pages/txt/prosody.txt (view raw)
1---
2date: '2020-02-18'
3subtitle: 'I setup Prosody yesterday---here''s how I did it'
4title: Setting up Prosody for XMPP
5url: prosody
6---
7
8Remember the [IRC for DMs](/blog/irc-for-dms/) article I wrote a while
9back? Well...it's safe to say that IRC didn't hold up too well. It first
10started with the bot. Buggy code, crashed a lot---we eventually gave up
11and didn't bring the bot back up. Then came the notifications, or lack
12thereof. Revolution IRC has a bug where your custom notification rules
13just get ignored after a while. In my case, this meant that
14notifications for `#crimson` stopped entirely. Unless, of course, Nerdy
15pinged me each time.
16
17Again, none of these problems are inherent to IRC itself. IRC is
18fantastic, but perhaps wasn't the best fit for our usecase. I still do
19use IRC though, just not for 1-on-1 conversations.
20
21Why XMPP?
22---------
23
24For one, it's better suited for 1-on-1 conversations. It also has
25support for end-to-end encryption (via OMEMO), something IRC doesn't
26have.[^1] Also, it isn't centralized (think: email).
27
28So...Prosody
29------------
30
31[Prosody](https://prosody.im) is an XMPP server. Why did I choose this
32over ejabberd, OpenFire, etc.? No reason, really. Their website looked
33cool, I guess.
34
35### Installing
36
37Setting it up was pretty painless (I've [experienced
38worse](/blog/mailserver)). If you're on a Debian-derived system, add:
39
40 # modify according to your distro
41 deb https://packages.prosody.im/debian buster main
42
43to your `/etc/apt/sources.list`, and:
44
45 # apt update
46 # apt install prosody
47
48### Configuring
49
50Once installed, you will find the config file at
51`/etc/prosody/prosody.cfg.lua`. Add your XMPP user (we will make this
52later), to the `admins = {}` line.
53
54 admins = {"user@chat.example.com"}
55
56Head to the `modules_enabled` section, and add this to it:
57
58 modules_enabled = {
59 "posix";
60 "omemo_all_access";
61 ...
62 -- uncomment these
63 "groups";
64 "mam";
65 -- and any others you think you may need
66 }
67
68We will install the `omemo_all_access` module later.
69
70Set `c2s_require_encryption`, `s2s_require_encryption`, and
71`s2s_secure_auth` to `true`. Set the `pidfile` to `/tmp/prosody.pid` (or
72just leave it as default?).
73
74By default, Prosody stores passwords in plain-text, so fix that by
75setting `authentication` to `"internal_hashed"`
76
77Head to the `VirtualHost` section, and add your vhost. Right above it,
78set the path to the HTTPS certificate and key:
79
80 certificates = "certs" -- relative to your config file location
81 https_certificate = "certs/chat.example.com.crt"
82 https_key = "certs/chat.example.com.key"
83 ...
84
85 VirtualHost "chat.example.com"
86
87I generated these certs using Let's Encrypt's `certbot`, you can use
88whatever. Here's what I did:
89
90 # certbot --nginx -d chat.example.com
91
92This generates certs at `/etc/letsencrypt/live/chat.example.com/`. You
93can trivially import these certs into Prosody's `/etc/prosody/certs/`
94directory using:
95
96 # prosodyctl cert import /etc/letsencrypt/live/chat.example.com
97
98### Plugins
99
100All the modules for Prosody can be `hg clone`'d from
101https://hg.prosody.im/prosody-modules. You will, obviously, need
102Mercurial installed for this.
103
104Clone it somewhere, and:
105
106 # cp -R prosody-modules/mod_omemo_all_access /usr/lib/prosody/modules
107
108Do the same thing for whatever other module you choose to install. Don't
109forget to add it to the `modules_enabled` section in the config.
110
111### Adding users
112
113`prosodyctl` makes this a fairly simple task:
114
115 $ prosodyctl adduser user@chat.example.com
116
117You will be prompted for a password. You can optionally, enable user
118registrations from XMPP/Jabber clients (security risk!), by setting
119`allow_registration = true`.
120
121I may have missed something important, so here's [my
122config](https://x.icyphox.sh/prosody.cfg.lua) for reference.
123
124Closing notes
125-------------
126
127That's pretty much all you need for 1-on-1 E2EE chats. I don't know much
128about group chats just yet---trying to create a group in Conversations
129gives a "No group chat server found". I will figure it out later.
130
131Another thing that doesn't work in Conversations is adding an account
132using an `SRV` record.[^2] Which kinda sucks, because having a `chat.`
133subdomain isn't very clean, but whatever.
134
135Oh, also---you can message me at
136[icy\@chat.icyphox.sh](xmpp:icy@chat.icyphox.sh).
137
138[^1]: I'm told IRC supports OTR, but I haven't ever tried.
139
140[^2]: https://prosody.im/doc/dns