1   18 February, 2020
  2
  3Setting up Prosody for XMPP
  4
  5I setup Prosody yesterday--here's how I did it
  6
  7   Remember the [1]IRC for DMs article I wrote a while back? Well...it's
  8   safe to say that IRC didn't hold up too well. It first started with the
  9   bot. Buggy code, crashed a lot -- we eventually gave up and didn't
 10   bring the bot back up. Then came the notifications, or lack thereof.
 11   Revolution IRC has a bug where your custom notification rules just get
 12   ignored after a while. In my case, this meant that notifications for
 13   #crimson stopped entirely. Unless, of course, Nerdy pinged me each
 14   time.
 15
 16   Again, none of these problems are inherent to IRC itself. IRC is
 17   fantastic, but perhaps wasn't the best fit for our usecase. I still do
 18   use IRC though, just not for 1-on-1 conversations.
 19
 20Why XMPP?
 21
 22   For one, it's better suited for 1-on-1 conversations. It also has
 23   support for end-to-end encryption (via OMEMO), something IRC doesn't
 24   have.^[2]1 Also, it isn't centralized (think: email).
 25
 26So...Prosody
 27
 28   [3]Prosody is an XMPP server. Why did I choose this over ejabberd,
 29   OpenFire, etc.? No reason, really. Their website looked cool, I guess.
 30
 31Installing
 32
 33   Setting it up was pretty painless (I've [4]experienced worse). If
 34   you're on a Debian-derived system, add:
 35# modify according to your distro
 36deb https://packages.prosody.im/debian buster main
 37
 38   to your /etc/apt/sources.list, and:
 39# apt update
 40# apt install prosody
 41
 42Configuring
 43
 44   Once installed, you will find the config file at
 45   /etc/prosody/prosody.cfg.lua. Add your XMPP user (we will make this
 46   later), to the admins = {} line.
 47admins = {"user@chat.example.com"}
 48
 49   Head to the modules_enabled section, and add this to it:
 50modules_enabled = {
 51    "posix";
 52    "omemo_all_access";
 53...
 54    -- uncomment these
 55    "groups";
 56    "mam";
 57    -- and any others you think you may need
 58}
 59
 60   We will install the omemo_all_access module later.
 61
 62   Set c2s_require_encryption, s2s_require_encryption, and s2s_secure_auth
 63   to true. Set the pidfile to /tmp/prosody.pid (or just leave it as
 64   default?).
 65
 66   By default, Prosody stores passwords in plain-text, so fix that by
 67   setting authentication to "internal_hashed"
 68
 69   Head to the VirtualHost section, and add your vhost. Right above it,
 70   set the path to the HTTPS certificate and key:
 71certificates = "certs"    -- relative to your config file location
 72https_certificate = "certs/chat.example.com.crt"
 73https_key = "certs/chat.example.com.key"
 74...
 75
 76VirtualHost "chat.example.com"
 77
 78   I generated these certs using Let's Encrypt's certbot, you can use
 79   whatever. Here's what I did:
 80# certbot --nginx -d chat.example.com
 81
 82   This generates certs at /etc/letsencrypt/live/chat.example.com/. You
 83   can trivially import these certs into Prosody's /etc/prosody/certs/
 84   directory using:
 85# prosodyctl cert import /etc/letsencrypt/live/chat.example.com
 86
 87Plugins
 88
 89   All the modules for Prosody can be hg clone'd from
 90   [5]https://hg.prosody.im/prosody-modules. You will, obviously, need
 91   Mercurial installed for this.
 92
 93   Clone it somewhere, and:
 94# cp -R prosody-modules/mod_omemo_all_access /usr/lib/prosody/modules
 95
 96   Do the same thing for whatever other module you choose to install.
 97   Don't forget to add it to the modules_enabled section in the config.
 98
 99Adding users
100
101   prosodyctl makes this a fairly simple task:
102$ prosodyctl adduser user@chat.example.com
103
104   You will be prompted for a password. You can optionally, enable user
105   registrations from XMPP/Jabber clients (security risk!), by setting
106   allow_registration = true.
107
108   I may have missed something important, so here's [6]my config for
109   reference.
110
111Closing notes
112
113   That's pretty much all you need for 1-on-1 E2EE chats. I don't know
114   much about group chats just yet -- trying to create a group in
115   Conversations gives a "No group chat server found". I will figure it
116   out later.
117
118   Another thing that doesn't work in Conversations is adding an account
119   using an SRV record.^[7]2 Which kinda sucks, because having a chat.
120   subdomain isn't very clean, but whatever.
121
122   Oh, also -- you can message me at [8]icy@chat.icyphox.sh.
123     __________________________________________________________________
124
125    1. I'm told IRC supports OTR, but I haven't ever tried.
126    2. [9]https://prosody.im/doc/dns
127
128References
129
130   1. https://icyphox.sh/blog/irc-for-dms/
131   2. https://icyphox.sh/home/icy/leet/site/build/blog/prosody/temp.html#fn:otr
132   3. https://prosody.im/
133   4. https://icyphox.sh/blog/mailserver
134   5. https://hg.prosody.im/prosody-modules
135   6. https://x.icyphox.sh/prosody.cfg.lua
136   7. https://icyphox.sh/home/icy/leet/site/build/blog/prosody/temp.html#fn:srv
137   8. xmpp:icy@chat.icyphox.sh
138   9. https://prosody.im/doc/dns