the website for homebrewserver.club pelican repo / theme and blog posts
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

157 lines
5.5 KiB

8 years ago
Title: Configuring an XMPP server for secure, mobile instant messaging
Date: 2017-2-10
Category: xmpp
Tags: xmpp, chat, guide, instant messaging, prosody
Slug: configuring-a-modern-xmpp-server
Description: Hands-on step-by-step guide that shows how to configure Prosody for security, mobile messaging and ease of use.
8 years ago
status: draft
This is a guide to set up a modern XMPP server focused on security and mobile messaging. The whole guide further assumes one is using Debian as a server and that you will end up hosting a few of your friends. It further assumes you have some basic skills working on a linux command line.
To make your server communicate make sure following ports are open in your firewall:
:::console
5222 (for client to server)
5269 (server to server)
5280 (default http port for prosody)
5281 (default https port for prosody)
Enabling HTTPS
---
First we acquire a signed HTTPS-certificate via Let's Encrypt:
This is among others required for Gajim plugins to work properly; self-generated certs will not work.
Install Certbot and get new certificates for your domain (replace myserver.org with your own):
:::console
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
certbot-auto certonly -d muc.placeholderdomain.org -d dump.placeholderdomain.org -d placeholderdomain.org-d placeholderdomain.org
Should you succeed, you will be able to read something like:
:::console
Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/placeholderdomain.org/fullchain.pem. Your cert will
expire on 2017-02-13. To obtain a new or tweaked version of this
certificate in the future, simply run certbot-auto again. To
non-interactively renew *all* of your certificates, run
"certbot-auto renew"
Take note of the path where the certificate is stored as we will use it later.
Installing and setting up MySQL as a storage back-end
---
First update your repositories and install MySQL
:::console
apt-get update && apt-get install mysql-server
Run mysql as the root user:
:::console
mysql -u root -p
In mysql:
:::console
mysql> create database prosody;
mysql> show databases;
Result should be something like:
:::console
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| prosody |
+--------------------+
4 rows in set (0.00 sec)
Create a database account for prosody
:::console
mysql> create user prosody;
Give the user prosody the rights to access the database, make sure to change the password and take note of it
:::console
mysql> grant all on prosody.* to 'prosody'@'localhost' identified by 'userPassword';
Exit mysql:
:::console
exit;
Installing and configuring Prosody, the XMPP server
---
Install the newest version of Prosody and its dependencies from the official prosody repository:
:::console
echo "deb http://packages.prosody.im/debian wheezy main" >> /etc/apt/sources.list
wget https://prosody.im/files/prosody-debian-packages.key -O- | sudo apt-key add -
apt-get install prosody lua-dbi-mysql lua-zlib
Add the Let's Encrypt Certificates to Prosody and make sure Prosody can use them
:::console
cp /etc/letsencrypt/live/myserver.org/*.pem /etc/prosody/certs/
Make sure the certificates are owned by prosody and legible only by root:
:::console
chown -R prosody:prosody /etc/prosody/
chmod -R 700 /etc/prosody/certs/
Install the newest prosody plugins:
:::console
apt-get install mercurial
cd /usr/src
hg clone https://hg.prosody.im/prosody-modules/ prosody-modules
Make a backup of the default prosody configuration and install [the one by the homebrewserver.club]({filename}/downloads/prosody.cfg.lua)
:::console
cd /etc/prosody
cp prosody.cfg.lua prosody.cfg.lua.original
wget http://homebrewserver.club/downloads/prosody.cfg.lua
Replace all instances of the placeholder domain name and passwords in the config file with your own:
:::console
sed -i 's/placeholderdomain.org/yourdomain.net/g' prosody.cfg.lua && sed -i 's/userPassword/yourownpassword/g' prosody.cfg.lua
Alternatively you can change them by hand. They are on line 61, 69, 72, 75 of prosody.cfg.lua
Finishing up
---
After you've set up all of the above it is time to start the server:
:::console
/etc/init.d/prosody restart
Users can be added from the command line, you will also be prompted for a password:
:::console
prosodyctl adduser me@placeholderdomain.org
Alternatively you can change "allow_registration = false;" to "allow_registration = true;" in the config (line 35) to allow users to register accounts on your server via their clients.
Now you can try connecting to your own server by using a client like Gajim or Conversations. Login with the above configured username and password.
If you have questions about Prosody, the project's [documentation](http://prosody.im/doc) is quite good. If you can't find answers there, try contacting prosody developers and users directly via [the Prosody XMPP chatroom](xmpp://prosody.conference.prosody.im?join)
This guide is a companion to our article [Have You Considered The Alternative?](http://homebrewserver.club/have-you-considered-the-alternative.html) on instant messaging. Also check out our guide on [XMPP clients](http://homebrewserver.club/404).