servers:linux:prosody
Table of Contents
Information
Prerequisites
Notes
Dependencies
sudo apt install 'prosody'
Firewall
- 5222/tcp is XMPP c2s 3) and needs forwarded from the router
- 5269/tcp is XMPP s2s 4) and needs forwarded from the router
sudo -e '/etc/ufw/applications.d/custom' && sudo ufw allow 'prosody-custom'
[prosody-custom] title=prosody-custom description=Prosody XMPP C2S and S2S ports=5222,5269/tcp
Settings
General
- Should be set out-the-box
sudo -e '/etc/prosody/prosody.cfg.lua'
Include "conf.d/*.cfg.lua"
RoE | Chat
sudo -e '/etc/prosody/conf.avail/roe-chat.cfg.lua'
admins = { "espionage724@chat.realmofespionage.xyz" } ssl = { key = "/etc/prosody/certs/privkey.pem"; certificate = "/etc/prosody/certs/fullchain.pem"; protocol = "tlsv1_2"; ciphers = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"; } c2s_require_encryption = true s2s_secure_auth = true authentication = "internal_hashed" VirtualHost "chat.realmofespionage.xyz"
Enable Host
sudo rm -f '/etc/prosody/conf.d/roe-chat.cfg.lua' && sudo ln -s '/etc/prosody/conf.avail/roe-chat.cfg.lua' '/etc/prosody/conf.d/roe-chat.cfg.lua'
Let's Encrypt SSL Cert
Initial
sudo cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/prosody/certs' && sudo chgrp 'prosody' '/etc/prosody/certs/fullchain.pem' '/etc/prosody/certs/privkey.pem' && sync
Certbot Automation
Prosody
sudo -e '/etc/letsencrypt/cli-custom.ini'
post-hook = cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/prosody/certs' && chgrp 'prosody' '/etc/prosody/certs/fullchain.pem' '/etc/prosody/certs/privkey.pem' && systemctl restart 'prosody'
nginx + Prosody
- Requires nginx
sudo -e '/etc/letsencrypt/cli-custom.ini'
post-hook = systemctl start 'nginx' && cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/prosody/certs' && chgrp 'prosody' '/etc/prosody/certs/fullchain.pem' '/etc/prosody/certs/privkey.pem' && systemctl restart 'prosody'
nginx + murmur + Prosody
sudo -e '/etc/letsencrypt/cli-custom.ini'
post-hook = systemctl start 'nginx' && cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/murmur/certs' && chgrp 'mumble-server' '/etc/murmur/certs/fullchain.pem' '/etc/murmur/certs/privkey.pem' && systemctl restart 'murmur' && cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/prosody/certs' && chgrp 'prosody' '/etc/prosody/certs/fullchain.pem' '/etc/prosody/certs/privkey.pem' && systemctl restart 'prosody'
Create User
sudo -H -u 'prosody' prosodyctl adduser 'espionage724@chat.realmofespionage.xyz'
Services
Initial
sudo systemctl enable 'prosody' --now
Backup
Service
mkdir -p ~/'backups' && sudo -e '/etc/systemd/system/chat-fb.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/chat-fb.service'
[Service] Type=oneshot WorkingDirectory=/var/lib ExecStart='/bin/bash' -c '"/bin/tar" -cvzf "/home/CHANGEME/backups/prosody-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "prosody"' ExecStartPost='/bin/sync'
Timer
- This happens weekly 5)
sudo -e '/etc/systemd/system/chat-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'chat-fb.timer' --now && sudo systemctl start 'chat-fb' && sudo systemctl status 'chat-fb' -l
[Unit] Description=Prosody Files Backup [Timer] OnCalendar=weekly Persistent=true [Install] WantedBy=timers.target
Backup
- Create backup archive on server and transfer to client computer
Server
Archive Files
cd '/var/lib' && sudo tar -cvzf ~/'prosody-files-manual-'$(date +%Y-%m-%d)'.tar.gz' 'prosody' && cd ~ && sync
Client
Transfer Archive to Client
scp espionage724@192.168.1.153:~/'prosody-files-'*'.tar.gz' ~/'Downloads' && sync
Restore
Client
Transfer Archive to Server
scp ~/'Downloads/prosody-files-'*'.tar.gz' espionage724@192.168.1.153:~
Remove Archive
rm ~/'Downloads/prosody-files-'*'.tar.gz' && sync
Server
Stop Prosody
sudo systemctl stop 'prosody'
Remove Previous Folder
sudo rm -Rf '/var/lib/prosody'
Restore Files
cd '/var/lib' && sudo tar -xvzf ~/'prosody-files-'*'.tar.gz' 'prosody' && sudo chown -R 'prosody':'prosody' '/var/lib/prosody' && cd ~ && sync
Start Prosody
sudo systemctl start 'prosody'
Remove Archive
- Verify that Prosody works before running
rm -R ~/'prosody-files-'*'.tar.gz' && sync
/usr/local/www/wiki/data/pages/servers/linux/prosody.txt · Last modified: by 127.0.0.1