User Tools

Site Tools


servers:linux:prosody

Information

Prerequisites

Notes

Dependencies

sudo apt install 'prosody'

Firewall

  • 5222/tcp is XMPP c2s 3) and needs forwarded from the router
  • 5269/tcp is XMPP s2s 4) and needs forwarded from the router
sudo -e '/etc/ufw/applications.d/custom' && sudo ufw allow 'prosody-custom'
[prosody-custom]
title=prosody-custom
description=Prosody XMPP C2S and S2S
ports=5222,5269/tcp

Settings

General

  • Should be set out-the-box
sudo -e '/etc/prosody/prosody.cfg.lua'
Include "conf.d/*.cfg.lua"

RoE | Chat

sudo -e '/etc/prosody/conf.avail/roe-chat.cfg.lua'
admins = { "espionage724@chat.realmofespionage.xyz" }

ssl = {
        key = "/etc/prosody/certs/privkey.pem";
        certificate = "/etc/prosody/certs/fullchain.pem";
        protocol = "tlsv1_2";
        ciphers = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";
}

c2s_require_encryption = true

s2s_secure_auth = true

authentication = "internal_hashed"

VirtualHost "chat.realmofespionage.xyz"

Enable Host

sudo rm -f '/etc/prosody/conf.d/roe-chat.cfg.lua' && sudo ln -s '/etc/prosody/conf.avail/roe-chat.cfg.lua' '/etc/prosody/conf.d/roe-chat.cfg.lua'

Let's Encrypt SSL Cert

Initial

sudo cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/prosody/certs' && sudo chgrp 'prosody' '/etc/prosody/certs/fullchain.pem' '/etc/prosody/certs/privkey.pem' && sync

Certbot Automation

Prosody

sudo -e '/etc/letsencrypt/cli-custom.ini'
post-hook = cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/prosody/certs' && chgrp 'prosody' '/etc/prosody/certs/fullchain.pem' '/etc/prosody/certs/privkey.pem' && systemctl restart 'prosody'

nginx + Prosody

sudo -e '/etc/letsencrypt/cli-custom.ini'
post-hook = systemctl start 'nginx' && cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/prosody/certs' && chgrp 'prosody' '/etc/prosody/certs/fullchain.pem' '/etc/prosody/certs/privkey.pem' && systemctl restart 'prosody'

nginx + murmur + Prosody

sudo -e '/etc/letsencrypt/cli-custom.ini'
post-hook = systemctl start 'nginx' && cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/murmur/certs' && chgrp 'mumble-server' '/etc/murmur/certs/fullchain.pem' '/etc/murmur/certs/privkey.pem' && systemctl restart 'murmur' && cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/prosody/certs' && chgrp 'prosody' '/etc/prosody/certs/fullchain.pem' '/etc/prosody/certs/privkey.pem' && systemctl restart 'prosody'

Create User

sudo -H -u 'prosody' prosodyctl adduser 'espionage724@chat.realmofespionage.xyz'

Services

Initial

sudo systemctl enable 'prosody' --now

Backup

Service

mkdir -p ~/'backups' && sudo -e '/etc/systemd/system/chat-fb.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/chat-fb.service'
[Service]
Type=oneshot
WorkingDirectory=/var/lib
ExecStart='/bin/bash' -c '"/bin/tar" -cvzf "/home/CHANGEME/backups/prosody-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "prosody"'
ExecStartPost='/bin/sync'

Timer

  • This happens weekly 5)
sudo -e '/etc/systemd/system/chat-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'chat-fb.timer' --now && sudo systemctl start 'chat-fb' && sudo systemctl status 'chat-fb' -l
[Unit]
Description=Prosody Files Backup

[Timer]
OnCalendar=weekly
Persistent=true

[Install]
WantedBy=timers.target

Backup

  • Create backup archive on server and transfer to client computer

Server

Archive Files

cd '/var/lib' && sudo tar -cvzf ~/'prosody-files-manual-'$(date +%Y-%m-%d)'.tar.gz' 'prosody' && cd ~ && sync

Client

Transfer Archive to Client

scp espionage724@192.168.1.153:~/'prosody-files-'*'.tar.gz' ~/'Downloads' && sync

Restore

Client

Transfer Archive to Server

scp ~/'Downloads/prosody-files-'*'.tar.gz' espionage724@192.168.1.153:~

Remove Archive

rm ~/'Downloads/prosody-files-'*'.tar.gz' && sync

Server

Stop Prosody

sudo systemctl stop 'prosody'

Remove Previous Folder

sudo rm -Rf '/var/lib/prosody'

Restore Files

cd '/var/lib' && sudo tar -xvzf ~/'prosody-files-'*'.tar.gz' 'prosody' && sudo chown -R 'prosody':'prosody' '/var/lib/prosody' && cd ~ && sync

Start Prosody

sudo systemctl start 'prosody'

Remove Archive

  • Verify that Prosody works before running
rm -R ~/'prosody-files-'*'.tar.gz' && sync
2)
XMPP
3)
client to server communications
4)
server to server communications
5)
I assume the files aren't mission-critical enough to be backed-up daily
/usr/local/www/wiki/data/pages/servers/linux/prosody.txt · Last modified: by 127.0.0.1