85
edits
How to Set Up Prosody for You and Your Friends: Difference between revisions
Jump to navigation
Jump to search
How to Set Up Prosody for You and Your Friends (view source)
Revision as of 02:39, 17 March 2021
, 17 March 2021no edit summary
No edit summary |
No edit summary |
||
| Line 25: | Line 25: | ||
VirtualHost "<your domain>" | VirtualHost "<your domain>" | ||
= Step 4: Enable multi-user-chat = | = Step 4: Enable multi-user-chat and file sharing = | ||
Since we want to be able to create group chats, add these lines below your VirtualHost line. "MUC" means Multi-User Chat in XMPP parlance and just means group chats. | |||
Component "conference.<your domain>" "muc" | Component "conference.<your domain>" "muc" | ||
| Line 34: | Line 34: | ||
"muc_cloud_notify"; | "muc_cloud_notify"; | ||
} | } | ||
To enable file uploading (pictures, audio, etc) put these lines right below that: | |||
Component "upload.<your domain>" "http_upload" | |||
http_host = "<your domain>" | |||
We now have a usable XMPP server, but it's not complete yet-- we need to enable some plugins which enable some useful features that most people will want. | We now have a usable XMPP server, but it's not complete yet-- we need to enable some plugins which enable some useful features that most people will want. | ||
| Line 73: | Line 78: | ||
plugin_paths = { "/home/pi/prosody-modules-enabled" } | plugin_paths = { "/home/pi/prosody-modules-enabled" } | ||
Add these | Add these 2 lines inside the <code>modules_enabled</code> table: | ||
"cloud_notify"; | "cloud_notify"; | ||
"smacks"; | "smacks"; | ||
Enable other modules as you see fit. | Enable other modules as you see fit. | ||
Below the <code>modules-enabled</code> table, put these 2 lines: | |||
push_notification_with_body = false; | |||
push_notification_with_sender = true; | |||
This allows push notifications to be sent-- you don't want to include the body of the message in the notification, because then Google or Apple can read it, defeating the point of encryption! I enabled the sender part though, since the NSA can already detect which IPs are connecting to your server and figure out who all is talking. Besides, your JID (Jabber IDs) can be anonymous usernames. | |||
= Step 8: Set up Let's Encrypt = | |||
If you want people to be able to connect to your server, chat, and upload files without certificate errors/warnings, then you'll need an SSL certificate. Luckily this is fairly easy to set up. | |||
First, install certbot: | |||
sudo apt-get install certbot | |||
Then, create a new certificate for your server: | |||
sudo certbot certonly --standalone --preferred-challenges http -d <your domain> -d upload.<your domain> | |||
Remember to open up port 80 on your router for this to work. Once you've got your certificates, you need to import them into Prosody. | |||
prosodyctl --root cert import /etc/letsencrypt/live | |||
You can add this as a hook to your certbot so that it always gets called when certbot renews its certificate. Open up <code>/etc/letsencrypt/renewal/<your domain>.conf</code> and add this line at the very bottom: | |||
renew_hook = prosodyctl --root cert import /etc/letsencrypt/live | |||
= Step 9: Enable the HTTPS certificate = | |||
In order to serve files from its internal HTTP server, Prosody also needs a HTTPS certificate. Fortunately, you can use the one you just created. | |||
Open <code>/etc/prosody/prosody.cfg.lua</code> and go to the line which defines <code>https_certificate</code> (it might be commented out) and put this: | |||
https_certificate = "/etc/prosody/certs/<your domain>.crt" | |||
= Step 10: You're basically done = | |||
Now we have everything we need. The server should be fully configured and ready to go. Be sure to: | |||
# Port forward ports 5222, 5280, and 5281 so that you can connect to your server. | |||
# Add a user for yourself! Do <code>sudo adduser <username>@<yourdomain></code> and put in a password. You can also create accounts for your friends, and they can change their passwords later. | |||
Connect up using a client such as Gajim, and you're off to the races with a private chat server that's 100% your own. Be sure to turn on OMEMO in your chats so that your messages are end-to-end encrypted! Since you run the server, it's actually okay to send "unencrypted" messages since everything is going through TLS in the first place, but it's nice to have that extra layer of protection. Since files in XMPP are shared via an HTTPS server, you definitely want OMEMO to encrypt your files as well, since otherwise you'll be serving your media to the open web! | |||
There's more you can do, such as enabling federation or installing more plugins, but that's out of the scope of this article. | |||
Special thanks go to the folks in the Prosody IM Chatroom (xmpp:prosody@conference.prosody.im?join) for helping me get set up. Note that you'll have to enable federation in order to join that link using your current server. | |||
Enjoy! | |||