RoE | Wiki

User Tools

Site Tools

Trace: prosody
servers:linux:prosody

This is an old revision of the document!

Table of Contents

Information

Prerequisites

Dependencies

sudo zypper install 'prosody'

Firewall

  • 5222/tcp is XMPP c2s 3) and needs forwarded from the router
  • 5269/tcp is XMPP s2s 4) and needs forwarded from the router
  • Firewalld Notes
sudo firewall-cmd --add-service='xmpp-client' --permanent && sudo firewall-cmd --add-service='xmpp-server' --permanent && sudo firewall-cmd --reload

Settings

Modular

echo 'Include "conf.d/*.cfg.lua"' | sudo tee --append '/etc/prosody/prosody.cfg.lua' > '/dev/null'
sudo -e '/etc/prosody/prosody.cfg.lua'

RoE | Chat

sudo mkdir -p '/etc/prosody/conf.d' && sudo -e '/etc/prosody/conf.d/roe-chat.cfg.lua' && sudo chown -R 'prosody':'prosody' '/etc/prosody/conf.d'
admins = { "espionage724@chat.realmofespionage.xyz" }

ssl = {
key = "/etc/prosody/certs/privkey.pem";
certificate = "/etc/prosody/certs/fullchain.pem";
protocol = "tlsv1_2";
ciphers = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";
}

c2s_require_encryption = true

s2s_secure_auth = true

authentication = "internal_hashed"

VirtualHost "chat.realmofespionage.xyz"

-- End

Let's Encrypt SSL Cert

Initial

sudo cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/prosody/certs' && sudo chown 'prosody':'prosody' '/etc/prosody/certs/fullchain.pem' '/etc/prosody/certs/privkey.pem'

Certbot Automation

Prosody

sudo -e '/etc/letsencrypt/cli-custom.ini'
post-hook = cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/prosody/certs' && chgrp 'prosody' '/etc/prosody/certs/fullchain.pem' '/etc/prosody/certs/privkey.pem' && systemctl restart 'prosody'

nginx + Prosody

sudo -e '/etc/letsencrypt/cli-custom.ini'
post-hook = systemctl start 'nginx' && cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/prosody/certs' && chgrp 'prosody' '/etc/prosody/certs/fullchain.pem' '/etc/prosody/certs/privkey.pem' && systemctl restart 'prosody'

nginx + murmur + Prosody

sudo -e '/etc/letsencrypt/cli-custom.ini'
post-hook = systemctl start 'nginx' && cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/murmur/certs' && chgrp 'mumble-server' '/etc/murmur/certs/fullchain.pem' '/etc/murmur/certs/privkey.pem' && systemctl restart 'murmur' && cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/prosody/certs' && chgrp 'prosody' '/etc/prosody/certs/fullchain.pem' '/etc/prosody/certs/privkey.pem' && systemctl restart 'prosody'

Create User

sudo su 'prosody' -s '/bin/bash'
prosodyctl adduser 'espionage724@chat.realmofespionage.xyz'

Services

Initial

sudo systemctl enable 'prosody' --now

Backup

Service

mkdir -p ~/'backups' && sudo -e '/etc/systemd/system/chat-fb.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/chat-fb.service'
[Service]
Type=oneshot
WorkingDirectory=/var/lib
ExecStart='/bin/bash' -c '"/bin/tar" -cvzf "/home/CHANGEME/backups/prosody-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "prosody"'
ExecStartPost='/bin/sync'

Timer

  • This happens weekly 5)
sudo -e '/etc/systemd/system/chat-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'chat-fb.timer' --now && sudo systemctl start 'chat-fb' && sudo systemctl status 'chat-fb' -l
[Unit]
Description=Prosody Files Backup

[Timer]
OnCalendar=weekly
Persistent=true

[Install]
WantedBy=timers.target

Backup

  • Create backup archive on server and transfer to client computer

Server

Archive Files

cd '/var/lib' && sudo tar -cvzf ~/'prosody-files-manual-'$(date +%Y-%m-%d)'.tar.gz' 'prosody' && cd ~ && sync

Client

Transfer Archive to Client

scp espionage724@192.168.1.153:~/'prosody-files-'*'.tar.gz' ~/'Downloads' && sync

Restore

Client

Transfer Archive to Server

scp ~/'Downloads/prosody-files-'*'.tar.gz' espionage724@192.168.1.153:~

Remove Archive

rm ~/'Downloads/prosody-files-'*'.tar.gz' && sync

Server

Stop Prosody

sudo systemctl stop 'prosody'

Remove Previous Folder

sudo rm -Rf '/var/lib/prosody'

Restore Files

cd '/var/lib' && sudo tar -xvzf ~/'prosody-files-'*'.tar.gz' 'prosody' && sudo chown -R 'prosody':'prosody' '/var/lib/prosody' && cd ~ && sync

Start Prosody

sudo systemctl start 'prosody'

Remove Archive

  • Verify that Prosody works before running
rm -R ~/'prosody-files-'*'.tar.gz' && sync

Resources

1)
https://prosody.im
2)
XMPP
3)
client to server communications
4)
server to server communications
5)
I assume the files aren't mission-critical enough to be backed-up daily
/srv/www/wiki/data/attic/servers/linux/prosody.1778827756.txt.gz · Last modified: by Sean Rhone
Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki