all repos — site @ 7dcc4efc2c053aafb0026f5cfec82c2cdb9cd12c

source for my site, found at icyphox.sh

pages/blog/prosody.md (view raw)

 1
 2
 3
 4
 5
 6
 7
 8
 9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
 100
 101
 102
 103
 104
 105
 106
 107
 108
 109
 110
 111
 112
 113
 114
 115
 116
 117
 118
 119
 120
 121
 122
 123
 124
 125
 126
 127
 128
 129
 130
 131
 132
 133
 134
 135
 136
 137
 138
 139
 140
 141
 142
 143
 144
 145
 146
 147
 148
 149
 150
 151
 152
 153
 154
 
---
template:
url: prosody
title: Setting up Prosody for XMPP
subtitle: I setup Prosody yesterday—here's how I did it
date: 2020-02-18
---

Remember the [IRC for DMs](/blog/irc-for-dms/) article I wrote a while
back? Well...it's safe to say that IRC didn't hold up too well. It first
started with the bot. Buggy code, crashed a lot---we eventually gave up
and didn't bring the bot back up. Then came the notifications, or lack
thereof. Revolution IRC has a bug where your custom notification rules
just get ignored after a while. In my case, this meant that
notifications for `#crimson` stopped entirely. Unless, of course, Nerdy
pinged me each time.

Again, none of these problems are inherent to IRC itself. IRC is
fantastic, but perhaps wasn't the best fit for our usecase. I still do
use IRC though, just not for 1-on-1 conversations.

## Why XMPP?

For one, it's better suited for 1-on-1 conversations. It also has
support for end-to-end encryption (via OMEMO), something IRC doesn't
have.[^otr] Also, it isn't centralized (think: email).

[^otr]: I'm told IRC supports OTR, but I haven't ever tried.

## So...Prosody

[Prosody](https://prosody.im) is an XMPP server. Why did I choose this
over ejabberd, OpenFire, etc.? No reason, really. Their website looked
cool, I guess.

### Installing

Setting it up was pretty painless (I've [experienced
worse](/blog/mailserver)). If you're on a Debian-derived system, add:
```
# modify according to your distro
deb https://packages.prosody.im/debian buster main 
```

to your `/etc/apt/sources.list`, and:

```
# apt update
# apt install prosody
```

### Configuring

Once installed, you will find the config file at
`/etc/prosody/prosody.cfg.lua`. Add your XMPP user (we will make this
later), to the `admins = {}` line.

```
admins = {"user@chat.example.com"}
```

Head to the `modules_enabled` section, and add this to it:

```
modules_enabled = {
    "posix";
    "omemo_all_access";
...
    -- uncomment these
    "groups";
    "mam";
    -- and any others you think you may need
}
```

We will install the `omemo_all_access` module later.

Set `c2s_require_encryption`, `s2s_require_encryption`, and
`s2s_secure_auth` to `true`.
Set the `pidfile` to `/tmp/prosody.pid` (or just leave it as default?).

By default, Prosody stores passwords in plain-text, so fix that by
setting `authentication` to `"internal_hashed"`

Head to the `VirtualHost` section, and add your vhost. Right above it,
set the path to the HTTPS certificate and key:

```
certificates = "certs"    -- relative to your config file location
https_certificate = "certs/chat.example.com.crt"
https_key = "certs/chat.example.com.key"
...

VirtualHost "chat.example.com"
```

I generated these certs using Let's Encrypt's `certbot`, you can use
whatever. Here's what I did:

```
# certbot --nginx -d chat.example.com
```

This generates certs at `/etc/letsencrypt/live/chat.example.com/`. You can
trivially import these certs into Prosody's `/etc/prosody/certs/` directory using:

```
# prosodyctl cert import /etc/letsencrypt/live/chat.example.com
```

### Plugins

All the modules for Prosody can be `hg clone`'d from
https://hg.prosody.im/prosody-modules. You will, obviously, need
Mercurial installed for this.

Clone it somewhere, and: 

```
# cp -R prosody-modules/mod_omemo_all_access /usr/lib/prosody/modules
```

Do the same thing for whatever other module you choose to install. Don't
forget to add it to the `modules_enabled` section in the config.

### Adding users

`prosodyctl` makes this a fairly simple task:

```
$ prosodyctl adduser user@chat.example.com
```

You will be prompted for a password. You can optionally, enable
user registrations from XMPP/Jabber clients (security risk!), by setting
`allow_registration = true`.

I may have missed something important, so here's [my
config](https://x.icyphox.sh/prosody.cfg.lua) for reference.

## Closing notes

That's pretty much all you need for 1-on-1 E2EE chats. I don't know much
about group chats just yet---trying to create a group in Conversations
gives a "No group chat server found". I will figure it out later.

Another thing that doesn't work in Conversations is adding an account
using an `SRV` record.[^srv] Which kinda sucks, because having a `chat.`
subdomain isn't very clean, but whatever.

Oh, also---you can message me at
[icy@chat.icyphox.sh](xmpp:icy@chat.icyphox.sh).

[^srv]: https://prosody.im/doc/dns