severak
/
diyhosting
forked from ben/diyhosting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
diyhosting/xmpp.html

189 lines
6.4 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE html>
<html lang=en>
<head>
<title>XMPP Server (Prosody) &ndash; diyhosting.bhh.sh</title>
<!--# include file=".nav.html" -->
</head>
<body>
<header><h1>XMPP Server (Prosody)</h1></header>
<nav></nav>
<main>
<img class=titleimg src="pix/xmpp.svg" alt="XMPP Logo and Icon">
<p>XMPP is a fantastically simple protocol that's usually used as a messenger.
It's highly extensible,
better than IRC,
lighter and more decentralized and Matrix
and Telegram and normie social media can't hold a candle to it.
</p>
<p>
XMPP is so decentralized and extensible that there are many <em>different</em> XMPP servers.
Here, let's set up an <a href="https://prosody.im/">Prosody</a> XMPP server.
</p>
<h2>Installation</h2>
<p>
Prosody is in the Debian repositories, so we can easily install it on our server with the following command:
</p>
<pre><code>apt install prosody</code></pre>
<h2>Configuration</h2>
<p>
The Prosody configuration file is in <code>/etc/prosody/prosody.cfg.lua</code>.
To set it all up, we will be changing several things.
</p>
<h3>Setting Admins</h3>
<p>
Let's go ahead and set who our admin(s) will be.
Find the line that says <code>admins = { }</code> and to this we can specify one or more server admins.
</p>
<pre><code># To add one admin:
admins = { "<strong>chad@example.org</strong>" }
# We can add more than one by separating them by commas. (This file is written in Lua.)
admins = { "<strong>chad@example.org</strong>", "<strong>chadmin@example.org</strong>" }</code></pre>
<p>
Note that we have not created these accounts yet, we will do this <a href=#user>below</a>.
</p>
<h3>Set the Server URL</h3>
<p>
Find the line <code>VirtualHost "localhost"</code> and replace <code>localhost</code> with your domain.
In our case, we will have <code>VirtualHost "example.org"</code>
</p>
<h3>Multi-User Chats</h3>
<p>
Most people will probably want the ability to have chats with more than two users.
This is easily enough to enable.
In the config file, add the following:
</p>
<pre><code>Component "<strong>chat.example.org</strong>" "muc"
modules_enabled = { "muc_mam" }
restrict_room_creation = "admin"</code></pre>
<p>
On the first line, you must have a separate subdomain for your multi-user chats.
I use the <code>chat.</code> subdomain, but some use <code>muc.</code>.
Anything if possible.
</p>
<p>
The second line is important because it prevents non-admins from creating and squatting rooms on your server.
The only situation where you might not want that is if you indend to open a general public chat system for people you don't know.
</p>
<aside>
<p>
Read more about the <code>muc</code> plugin on the Prosody documentation page <a href="https://prosody.im/doc/modules/mod_muc">here</a>.
</p>
</aside>
<h3>Other things to check</h3>
<p>Check the config file for other settings you might want to change.
For example, if you want to run a general public XMPP server, you can allow anyone to create an account by changing <code>allow_registration</code> to <code>true</code>.
</p>
<h2>Certificates</h2>
<p>
Obviously, we want to have client-to-server and server-to-server encryption.
Nowadays, use can use Certbot to generate certificates and use a convenient command below <code>prosodyctl</code> to import them.
</p>
<p>
<strong>If you have multi-user chat enabled, be sure to get a certificate for that subdomain as well.</strong>
Include the <code>--nginx</code> option assuming you have an Nginx server running.
</p>
<pre><code>certbot -d <strong>chat.example.org</strong> --nginx</code></pre>
<p>
Once you have the certificates for encryption, run the following to import them into Prosody.
</p>
<pre><code>prosodyctl --root cert import /etc/letsencrypt/live/</code></pre>
<p>
Note that you might get an error that a certificate has not been found if your <code>muc</code> subdomain and your main domain share a certificate.
It should still work, this is just notifying you that no specific
</p>
<p>
For user privacy, we will definitely want to install and enable encryption with OMEMO.
</p>
<h2 id=user>Creating users/admins manually</h2>
<p>
Let's manually create the admin user we prepared for above.
Note that you can indeed do this in your XMPP client if you have not disabled registration, but this is how it is done on the command line:
</p>
<pre><code>prosodyctl adduser <strong>chad@example.org</strong></code></pre>
<p>This will prompt you to create a password as well.</p>
<h2>Make changes active</h2>
<p>
With any system service, use <code>systemctl reload</code> or <code>systemctl restart</code> to make the new settings active:
</p>
<pre><code>systemctl restart prosody</code></pre>
<h2>Using your Server!</h2>
<p>
Once your server is set up, you just need an XMPP client to use your new and secure chat system.
</p>
<ul>
<li>GNU/Linux: <a href="https://dino.im/">Dino</a> or <a href="https://gajim.org/">Gajim</a></li>
<li>Windows: <a href="https://gajim.org/">Gajim</a> also runs on Windows.</li>
<li>Android: <a href="https://conversations.im/">Conversations.im</a></li>
<li>Mac/iOS: <a href="https://monal.im/">Monal IM</a> or <a href="https://siskin.im/">Siskin</a> for iOS alone</li>
<li>command-line (GNU/Linux, MacOS, Windows): <a href="https://profanity-im.github.io/">Profanity</a></li>
<li><a href="https://xmpp.org/software/clients.html">See a more complete list kept by XMPP</a></li>
</ul>
<p>
Install whichever of these clients you want on your computer or phone and you can log into your new XMPP server with the account you made.
Note that if you enabled public registration, anyone can create an account on your server through one of these clients.
</p>
<h3>Account addresses</h3>
<p>
XMPP account addressed look just like email addresses: <code><strong>username@example.org</strong></code>.
You can message any account on any XMPP server on the internet with that format.
</p>
<h3>Note on MUCs (multi-user chats)</h3>
<p>
Remember that MUCs are kept on a separate subdomain that we created and should've gotten a certificate for above, for example, <code><strong>chat.example.org</strong></code>.
Chatrooms are created and referred to in the following format: <code><strong>#chatroomname@chat.example.org</strong></code>.
</p>
</main>
<!--# include file=".footer.html" -->
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink