1---
  2date: '2020-02-18'
  3subtitle: 'I setup Prosody yesterday---here''s how I did it'
  4title: Setting up Prosody for XMPP
  5url: prosody
  6---
  7
  8Remember the [IRC for DMs](/blog/irc-for-dms/) article I wrote a while
  9back? Well...it's safe to say that IRC didn't hold up too well. It first
 10started with the bot. Buggy code, crashed a lot---we eventually gave up
 11and didn't bring the bot back up. Then came the notifications, or lack
 12thereof. Revolution IRC has a bug where your custom notification rules
 13just get ignored after a while. In my case, this meant that
 14notifications for `#crimson` stopped entirely. Unless, of course, Nerdy
 15pinged me each time.
 16
 17Again, none of these problems are inherent to IRC itself. IRC is
 18fantastic, but perhaps wasn't the best fit for our usecase. I still do
 19use IRC though, just not for 1-on-1 conversations.
 20
 21Why XMPP?
 22---------
 23
 24For one, it's better suited for 1-on-1 conversations. It also has
 25support for end-to-end encryption (via OMEMO), something IRC doesn't
 26have.[^1] Also, it isn't centralized (think: email).
 27
 28So...Prosody
 29------------
 30
 31[Prosody](https://prosody.im) is an XMPP server. Why did I choose this
 32over ejabberd, OpenFire, etc.? No reason, really. Their website looked
 33cool, I guess.
 34
 35### Installing
 36
 37Setting it up was pretty painless (I've [experienced
 38worse](/blog/mailserver)). If you're on a Debian-derived system, add:
 39
 40    # modify according to your distro
 41    deb https://packages.prosody.im/debian buster main 
 42
 43to your `/etc/apt/sources.list`, and:
 44
 45    # apt update
 46    # apt install prosody
 47
 48### Configuring
 49
 50Once installed, you will find the config file at
 51`/etc/prosody/prosody.cfg.lua`. Add your XMPP user (we will make this
 52later), to the `admins = {}` line.
 53
 54    admins = {"user@chat.example.com"}
 55
 56Head to the `modules_enabled` section, and add this to it:
 57
 58    modules_enabled = {
 59        "posix";
 60        "omemo_all_access";
 61    ...
 62        -- uncomment these
 63        "groups";
 64        "mam";
 65        -- and any others you think you may need
 66    }
 67
 68We will install the `omemo_all_access` module later.
 69
 70Set `c2s_require_encryption`, `s2s_require_encryption`, and
 71`s2s_secure_auth` to `true`. Set the `pidfile` to `/tmp/prosody.pid` (or
 72just leave it as default?).
 73
 74By default, Prosody stores passwords in plain-text, so fix that by
 75setting `authentication` to `"internal_hashed"`
 76
 77Head to the `VirtualHost` section, and add your vhost. Right above it,
 78set the path to the HTTPS certificate and key:
 79
 80    certificates = "certs"    -- relative to your config file location
 81    https_certificate = "certs/chat.example.com.crt"
 82    https_key = "certs/chat.example.com.key"
 83    ...
 84
 85    VirtualHost "chat.example.com"
 86
 87I generated these certs using Let's Encrypt's `certbot`, you can use
 88whatever. Here's what I did:
 89
 90    # certbot --nginx -d chat.example.com
 91
 92This generates certs at `/etc/letsencrypt/live/chat.example.com/`. You
 93can trivially import these certs into Prosody's `/etc/prosody/certs/`
 94directory using:
 95
 96    # prosodyctl cert import /etc/letsencrypt/live/chat.example.com
 97
 98### Plugins
 99
100All the modules for Prosody can be `hg clone`'d from
101https://hg.prosody.im/prosody-modules. You will, obviously, need
102Mercurial installed for this.
103
104Clone it somewhere, and:
105
106    # cp -R prosody-modules/mod_omemo_all_access /usr/lib/prosody/modules
107
108Do the same thing for whatever other module you choose to install. Don't
109forget to add it to the `modules_enabled` section in the config.
110
111### Adding users
112
113`prosodyctl` makes this a fairly simple task:
114
115    $ prosodyctl adduser user@chat.example.com
116
117You will be prompted for a password. You can optionally, enable user
118registrations from XMPP/Jabber clients (security risk!), by setting
119`allow_registration = true`.
120
121I may have missed something important, so here's [my
122config](https://x.icyphox.sh/prosody.cfg.lua) for reference.
123
124Closing notes
125-------------
126
127That's pretty much all you need for 1-on-1 E2EE chats. I don't know much
128about group chats just yet---trying to create a group in Conversations
129gives a "No group chat server found". I will figure it out later.
130
131Another thing that doesn't work in Conversations is adding an account
132using an `SRV` record.[^2] Which kinda sucks, because having a `chat.`
133subdomain isn't very clean, but whatever.
134
135Oh, also---you can message me at
136[icy\@chat.icyphox.sh](xmpp:icy@chat.icyphox.sh).
137
138[^1]: I'm told IRC supports OTR, but I haven't ever tried.
139
140[^2]: https://prosody.im/doc/dns