Modern XMPP Server
I've published a new HOWTO on my website:
Enrico already wrote about the Why (and the What, Who and When), so I'll just quote his conclusion and move on to the How.
I've decided to install prosody, mostly because it was recommended by the RTC QuickStart Guide; I've heard that similar results can be reached with ejabberd and other servers.
I'm also targeting Debian stable (+ backports); as I write this is jessie; if there are significant differences I will update this article when I will upgrade my server to stretch. Right now, this means that I'm using prosody 0.9 (and that's probably also the version that will be available in stretch).
You will need to enable the backports repository and then install the packages prosody and prosody-modules.
You also need to setup some TLS certificates (I used Let's Encrypt); and make them readable by the prosody user; you can see Chapter 12 of the RTC QuickStart Guide for more details.
On your firewall, you'll need to open the following TCP ports:
The latter two are needed to enable some services provided via http(s), including rich media transfers.
With just a handful of users, I didn't bother to configure LDAP or anything else, but just created users manually via:
In-band registration is disabled by default (and I've left it that way, to prevent my server from being used to send spim).
You can then start configuring prosody by editing /etc/prosody/prosody.cfg.lua and changing a few values from the distribution defaults.
First of all, enforce the use of encryption and certificate checking both for client2server and server2server communications with:
and then, sadly, add to the whitelist any server that you want to talk to and doesn't support the above:
For each virtualhost you want to configure, create a file /etc/prosody/conf.avail/chat.example.org.cfg.lua with contents like the following:
For the domains where you also want to enable MUCs, add the follwing lines:
the "local" configures prosody so that only local users are allowed to create new rooms (but then everybody can join them, if the room administrator allows it): this may help reduce unwanted usages of your server by random people.
You can also add the following line to enable rich media transfers via http uploads (XEP-0363):
The defaults are pretty sane, but see https://modules.prosody.im/mod_http_upload.html for details on what knobs you can configure for this module
Don't forget to enable the virtualhost by linking the file inside /etc/prosody/conf.d/.
Most of the other interesting XEPs are enabled by loading additional modules inside /etc/prosody/prosody.cfg.lua (under modules_enabled); to enable mod_something just add a line like:
Most of these come from the prosody-modules package (and thus from https://modules.prosody.im/ ) and some may require changing when prosody 0.10 will be available; when this is the case it is mentioned below.
@Gruppo Linux Como @LIFO
Enrico already wrote about the Why (and the What, Who and When), so I'll just quote his conclusion and move on to the How.
I now have an XMPP setup which has all the features of the recent fancy chat systems, and on top of that it runs, client and server, on Free Software, which can be audited, it is federated and I can self-host my own server in my own VPS if I want to, with packages supported in Debian.
How
I've decided to install prosody, mostly because it was recommended by the RTC QuickStart Guide; I've heard that similar results can be reached with ejabberd and other servers.
I'm also targeting Debian stable (+ backports); as I write this is jessie; if there are significant differences I will update this article when I will upgrade my server to stretch. Right now, this means that I'm using prosody 0.9 (and that's probably also the version that will be available in stretch).
Installation and prerequisites
You will need to enable the backports repository and then install the packages prosody and prosody-modules.
You also need to setup some TLS certificates (I used Let's Encrypt); and make them readable by the prosody user; you can see Chapter 12 of the RTC QuickStart Guide for more details.
On your firewall, you'll need to open the following TCP ports:
- 5222 (client2server)
- 5269 (server2server)
- 5280 (default http port for prosody)
- 5281 (default https port for prosody)
The latter two are needed to enable some services provided via http(s), including rich media transfers.
With just a handful of users, I didn't bother to configure LDAP or anything else, but just created users manually via:
prosodyctl adduser alice@example.org
In-band registration is disabled by default (and I've left it that way, to prevent my server from being used to send spim).
prosody configuration
You can then start configuring prosody by editing /etc/prosody/prosody.cfg.lua and changing a few values from the distribution defaults.
First of all, enforce the use of encryption and certificate checking both for client2server and server2server communications with:
c2s_require_encryption = true
s2s_secure_auth = true
and then, sadly, add to the whitelist any server that you want to talk to and doesn't support the above:
s2s_insecure_domains = { "gmail.com" }
virtualhosts
For each virtualhost you want to configure, create a file /etc/prosody/conf.avail/chat.example.org.cfg.lua with contents like the following:
VirtualHost "chat.example.org"
enabled = true
ssl = {
key = "/etc/ssl/private/example.org-key.pem";
certificate = "/etc/ssl/public/example.org.pem";
}
For the domains where you also want to enable MUCs, add the follwing lines:
Component "conference.chat.example.org" "muc"
restrict_room_creation = "local"
the "local" configures prosody so that only local users are allowed to create new rooms (but then everybody can join them, if the room administrator allows it): this may help reduce unwanted usages of your server by random people.
You can also add the following line to enable rich media transfers via http uploads (XEP-0363):
Component "upload.chat.trueelena.org" "http_upload"
The defaults are pretty sane, but see https://modules.prosody.im/mod_http_upload.html for details on what knobs you can configure for this module
Don't forget to enable the virtualhost by linking the file inside /etc/prosody/conf.d/.
additional modules
Most of the other interesting XEPs are enabled by loading additional modules inside /etc/prosody/prosody.cfg.lua (under modules_enabled); to enable mod_something just add a line like:
"something";
Most of these come from the prosody-modules package (and thus from https://modules.prosody.im/ ) and some may require changing when prosody 0.10 will be available; when this is the case it is mentioned below.
- mod_carbons (XEP-0280)
To keep conversations syncronized while using multiple devices at the same time.
This will be included by default in prosody 0.10. - mod_privacy + mod_blocking (XEP-0191)
To allow user-controlled blocking of users, including as an anti-spim measure.
In prosody 0.10 these two modules will be replaced by mod_privacy. - mod_smacks (XEP-0198)
Allow clients to resume a disconnected session before a customizable timeout and prevent message loss. - mod_mam (XEP-0313)
Archive messages on the server for a limited period of time (default 1 week) and allow clients to retrieve them; this is required to syncronize message history between multiple clients.
With prosody 0.9 only an in-memory storage backend is available, which may make this module problematic on servers with many users. prosody 0.10 will fix this by adding support for an SQL backed storage with archiving capabilities. - mod_throttle_presence + mod_filter_chatstates (XEP-0352)
Filter out presence updates and chat states when the client announces (via Client State Indication) that the user isn't looking. This is useful to reduce power and bandwidth usage for "useless" traffic.
@Gruppo Linux Como @LIFO
Fabián Bonetti, der.hans, Laura Arjona Reina, B. Ross Ashley and 4 others likes this.
Fabián Bonetti, soloojos, Kevin Everets, JanKusanagi @identi.ca shared this.