering">File transfering</h2> +<p>We will be configuring two components in the CFG file. You should add them after the <code>VirtualHost</code> section.</p> +<pre tabindex="0"><code>Component &#34;upload.domain.org&#34; &#34;http_upload&#34; +</code></pre><p>Right after we add <code>http_upload_file_size_limit = 20971520</code> and <code>http_upload_expire_after = 60 * 60 * 24 * 7</code>, for limiting the file size and setting its expiration.</p> +<p>Now, in the global section (before <code>VirtualHost</code>) add:</p> +<pre tabindex="0"><code>-- HTTP/HTTPS ports +http_ports = { 5280 } +http_interfaces = { &#34;*&#34;, &#34;::&#34; } + +https_ports = { 5281 } +https_interfaces = { &#34;*&#34;, &#34;::&#34; } +</code></pre><p>If it is your case, remember to configure your firewall accordingly.</p> +<p>After <code>VirtualHost</code> we add:</p> +<pre tabindex="0"><code>disco_items = { + { &#34;upload.domain.org&#34;, &#34;File Sharing Service&#34; }, +} +</code></pre><p>In the components section:</p> +<pre tabindex="0"><code>Component &#34;proxy.domain.org&#34; &#34;proxy65&#34; +proxy65_address = &#34;domain.org&#34; +</code></pre><p>There is no need to add <code>proxy65</code> to the <code>modules_enabled</code> list. This component lets users behind NAT transfer files.</p> +<h2 id="coturn-the-stunturn-server">Coturn: The STUN/TURN server</h2> +<p>Check if <code>coturn</code> is running:</p> +<pre tabindex="0"><code>systemctl status coturn +</code></pre><p>If not start it:</p> +<pre tabindex="0"><code>systemctl enable --now coturn +</code></pre><p>Next thing to do is downloading and setting the correct modules from the community repository using <code>mercurial</code>.</p> +<pre tabindex="0"><code>hg clone https://hg.prosody.im/prosody-modules/ prosody-modules +</code></pre><p>Now you can either copy (not recommended) the modules <code>mod_turn_external.lua</code> and <code>mod_external_services.lua</code> to <code>/usr/lib/prosody/modules</code> or create another folder for the community plugins that will be installed and create symlinks for them. +For the second option, add the created folder to the plugins path in <code>prosody.cfg.lua</code>:</p> +<pre tabindex="0"><code>plugins_path { &#34;usr/lib/prosody/modules&#34;, &#34;enabled/plugins/folder&#34; } +</code></pre><p>Create the symlinks from the community downloaded folder to your plugins enabled folder (it depends on where you downloaded those modules):</p> +<pre tabindex="0"><code>ln -s /downloadedfolder/mod_turn_external/mod_turn_external.lua /enabled/folder +ln -s /downloadedfolder/mod_external_services/mod_external_services.lua /enabled/folder +</code></pre><p>We edit the <code>coturn</code> cfg file that is located in <code>/etc/turnserver.conf</code>:</p> +<pre tabindex="0"><code>realm=turn.domain.org +static-auth-secret=yoursecretpassword +</code></pre><p>Finally uncomment <code>use-auth-secret</code></p> +<p>We go back to our <code>prosody.cfg.lua</code> file. In the global section add:</p> +<pre tabindex="0"><code>turn_external_host = &#34;turn.domain.org&#34; +turn_external_secret = &#34;yoursecretpassword&#34; +</code></pre><h1 id="very-important-certificates">VERY IMPORTANT: Certificates</h1> +<p>We need to generate certificates for the domain and every subdomain we are using for our components. Also, we need to check for some configuration options that could be missing or commented.</p> +<p>First we generate:</p> +<pre tabindex="0"><code>certbot -d domain.org --nginx +certbot -d upload.domain.org --nginx +certbot -d proxy.domain.org --nginx +certbot -d turn.domain.org --nginx +</code></pre><p>The bot will give you some output in the terminal and prompt you for two options: select the second one every time.</p> +<p>Now, we need to import/install the certs to prosody:</p> +<pre tabindex="0"><code>prosodyctl --root cert import /etc/letsencrypt/live/ +</code></pre><p>The TLS encryption for the file transfering module needs to be explicitly configured, and for that we edit <code>prosody.cfg.lua</code> and add to global:</p> +<pre tabindex="0"><code>https_ssl = { + certificate = &#34;/etc/prosody/certs/upload.domain.org.crt&#34;; + key = &#34;/etc/prosody/certs/upload.domain.org.key&#34;; +} +</code></pre><p>Pay attention to the extension names and double check that you got the right path and files for each line.</p> +<p>Inside the same file, check the following line and set it to <code>true</code>:</p> +<pre tabindex="0"><code>c2s_require_encryption = true +</code></pre><p>We are done with our file transfering configuration.</p> +<p>For the STUN/TURN server we also need to modify its CFG file <code>/etc/turnserver.conf</code> to set a path for our certs:</p> +<pre tabindex="0"><code>cert=/etc/letsencrypt/live/turn.domain.org/fullchain.pem +pkey=/etc/letsencrypt/live/turn.domain.org/privkey.pem +</code></pre><p>Done. You can check for errors using <code>prosodyctl check</code>. As a final note, I should add that if you are using a VPS you probably have +a firewall working. There are some ports that need to be forwarded: 5280, 5281, 5222, 5322, 5000, 3478. If you are not using a firewall I recommend you using +<code>ufw</code> and start from there.</p> +<p>Also, that this configuration is very personal. You can add more components (for example multichat groups). For that you should +RTFM, which is always ideal.</p> +<ul> +<li><a href="https://prosody.im/doc">Prosody Docs</a></li> +</ul> +</description> + </item> + + </channel> +</rss> |