all repos — site @ master

source for my site, found at icyphox.sh

pages/blog/prosody.md (view raw)

  1---
  2template:
  3slug: prosody
  4title: Setting up Prosody for XMPP
  5subtitle: I setup Prosody yesterday—here's how I did it
  6date: 2020-02-18
  7---
  8
  9Remember the [IRC for DMs](/blog/irc-for-dms/) article I wrote a while
 10back? Well...it's safe to say that IRC didn't hold up too well. It first
 11started with the bot. Buggy code, crashed a lot -- we eventually gave up
 12and didn't bring the bot back up. Then came the notifications, or lack
 13thereof. Revolution IRC has a bug where your custom notification rules
 14just get ignored after a while. In my case, this meant that
 15notifications for `#crimson` stopped entirely. Unless, of course, Nerdy
 16pinged me each time.
 17
 18Again, none of these problems are inherent to IRC itself. IRC is
 19fantastic, but perhaps wasn't the best fit for our usecase. I still do
 20use IRC though, just not for 1-on-1 conversations.
 21
 22## Why XMPP?
 23
 24For one, it's better suited for 1-on-1 conversations. It also has
 25support for end-to-end encryption (via OMEMO), something IRC doesn't
 26have.[^otr] Also, it isn't centralized (think: email).
 27
 28[^otr]: I'm told IRC supports OTR, but I haven't ever tried.
 29
 30## So...Prosody
 31
 32[Prosody](https://prosody.im) is an XMPP server. Why did I choose this
 33over ejabberd, OpenFire, etc.? No reason, really. Their website looked
 34cool, I guess.
 35
 36### Installing
 37
 38Setting it up was pretty painless (I've [experienced
 39worse](/blog/mailserver)). If you're on a Debian-derived system, add:
 40```
 41# modify according to your distro
 42deb https://packages.prosody.im/debian buster main 
 43```
 44
 45to your `/etc/apt/sources.list`, and:
 46
 47```
 48# apt update
 49# apt install prosody
 50```
 51
 52### Configuring
 53
 54Once installed, you will find the config file at
 55`/etc/prosody/prosody.cfg.lua`. Add your XMPP user (we will make this
 56later), to the `admins = {}` line.
 57
 58```
 59admins = {"user@chat.example.com"}
 60```
 61
 62Head to the `modules_enabled` section, and add this to it:
 63
 64```
 65modules_enabled = {
 66    "posix";
 67    "omemo_all_access";
 68...
 69    -- uncomment these
 70    "groups";
 71    "mam";
 72    -- and any others you think you may need
 73}
 74```
 75
 76We will install the `omemo_all_access` module later.
 77
 78Set `c2s_require_encryption`, `s2s_require_encryption`, and
 79`s2s_secure_auth` to `true`.
 80Set the `pidfile` to `/tmp/prosody.pid` (or just leave it as default?).
 81
 82By default, Prosody stores passwords in plain-text, so fix that by
 83setting `authentication` to `"internal_hashed"`
 84
 85Head to the `VirtualHost` section, and add your vhost. Right above it,
 86set the path to the HTTPS certificate and key:
 87
 88```
 89certificates = "certs"    -- relative to your config file location
 90https_certificate = "certs/chat.example.com.crt"
 91https_key = "certs/chat.example.com.key"
 92...
 93
 94VirtualHost "chat.example.com"
 95```
 96
 97I generated these certs using Let's Encrypt's `certbot`, you can use
 98whatever. Here's what I did:
 99
100```
101# certbot --nginx -d chat.example.com
102```
103
104This generates certs at `/etc/letsencrypt/live/chat.example.com/`. You can
105trivially import these certs into Prosody's `/etc/prosody/certs/` directory using:
106
107```
108# prosodyctl cert import /etc/letsencrypt/live/chat.example.com
109```
110
111### Plugins
112
113All the modules for Prosody can be `hg clone`'d from
114https://hg.prosody.im/prosody-modules. You will, obviously, need
115Mercurial installed for this.
116
117Clone it somewhere, and: 
118
119```
120# cp -R prosody-modules/mod_omemo_all_access /usr/lib/prosody/modules
121```
122
123Do the same thing for whatever other module you choose to install. Don't
124forget to add it to the `modules_enabled` section in the config.
125
126### Adding users
127
128`prosodyctl` makes this a fairly simple task:
129
130```
131$ prosodyctl adduser user@chat.example.com
132```
133
134You will be prompted for a password. You can optionally, enable
135user registrations from XMPP/Jabber clients (security risk!), by setting
136`allow_registration = true`.
137
138I may have missed something important, so here's [my
139config](https://cdn.icyphox.sh/prosody.cfg.lua) for reference.
140
141## Closing notes
142
143That's pretty much all you need for 1-on-1 E2EE chats. I don't know much
144about group chats just yet -- trying to create a group in Conversations
145gives a "No group chat server found". I will figure it out later.
146
147Another thing that doesn't work in Conversations is adding an account
148using an `SRV` record.[^srv] Which kinda sucks, because having a `chat.`
149subdomain isn't very clean, but whatever.
150
151Oh, also -- you can message me at
152[icy@chat.icyphox.sh](xmpp:icy@chat.icyphox.sh).
153
154[^srv]: https://prosody.im/doc/dns