Attention!
This article describes how to set up Prosody 0.10 and kept online only for archival reasons! You are probably looking for the following article https://homebrewserver.club/configuring-a-modern-xmpp-server.html
Attention!
This is a guide to set up a modern XMPP server focused on security and mobile messaging. The whole guide assumes Debian stable running on the server, the fact that you will end up hosting a few of your friends and that you have some basic skills working on a linux command line.
To make your server communicate make sure following ports are open in your firewall:
5222 (for client to server) 5269 (server to server) 5280 (default http port for prosody) 5281 (default https port for prosody)
Enabling HTTPS
First we acquire a signed HTTPS-certificate via Let’s Encrypt: This is among others required for Gajim plugins to work properly; self-generated certs will not work.
Install Certbot and get new certificates for your domain (replace myserver.org with your own):
sudo apt-get update && sudo apt-get install certbot certbot certonly -d muc.myserver.org -d dump.myserver.org -d myserver.org
Should you succeed, you will be able to read something like:
Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/myserver.org/fullchain.pem. Your cert will expire on 2018-01-13. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew"
Take note of the path where the certificate is stored as we will use it later.
Installing and setting up MySQL as a storage back-end
First update your repositories and install MySQL
apt-get update && apt-get install mysql-server
Run mysql as the root user:
mysql -u root -p
In mysql:
mysql> create database prosody; mysql> show databases;
Result should be something like:
+--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | | prosody | +--------------------+ 4 rows in set (0.00 sec)
Create a database account for prosody
mysql> create user prosody;
Give the user prosody the rights to access the database, make sure to change the password and take note of it
mysql> grant all on prosody.* to 'prosody'@'localhost' identified by 'userPassword';
Exit mysql:
exit;
Installing and configuring Prosody, the XMPP server
Install the newest version of Prosody and its dependencies from the official prosody repository:
echo deb http://packages.prosody.im/debian $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list wget https://prosody.im/files/prosody-debian-packages.key -O- | sudo apt-key add - sudo apt get update && apt-get install prosody lua-dbi-mysql lua-zlib lua-sec
Add the Let’s Encrypt Certificates to Prosody and make sure Prosody can use them
cp /etc/letsencrypt/live/myserver.org/*.pem /etc/prosody/certs/
Make sure the certificates are owned by prosody and legible only by root:
chown -R prosody:prosody /etc/prosody/ chmod -R 700 /etc/prosody/certs/
Install the newest prosody plugins:
apt-get install mercurial cd /usr/src hg clone https://hg.prosody.im/prosody-modules/ prosody-modules
Make a backup of the default prosody configuration and install the one by the homebrewserver.club
cd /etc/prosody cp prosody.cfg.lua prosody.cfg.lua.original wget https://homebrewserver.club/downloads/prosody.0.10.cfg.lua -O prosody.cfg.lua
The homebrewserver.club prosody config:
-- a custom prosody config focused on high security and ease of use across (mobile) clients -- provided to you by the homebrewserver.club -- the original config file (prosody.cfg.lua.original) will have more information plugin_paths = { "/usr/src/prosody-modules" } -- non-standard plugin path so we can keep them up to date with mercurial modules_enabled = { "roster"; -- Allow users to have a roster. Recommended ;) "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. "tls"; -- Add support for secure TLS on c2s/s2s connections "dialback"; -- s2s dialback support "disco"; -- Service discovery "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. "private"; -- Private XML storage (for room bookmarks, etc.) "vcard"; -- Allow users to set vCards "version"; -- Replies to server version requests "uptime"; -- Report how long server has been running "time"; -- Let others know the time here on this server "ping"; -- Replies to XMPP pings with pongs "register"; --Allows clients to register an account on your server "pep"; -- Enables users to publish their mood, activity, playing music and more "carbons"; -- XEP-0280: Message Carbons, synchronize messages accross devices "smacks"; -- XEP-0198: Stream Management, keep chatting even when the network drops for a few seconds "mam"; -- XEP-0313: Message Archive Management, allows to retrieve chat history from server "csi"; -- XEP-0352: Client State Indication "http"; -- mod_http needed for XEP-363 "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands "blocklist"; -- XEP-0191 blocking of users --"cloud_notify"; -- Support for XEP-0357 Push Notifications for compatibility with ChatSecure/iOS. -- iOS typically end the connection when an app runs in the background and requires use of Apple's Push servers to wake up and receive a message. Enabling this module allows your server to do that for your contacts on iOS. -- However we leave it commented out as it is another example of vertically integrated cloud platforms at odds with federation, with all the meta-data-based surveillance consequences that that might have. "omemo_all_access"; -- Allow for OMEMO E2E between contacts that haven't added each other "pep_vcard_avatar"; -- use XEP-0153: vCard-Based Avatars to see the avatars of clients that use XEP-0084: User Avatar and vice versa. }; allow_registration = false; -- Enable to allow people to register accounts on your server from their clients, for more information see http://prosody.im/doc/creating_accounts -- These are the SSL/TLS-related settings. ssl = { certificate = "/etc/prosody/certs/fullchain.pem"; key = "/etc/prosody/certs/privkey.pem"; } c2s_require_encryption = true -- Force clients to use encrypted connections -- Force certificate authentication for server-to-server connections? -- This provides ideal security, but requires servers you communicate -- with to support encryption AND present valid, trusted certificates. -- NOTE: Your version of LuaSec must support certificate verification! -- For more information see http://prosody.im/doc/s2s#security s2s_secure_auth = false pidfile = "/var/run/prosody/prosody.pid" authentication = "internal_hashed" storage = "sql" -- Make sure to change the password sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "userPassword", host = "localhost" } log = { info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging error = "/var/log/prosody/prosody.err"; "*syslog"; } VirtualHost "myserver.org" -- Enable http_upload to allow image sharing across multiple devices and clients Component "dump.myserver.org" "http_upload" ---Set up a MUC (multi-user chat) room server on conference.example.com: Component "muc.myserver.org" "muc"
Replace all instances of the placeholder domain name and passwords in the config file with your own:
sed -i 's/myserver.org/yourdomain.net/g' prosody.cfg.lua && sed -i 's/userPassword/yourownpassword/g' prosody.cfg.lua
Alternatively you can change them by hand. They are on line 62, 70, 73, 76 of prosody.cfg.lua
Finishing up
After you’ve set up all of the above it is time to start the server:
/etc/init.d/prosody restart
Users can be added from the command line, you will also be prompted for a password:
prosodyctl adduser me@myserver.org
Alternatively you can change “allow_registration = false;” to “allow_registration = true;” in the config (line 35) to allow users to register accounts on your server via their clients.
Now you can try connecting to your own server by using a client like Gajim or Conversations. Login with the above configured username and password.
If you have questions about Prosody, the project’s documentation is quite good. If you can’t find answers there, try contacting prosody developers and users directly via the Prosody XMPP chatroom
This guide is a companion to our article Have You Considered The Alternative? on instant messaging. Also check out our guide on XMPP clients.
edit 9th of january 2018 updated config for new debian stable and prosody 0.10
Previous articles descibed how to set up Prosody 0.9