====== Information ====== * Prosody ((https://prosody.im)) * [[Information:Realm of Espionage]] * chat.realmofespionage.xyz ((XMPP)) ===== Prerequisites ===== * [[distros:ubuntu_server | Ubuntu Server]] * [[servers:nginx:lets_encrypt | Let's Encrypt]] ===== Notes ===== * https://check.messaging.one/result.php?domain=chat.realmofespionage.xyz&type=client * https://check.messaging.one/submit.php?domain=chat.realmofespionage.xyz&type=server ====== Dependencies ====== **** sudo apt install 'prosody' ====== Firewall ====== * 5222/tcp is XMPP c2s ((client to server communications)) and needs forwarded from the router * 5269/tcp is XMPP s2s ((server to server communications)) and needs forwarded from the router sudo -e '/etc/ufw/applications.d/custom' && sudo ufw allow 'prosody-custom' [prosody-custom] title=prosody-custom description=Prosody XMPP C2S and S2S ports=5222,5269/tcp ====== Settings ====== ===== General ===== * Should be set out-the-box sudo -e '/etc/prosody/prosody.cfg.lua' Include "conf.d/*.cfg.lua" ===== RoE | Chat ===== sudo -e '/etc/prosody/conf.avail/roe-chat.cfg.lua' admins = { "espionage724@chat.realmofespionage.xyz" } ssl = { key = "/etc/prosody/certs/privkey.pem"; certificate = "/etc/prosody/certs/fullchain.pem"; protocol = "tlsv1_2"; ciphers = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"; } c2s_require_encryption = true s2s_secure_auth = true authentication = "internal_hashed" VirtualHost "chat.realmofespionage.xyz" ==== Enable Host ==== **** sudo rm -f '/etc/prosody/conf.d/roe-chat.cfg.lua' && sudo ln -s '/etc/prosody/conf.avail/roe-chat.cfg.lua' '/etc/prosody/conf.d/roe-chat.cfg.lua' ====== Let's Encrypt SSL Cert ====== ===== Initial ===== **** sudo cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/prosody/certs' && sudo chgrp 'prosody' '/etc/prosody/certs/fullchain.pem' '/etc/prosody/certs/privkey.pem' && sync ===== Certbot Automation ===== ==== Prosody ==== sudo -e '/etc/letsencrypt/cli-custom.ini' post-hook = cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/prosody/certs' && chgrp 'prosody' '/etc/prosody/certs/fullchain.pem' '/etc/prosody/certs/privkey.pem' && systemctl restart 'prosody' ==== nginx + Prosody ==== * Requires [[servers:nginx_php_php-fpm | nginx]] sudo -e '/etc/letsencrypt/cli-custom.ini' post-hook = systemctl start 'nginx' && cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/prosody/certs' && chgrp 'prosody' '/etc/prosody/certs/fullchain.pem' '/etc/prosody/certs/privkey.pem' && systemctl restart 'prosody' ==== nginx + murmur + Prosody ==== * Requires [[servers:nginx_php_php-fpm | nginx]] and [[servers:murmur | Murmur]] sudo -e '/etc/letsencrypt/cli-custom.ini' post-hook = systemctl start 'nginx' && cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/murmur/certs' && chgrp 'mumble-server' '/etc/murmur/certs/fullchain.pem' '/etc/murmur/certs/privkey.pem' && systemctl restart 'murmur' && cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/prosody/certs' && chgrp 'prosody' '/etc/prosody/certs/fullchain.pem' '/etc/prosody/certs/privkey.pem' && systemctl restart 'prosody' ====== Create User ====== **** sudo -H -u 'prosody' prosodyctl adduser 'espionage724@chat.realmofespionage.xyz' ====== Services ====== ===== Initial ===== **** sudo systemctl enable 'prosody' --now ===== Backup ===== ==== Service ==== mkdir -p ~/'backups' && sudo -e '/etc/systemd/system/chat-fb.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/chat-fb.service' [Service] Type=oneshot WorkingDirectory=/var/lib ExecStart='/bin/bash' -c '"/bin/tar" -cvzf "/home/CHANGEME/backups/prosody-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "prosody"' ExecStartPost='/bin/sync' ==== Timer ==== * This happens weekly ((I assume the files aren't mission-critical enough to be backed-up daily)) sudo -e '/etc/systemd/system/chat-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'chat-fb.timer' --now && sudo systemctl start 'chat-fb' && sudo systemctl status 'chat-fb' -l [Unit] Description=Prosody Files Backup [Timer] OnCalendar=weekly Persistent=true [Install] WantedBy=timers.target ====== Backup ====== * Create backup archive on server and transfer to client computer ===== Server ===== ==== Archive Files ==== **** cd '/var/lib' && sudo tar -cvzf ~/'prosody-files-manual-'$(date +%Y-%m-%d)'.tar.gz' 'prosody' && cd ~ && sync ===== Client ===== ==== Transfer Archive to Client ==== **** scp espionage724@192.168.1.153:~/'prosody-files-'*'.tar.gz' ~/'Downloads' && sync ====== Restore ====== ===== Client ===== ==== Transfer Archive to Server ==== **** scp ~/'Downloads/prosody-files-'*'.tar.gz' espionage724@192.168.1.153:~ ==== Remove Archive ==== **** rm ~/'Downloads/prosody-files-'*'.tar.gz' && sync ===== Server ===== ==== Stop Prosody ==== **** sudo systemctl stop 'prosody' ==== Remove Previous Folder ==== **** sudo rm -Rf '/var/lib/prosody' ==== Restore Files ==== **** cd '/var/lib' && sudo tar -xvzf ~/'prosody-files-'*'.tar.gz' 'prosody' && sudo chown -R 'prosody':'prosody' '/var/lib/prosody' && cd ~ && sync ==== Start Prosody ==== **** sudo systemctl start 'prosody' ==== Remove Archive ==== * Verify that Prosody works before running rm -R ~/'prosody-files-'*'.tar.gz' && sync