1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
|
<!DOCTYPE html>
<html lang="en">
<head><title>Prosody – dd</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta charset="UTF-8">
<meta name="robots" content="index, follow">
<meta name="description" content="Minimal and personal website about GNU/Linux guides and other stuff">
<meta name="keywords" content="linux, hosting, guides, tech, blog, networking, memes">
<meta name="author" content="mb">
<link rel="shortcut icon" href="/images/favicon.ico">
<link rel="stylesheet" href="https://drainerdomain.xyz/css/dark.css">
</head>
<body>
<div class="page">
<section>
<a class="home" href="/index.html">← Back to home</a>
<header class="content__header">
<h1>>Prosody_</h1>
<hr>
</header>
<div class="content__body">
<p>This guide is for installing Prosody, an XMPP server that is decentralized, fast, simple and FOSS.
The version we will be using is <code>0.11.12</code> and in the end the user will have a private and only c2s server.
These options are of course changeable after or during the installation.</p>
<h1 id="prerequisites">Prerequisites</h1>
<ul>
<li>GNU/Linux system</li>
<li>VPS (recommended) or a home server</li>
<li>Domain name</li>
<li>Basic terminal knowledge</li>
</ul>
<h1 id="installation">Installation</h1>
<p>We install the main packages plus some extras for TLS encryption, A/V streaming, and file transfering. If you don’t care about these things
you can skip them.</p>
<p>On Debian/Ubuntu:</p>
<pre tabindex="0"><code>apt install prosody prosody-modules python3-certbot-nginx coturn mercurial
</code></pre><p><code>prosody</code> is the main package
<br>
<code>prosody-modules</code> are some extra packages for functionability
<br>
<code>python3-certbot-nginx</code> is for TLS encryption
<br>
<code>coturn</code> a STUN/TURN server that allows A/V streaming for users behind NAT
<br>
<code>mercurial</code> for installing community modules for the STUN/TURN server
<br></p>
<h1 id="configuration">Configuration</h1>
<p>The server’s CFG file is at <code>/etc/prosody/prosody.cfg.lua</code>.</p>
<h2 id="admin-users-and-the-domain-name">Admin, users and the domain name</h2>
<pre tabindex="0"><code>...
admins = { "admin1@domain.org", "admin2@domain.org" }
...
VirtualHost = "domain.org"
...
</code></pre><p>Now from the terminal add some users:</p>
<pre tabindex="0"><code>prosodyctl adduser user@domain.org
</code></pre><p>The program will prompt for a password. To delete a user use the command <code>deluser</code>, and for changing passwords use <code>passwd</code>, both with the JID as an option.</p>
<h2 id="modules-enableddisabled-user-registration">Modules enabled/disabled, user registration</h2>
<p>Search for the line <code>modules_enabled</code> and add the modules <code>http_files</code> (file transfer), <code>turn_external</code> (STUN/TURN server) and uncomment <code>csi_simple</code> and <code>disco</code> if they are commented.
Under <code>modules_disabled</code> only leave <code>s2s</code> uncommented. Finally, check if in the following lines <code>allow_registration</code> is set to false, which is self explanatory.</p>
<h2 id="file-transfering">File transfering</h2>
<p>We will be configuring two components in the CFG file. You should add them after the <code>VirtualHost</code> section.</p>
<pre tabindex="0"><code>Component "upload.domain.org" "http_upload"
</code></pre><p>Right after we add <code>http_upload_file_size_limit = 20971520</code> and <code>http_upload_expire_after = 60 * 60 * 24 * 7</code>, for limiting the file size and setting its expiration.</p>
<p>Now, in the global section (before <code>VirtualHost</code>) add:</p>
<pre tabindex="0"><code>-- HTTP/HTTPS ports
http_ports = { 5280 }
http_interfaces = { "*", "::" }
https_ports = { 5281 }
https_interfaces = { "*", "::" }
</code></pre><p>If it is your case, remember to configure your firewall accordingly.</p>
<p>After <code>VirtualHost</code> we add:</p>
<pre tabindex="0"><code>disco_items = {
{ "upload.domain.org", "File Sharing Service" },
}
</code></pre><p>In the components section:</p>
<pre tabindex="0"><code>Component "proxy.domain.org" "proxy65"
proxy65_address = "domain.org"
</code></pre><p>There is no need to add <code>proxy65</code> to the <code>modules_enabled</code> list. This component lets users behind NAT transfer files.</p>
<h2 id="coturn-the-stunturn-server">Coturn: The STUN/TURN server</h2>
<p>Check if <code>coturn</code> is running:</p>
<pre tabindex="0"><code>systemctl status coturn
</code></pre><p>If not start it:</p>
<pre tabindex="0"><code>systemctl enable --now coturn
</code></pre><p>Next thing to do is downloading and setting the correct modules from the community repository using <code>mercurial</code>.</p>
<pre tabindex="0"><code>hg clone https://hg.prosody.im/prosody-modules/ prosody-modules
</code></pre><p>Now you can either copy (not recommended) the modules <code>mod_turn_external.lua</code> and <code>mod_external_services.lua</code> to <code>/usr/lib/prosody/modules</code> or create another folder for the community plugins that will be installed and create symlinks for them.
