all repos — site @ f66c2c121ae3edd04ec3b8ca9b960cd9f632d8aa

source for my site, found at icyphox.sh

pages/txt/prosody.txt (view raw)

 1
 2
 3
 4
 5
 6
 7
 8
 9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
 100
 101
 102
 103
 104
 105
 106
 107
 108
 109
 110
 111
 112
 113
 114
 115
 116
 117
 118
 119
 120
 121
 122
 123
 124
 125
 126
 127
 128
 129
 130
 131
 132
 133
 134
 135
 136
 137
 138
 
   18 February, 2020

Setting up Prosody for XMPP

I setup Prosody yesterday--here's how I did it

   Remember the [1]IRC for DMs article I wrote a while back? Well...it's
   safe to say that IRC didn't hold up too well. It first started with the
   bot. Buggy code, crashed a lot -- we eventually gave up and didn't
   bring the bot back up. Then came the notifications, or lack thereof.
   Revolution IRC has a bug where your custom notification rules just get
   ignored after a while. In my case, this meant that notifications for
   #crimson stopped entirely. Unless, of course, Nerdy pinged me each
   time.

   Again, none of these problems are inherent to IRC itself. IRC is
   fantastic, but perhaps wasn't the best fit for our usecase. I still do
   use IRC though, just not for 1-on-1 conversations.

Why XMPP?

   For one, it's better suited for 1-on-1 conversations. It also has
   support for end-to-end encryption (via OMEMO), something IRC doesn't
   have.^[2]1 Also, it isn't centralized (think: email).

So...Prosody

   [3]Prosody is an XMPP server. Why did I choose this over ejabberd,
   OpenFire, etc.? No reason, really. Their website looked cool, I guess.

Installing

   Setting it up was pretty painless (I've [4]experienced worse). If
   you're on a Debian-derived system, add:
# modify according to your distro
deb https://packages.prosody.im/debian buster main

   to your /etc/apt/sources.list, and:
# apt update
# apt install prosody

Configuring

   Once installed, you will find the config file at
   /etc/prosody/prosody.cfg.lua. Add your XMPP user (we will make this
   later), to the admins = {} line.
admins = {"user@chat.example.com"}

   Head to the modules_enabled section, and add this to it:
modules_enabled = {
    "posix";
    "omemo_all_access";
...
    -- uncomment these
    "groups";
    "mam";
    -- and any others you think you may need
}

   We will install the omemo_all_access module later.

   Set c2s_require_encryption, s2s_require_encryption, and s2s_secure_auth
   to true. Set the pidfile to /tmp/prosody.pid (or just leave it as
   default?).

   By default, Prosody stores passwords in plain-text, so fix that by
   setting authentication to "internal_hashed"

   Head to the VirtualHost section, and add your vhost. Right above it,
   set the path to the HTTPS certificate and key:
certificates = "certs"    -- relative to your config file location
https_certificate = "certs/chat.example.com.crt"
https_key = "certs/chat.example.com.key"
...

VirtualHost "chat.example.com"

   I generated these certs using Let's Encrypt's certbot, you can use
   whatever. Here's what I did:
# certbot --nginx -d chat.example.com

   This generates certs at /etc/letsencrypt/live/chat.example.com/. You
   can trivially import these certs into Prosody's /etc/prosody/certs/
   directory using:
# prosodyctl cert import /etc/letsencrypt/live/chat.example.com

Plugins

   All the modules for Prosody can be hg clone'd from
   [5]https://hg.prosody.im/prosody-modules. You will, obviously, need
   Mercurial installed for this.

   Clone it somewhere, and:
# cp -R prosody-modules/mod_omemo_all_access /usr/lib/prosody/modules

   Do the same thing for whatever other module you choose to install.
   Don't forget to add it to the modules_enabled section in the config.

Adding users

   prosodyctl makes this a fairly simple task:
$ prosodyctl adduser user@chat.example.com

   You will be prompted for a password. You can optionally, enable user
   registrations from XMPP/Jabber clients (security risk!), by setting
   allow_registration = true.

   I may have missed something important, so here's [6]my config for
   reference.

Closing notes

   That's pretty much all you need for 1-on-1 E2EE chats. I don't know
   much about group chats just yet -- trying to create a group in
   Conversations gives a "No group chat server found". I will figure it
   out later.

   Another thing that doesn't work in Conversations is adding an account
   using an SRV record.^[7]2 Which kinda sucks, because having a chat.
   subdomain isn't very clean, but whatever.

   Oh, also -- you can message me at [8]icy@chat.icyphox.sh.
     __________________________________________________________________

    1. I'm told IRC supports OTR, but I haven't ever tried.
    2. [9]https://prosody.im/doc/dns

References

   1. https://icyphox.sh/blog/irc-for-dms/
   2. https://icyphox.sh/home/icy/leet/site/build/blog/prosody/temp.html#fn:otr
   3. https://prosody.im/
   4. https://icyphox.sh/blog/mailserver
   5. https://hg.prosody.im/prosody-modules
   6. https://x.icyphox.sh/prosody.cfg.lua
   7. https://icyphox.sh/home/icy/leet/site/build/blog/prosody/temp.html#fn:srv
   8. xmpp:icy@chat.icyphox.sh
   9. https://prosody.im/doc/dns