Prosody

homeabout

Prosody is a lightweight XMPP server you can self-host.

Install packages

apt update && apt upgrade # udpate the system apt install prosody prosody-modules # prosody and modules apt install postgresql # database management system apt install lua-dbi-postgresql # helps lua handle postgresql apt install lua-sec luarocks # optional for 3rd parties modules

Configuration file

Change config file according to your needs here : /etc/prosody/prosody.cfg.lua Here is an example :

-- Prosody Config File -- /etc/prosody/prosody.cfg.lua > admins = { "username@example.org" } plugin_paths = { "/usr/local/lib/prosody/modules" } modules_enabled = { "disco"; -- Service discovery "roster"; -- Allow users to have a roster. Recommended ;) "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. "tls"; -- Add support for secure TLS on c2s/s2s connections "blocklist"; -- Allow users to block communications with other users "bookmarks"; -- Synchronise the list of open rooms between clients "carbons"; -- Keep multiple online clients in sync "dialback"; -- Support for verifying remote servers using DNS "limits"; -- Enable bandwidth limiting for XMPP connections "pep"; -- Allow users to store public and private data in their account "private"; -- Legacy account storage mechanism (XEP-0049) "smacks"; -- Stream management and resumption (XEP-0198) "vcard4"; -- User profiles (stored in PEP) "vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard "csi_simple"; -- Simple but effective traffic optimizations for mobile devices "invites"; -- Create and manage invites "invites_adhoc"; -- Allow admins/users to create invitations via their client "invites_register"; -- Allows invited users to create accounts "ping"; -- Replies to XMPP pings with pongs "register"; -- Allow users to register on this server using a client and change passwords "time"; -- Let others know the time here on this server "uptime"; -- Report how long server has been running "version"; -- Replies to server version requests "mam"; -- Store recent messages to allow multi-device synchronization "turn_external"; -- Provide external STUN/TURN service for e.g. audio/video calls "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands "admin_shell"; -- Allow secure administration via 'prosodyctl shell' "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. "announce"; -- Send announcement to all online users "motd"; -- Send a message to users when they log in } modules_disabled = { } pidfile = "/run/prosody/prosody.pid"; s2s_secure_auth = true limits = { c2s = { rate = "10kb/s"; }; s2sin = { rate = "30kb/s"; }; } authentication = "internal_hashed" storage = "sql" sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "PASSWORD", # we will set this database in a few minutes host = "localhost" } -- turn_external_host = "turn.example.org" -- turn_external_secret = "TURNPASSWORD" -- turn_external_port = 5349 # useful if TURN uses another port than default log = { info = "/mnt/drive/xmpp/prosody/prosody.log"; error = "/mnt/drive/xmpp/prosody/prosody.err"; { levels = { "error" }; to = "syslog"; }; } certificates = "certs" VirtualHost "example.org" Component "conference.example.org" "muc" modules_enabled = { "muc_mam", "vcard_muc" } Component "upload.example.org" "http_file_share" Component "proxy.example.org" "proxy65" Include "conf.d/*.cfg.lua"

Components like {conference,upload,proxy}.example.org are services your XMPP server is going to offer. You can disable them. Here is what they are for :

  • conference.example.org: Allow Multi-User Chat
  • upload.example.org: Allow file-sharing between users (images, videos, etc.)
  • proxy.example.org: Facilitates files transfer behind NAT

    • TLS certificates

    TLS certificates are needed for your domain and the components. Generate them with certbot:

    certbot -d example.org certbot -d proxy.example.org certbot -d upload.example.org certbot -d conference.example.org

    Then import them in Prosody:

    prosodyctl --root cert import /etc/letsencrypt/live prosodyctl check # Check if everything is fine

    Create PostgreSQL database

    User accounts and other informations are going to be stored in a PostgreSQL database.

    sudo -i # be sure to be root sudo su - postgres # log as postgres user createuser --pwprompt prosody psql -c 'CREATE DATABASE prosody OWNER prosody;' exit # back to root systemctl restart postgresql netstat -tunlp | grep 5432 # check postgresql listens on port 5432 systemctl enable postgresql # is it useful to enable postgresql? I did.

    Side note

    I had some troubles getting the PostgreSQL database up, due to permission errors. Using sudo su - postgres and executing postgres command from its own user; instead of su -c "command" postgresql when setting things up helped (I guess).

    Open ports

    Open 5222 (standard XMPP port), 5281 (file uploads) and 5269 (federation, HTTPS) on your router to redirect to your machine. Also open those ports on the firewall if you have one.

    ufw allow 5222 5281 5269 # assuming your firewall is ufw

    Start the services

    systemctl restart postgresql systemctl restart prosody

    Everything should be ready.

    Create a test account

    Create an ephemeral unprivileged account that we will delete after testing the server :

    prosodyctl adduser test@example.org

    Connect from a client

    On Android phones there is Snikket or Conversation (free on F-Droid). On Linux you can use profanity (lightweight TUI client with good level of logs).

    apt install profanity tail -f ~/.local/share/profanity/logs/profanity.log # in another terminal : profanity -l DEBUG # logs level debug

    Now in profanity use /connect test@example.org and type your password to see if everything is fine. If there are errors or difficulties during connection, you'll see that in the logs.

    Check for compliance

    To check for compliance to XMPP standards, visit https://compliance.conversations.im and provide the login informations of your test account (remember it must be a non-privileged user of your server!).

    Services offered by your server will be evaluated and returned a true/false functionning state. It is up to you to look into it and tweak your instance to change that.

    Add/remove users

    prosodyctl adduser username@example.org # add new user prosodyctl deluser username@example.org # remove user prosodyctl passwd username@example.org # change password for user

    Install other modules

    prosodyctl install --server=https://modules.prosody.im/rocks/ mod_cloud_notify

    Send announce to online users

    Admins can send announce to online users by messaging example.org/announce/online. In profanity :

    /msg example.org/announce/online
    chessgitxmppbookswallet