changed letsencrypt config to deal with failure to import cert chains, renamed subdomains to be more descriptive

2019-02-02 08:58:42 +01:00 · 2019-02-02 08:58:42 +01:00 · 6782cd7dfd
commit 6782cd7dfd
parent 2acaf47fb6
3 changed files with 42 additions and 19 deletions
--- a/raw/configuring_an_xmpp_server_prosody_0.11.md
+++ b/raw/configuring_an_xmpp_server_prosody_0.11.md
@ -29,8 +29,8 @@ To make your server communicate make sure following ports are open in your firew
 Additionally make sure you have set up a domain name and have A-records for the following subdomains:
    
    :::console
-    muc.myserver.org (for the groupchats)
-    dump.myserver.org (for the HTTP-Upload component)
+    groups.myserver.org (for the groupchats)
+    upload.myserver.org (for the HTTP-Upload component)
    proxy.myserver.org (for the file transfer proxy)

 This guide uses the ones above but feel free to come up with more creative subdomains :)
@ -45,7 +45,12 @@ Install Certbot and get new certificates for your domain (replace myserver.org w

    :::console
    sudo apt-get update && sudo apt-get install certbot
-    certbot certonly -d myserver.org -d muc.myserver.org -d dump.myserver.org -d proxy.myserver.org
+    certbot certonly -d myserver.org
+    certbot certonly -d groups.myserver.org
+    certbot certonly -d upload.myserver.org
+    certbot certonly -d proxy.myserver.org
+
+Pick an authentication method that [best fits your situation](https://certbot.eff.org/docs/using.html#getting-certificates-and-choosing-plugins). If you don't have a webserver running, using the 'standalone' option works well.

 Should you succeed, you will be able to read something like:

@ -150,6 +155,11 @@ The homebrewserver.club prosody config

    archive_expires_after = "1w" -- Remove archived messages after 1 week

+    disco_items = { -- allows clients to find the capabilities of your server 
+        {"upload.myserver.org", "file uploads"};
+        {"groups.myserver.org", "group chats"};
+    }
+
    log = { --disable for extra privacy
        info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
        error = "/var/log/prosody/prosody.err";
@ -159,10 +169,10 @@ The homebrewserver.club prosody config
    VirtualHost "myserver.org"
    
    -- Enable http_upload to allow image sharing across multiple devices and clients
-    Component "dump.myserver.org" "http_upload"
+    Component "upload.myserver.org" "http_upload"

    -- Enable groupchats on your server
-    Component "muc.myserver.org" "muc"
+    Component "groups.myserver.org" "muc"
    modules_enabled = { "muc_mam", "vcard_muc" } --enable archives and avatars for groupchats

    -- Set up a file transfer proxy to facilitate clients sending larger files to each other
@ -174,7 +184,7 @@ Replace all instances of the placeholder domain name with `yourdomain` in the co
    :::console
    sed -i 's/myserver.org/yourdomain/g' prosody.cfg.lua

-Alternatively you can change them by hand. They are on lines 39, 75, 81, 85 of prosody.cfg.lua
+Alternatively you can change them by hand. They are on lines 70, 81, 84, 88, 91 of prosody.cfg.lua

 Make Prosody import the LetsEncrypt certificates:

@ -184,8 +194,8 @@ Make Prosody import the LetsEncrypt certificates:
 You might get the following output:

    :::console
-    No certificate for host muc.myserver.org found :(
-    No certificate for host dump.myserver.org found :(
+    No certificate for host groups.myserver.org found :(
+    No certificate for host upload.myserver.org found :(
    No certificate for host proxy.myserver.org found :(
    Imported certificate and key for hosts myserver.org

--- a/raw/downloads/prosody.0.11.cfg.lua
+++ b/raw/downloads/prosody.0.11.cfg.lua
@ -67,6 +67,11 @@ log = { --disable for extra privacy
        "*syslog";
 }