For the second option, add the created folder to the plugins path in <code>prosody.cfg.lua</code>:</p>
<pre tabindex="0"><code>plugins_path { "usr/lib/prosody/modules", "enabled/plugins/folder" }
</code></pre><p>Create the symlinks from the community downloaded folder to your plugins enabled folder (it depends on where you downloaded those modules):</p>
<pre tabindex="0"><code>ln -s /downloadedfolder/mod_turn_external/mod_turn_external.lua /enabled/folder
ln -s /downloadedfolder/mod_external_services/mod_external_services.lua /enabled/folder
</code></pre><p>We edit the <code>coturn</code> cfg file that is located in <code>/etc/turnserver.conf</code>:</p>
<pre tabindex="0"><code>realm=turn.domain.org
static-auth-secret=yoursecretpassword
</code></pre><p>Finally uncomment <code>use-auth-secret</code></p>
<p>We go back to our <code>prosody.cfg.lua</code> file. In the global section add:</p>
<pre tabindex="0"><code>turn_external_host = "turn.domain.org"
turn_external_secret = "yoursecretpassword"
</code></pre><h1 id="very-important-certificates">VERY IMPORTANT: Certificates</h1>
<p>We need to generate certificates for the domain and every subdomain we are using for our components. Also, we need to check for some configuration options that could be missing or commented.</p>
<p>First we generate:</p>
<pre tabindex="0"><code>certbot -d domain.org --nginx
certbot -d upload.domain.org --nginx
certbot -d proxy.domain.org --nginx
certbot -d turn.domain.org --nginx
</code></pre><p>The bot will give you some output in the terminal and prompt you for two options: select the second one every time.</p>
<p>Now, we need to import/install the certs to prosody:</p>
<pre tabindex="0"><code>prosodyctl --root cert import /etc/letsencrypt/live/
</code></pre><p>The TLS encryption for the file transfering module needs to be explicitly configured, and for that we edit <code>prosody.cfg.lua</code> and add to global:</p>
<pre tabindex="0"><code>https_ssl = {
certificate = "/etc/prosody/certs/upload.domain.org.crt";
key = "/etc/prosody/certs/upload.domain.org.key";
}
</code></pre><p>Pay attention to the extension names and double check that you got the right path and files for each line.</p>
<p>Inside the same file, check the following line and set it to <code>true</code>:</p>
<pre tabindex="0"><code>c2s_require_encryption = true
</code></pre><p>We are done with our file transfering configuration.</p>
<p>For the STUN/TURN server we also need to modify its CFG file <code>/etc/turnserver.conf</code> to set a path for our certs:</p>
<pre tabindex="0"><code>cert=/etc/letsencrypt/live/turn.domain.org/fullchain.pem
pkey=/etc/letsencrypt/live/turn.domain.org/privkey.pem
</code></pre><p>Done. You can check for errors using <code>prosodyctl check</code>. As a final note, I should add that if you are using a VPS you probably have
a firewall working. There are some ports that need to be forwarded: 5280, 5281, 5222, 5322, 5000, 3478. If you are not using a firewall I recommend you using
<code>ufw</code> and start from there.</p>
<p>Also, that this configuration is very personal. You can add more components (for example multichat groups). For that you should
RTFM, which is always ideal.</p>
<ul>
<li><a href="https://prosody.im/doc">Prosody Docs</a></li>
</ul>
</div>
</section>
</div>
<footer class="page__footer"><ul class="buttons">
<li>
<a href="https://drainerdomain.xyz"><img src="/buttons/drainerdomain2.gif" alt="drainerdomain"></a>
</li>
<li>
<a href="https://landchad.net"><img src="/buttons/landchad.gif" alt="LandChud"></a>
</li>
<li>
<a href="https://tomfasano.net"><img src="/buttons/tomfasano.gif" alt="Tom Fasano"></a>
</li>
<li>
<a href="https://neovim.io"><img src="/buttons/neovim.gif" alt="neovim"></a>
</li>
<li>
<a href="https://gohugo.io"><img src="/buttons/hugo.gif" alt="neovim"></a>
</li>
<li>
<a href="https://wiby.org"><img src="/buttons/wiby.gif" alt="wiby"></a>
</li>
<li>
<a href="https://gnu.org"><img src="/buttons/gnu-linux.png" alt="gnu"></a>
</li>
<li>
<a href="https://stephenvk.xyz"><img src="/buttons/stephenvk.gif" alt="stephenvk"></a>
</li>
<li>
<a href="https://canoemail.net"><img src="/buttons/canoemail.gif" alt="canoemail services"></a>
</li>
<li>
<a href="https://heaventreey.xyz"><img src="/buttons/heaventree.gif" alt="heaventree webring"></a>
</li>
<li>
<a href="https://spyware.neocities.org"><img src="/buttons/spywaredotneocities.png" alt="spywarewatchdog"></a>
</li>
<li>
<a href="https://getmonero.org"><img src="/buttons/getmonero.gif" alt="Get Monero"></a>
</li>
<li>
<a href="https://digdeeper.neocities.org"><img src="/buttons/digdeeper.png" alt="Digdeeper"></a>
</li>
</ul>
</footer>
</body>
</html>
|