+    disco_items = { -- allows clients to find the capabilities of your server 
+        {"upload.myserver.org", "file uploads"};
+        {"groups.myserver.org", "group chats"};
+    }
+
 -- add contact information for other server admins to contact you about issues regarding your server
 -- this is particularly important if you enable public registrations
 -- contact_info = { 
@ -76,10 +81,10 @@ log = { --disable for extra privacy
 VirtualHost "myserver.org"

 -- Enable http_upload to allow image sharing across multiple devices and clients
-Component "dump.myserver.org" "http_upload"
+Component "upload.myserver.org" "http_upload"

 ---Allow setting up groupchats on this subdomain:
-Component "muc.myserver.org" "muc"
+Component "groups.myserver.org" "muc"
 modules_enabled = { "muc_mam", "vcard_muc" } -- enable archives and avatars for group chats

 -- Set up a file transfer proxy to facilitate clients sending larger files to each other
--- a/raw/es_configuring_an_xmpp_server_prosody_0.11.md
+++ b/raw/es_configuring_an_xmpp_server_prosody_0.11.md
@ -28,8 +28,8 @@ También asegúrate de que tienes un dominio con DNS A-records para los siguient
    
    :::console
    myserver.org (el dominio principal)
-    muc.myserver.org (para sala de grupos)
-    dump.myserver.org (para componente HTTP-Upload)
+    groups.myserver.org (para sala de grupos)
+    upload.myserver.org (para componente HTTP-Upload)
    proxy.myserver.org (para el proxy de transferencia de archivos)

 Esta guía usa los dominios escritos arriba, pero puedes ser más creativo :)
@ -45,8 +45,11 @@ Instala Certbot y consigue los certificados para tu dominio (reemplaza `myserver

    :::console
    sudo apt-get update && sudo apt-get install certbot
-    certbot certonly -d myserver.org -d muc.myserver.org -d dump.myserver.org -d proxy.myserver.org
-
+    certbot certonly -d myserver.org
+    certbot certonly -d groups.myserver.org
+    certbot certonly -d upload.myserver.org
+    certbot certonly -d proxy.myserver.org
+    
 Si funciona, deberías poder ver algo así:

    :::console 
@ -149,13 +152,18 @@ La configuración de homebrewserver.club
        "*syslog";
    }

+    disco_items = { -- allows clients to find the capabilities of your server 
+        {"upload.myserver.org", "file uploads"};
+        {"groups.myserver.org", "group chats"};
+    }
+
    VirtualHost "myserver.org"
    
    -- Habilita http_upload para permitir compartir imágenes entre diferentes dispositivos y diferentes clientes
-    Component "dump.myserver.org" "http_upload"
+    Component "upload.myserver.org" "http_upload"

    -- Permite crear salas 
-    Component "muc.myserver.org" "muc"
+    Component "groups.myserver.org" "muc"
    modules_enabled = { "muc_mam", "vcard_muc" }

    -- Inicia un proxy para intercambiar archivos grandes entre clientes
@ -167,7 +175,7 @@ Reemplaza el dominio de ejemplo con `tu dominio` en el archivo de configuración
    :::console
    sed -i 's/myserver.org/tu dominio/g' prosody.cfg.lua

-De forma alternativa puedes reemplazarlos a mano. Estan en las lineas 39, 75, 81, 85 de prosody.cfg.lua
+De forma alternativa puedes reemplazarlos a mano. Estan en las lineas 70, 81, 84, 88, 91 de prosody.cfg.lua

 Importa los certificados de LetsEncrypt con Prosody:

@ -176,8 +184,8 @@ Importa los certificados de LetsEncrypt con Prosody:

 Es posible que recibas un resultado similar:

-    No certificate for host muc.myserver.org found :(
-    No certificate for host dump.myserver.org found :(
+    No certificate for host groups.myserver.org found :(
+    No certificate for host upload.myserver.org found :(
    No certificate for host proxy.myserver.org found :(
    Imported certificate and key for hosts myserver.org