Differences

This shows you the differences between two versions of the page.

--- servers:prosody [2017/08/19 00:06] – [Timer] Sean Rhone
+++ servers:prosody [2018/07/23 12:32] (current) – Sean Rhone
@@ Line 1: / Line 1: @@
+====== Information ======
+  * Prosody ((https://prosody.im))
+  * [[Information:Realm of Espionage]]
+  * chat.realmofespionage.xyz ((XMPP))
+===== Prerequisites =====
+  * [[distros:ubuntu_server | Ubuntu Server]]
+  * [[servers:nginx:lets_encrypt | Let's Encrypt]]
+===== Notes =====
+  * https://check.messaging.one/result.php?domain=chat.realmofespionage.xyz&type=client
+  * https://check.messaging.one/submit.php?domain=chat.realmofespionage.xyz&type=server
+====== Dependencies ======
+****
+  sudo apt install 'prosody'
+====== Firewall ======
+  * 5222/tcp is XMPP c2s ((client to server communications)) and needs forwarded from the router
+  * 5269/tcp is XMPP s2s ((server to server communications)) and needs forwarded from the router
+  sudo -e '/etc/ufw/applications.d/custom' && sudo ufw allow 'prosody-custom'
+<code>
+[prosody-custom]
+title=prosody-custom
+description=Prosody XMPP C2S and S2S
+ports=5222,5269/tcp</code>
+====== Settings ======
+===== General =====
+  * Should be set out-the-box
+  sudo -e '/etc/prosody/prosody.cfg.lua'
+  Include "conf.d/*.cfg.lua"
+===== RoE | Chat =====
+  sudo -e '/etc/prosody/conf.avail/roe-chat.cfg.lua'
+  admins = { "espionage724@chat.realmofespionage.xyz" }
+  ssl = {
+          key = "/etc/prosody/certs/privkey.pem";
+          certificate = "/etc/prosody/certs/fullchain.pem";
+          protocol = "tlsv1_2";
+          ciphers = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";
+  }
+  c2s_require_encryption = true
+  s2s_secure_auth = true
+  authentication = "internal_hashed"
+  VirtualHost "chat.realmofespionage.xyz"
+==== Enable Host ====
+****
+  sudo rm -f '/etc/prosody/conf.d/roe-chat.cfg.lua' && sudo ln -s '/etc/prosody/conf.avail/roe-chat.cfg.lua' '/etc/prosody/conf.d/roe-chat.cfg.lua'
+====== Let's Encrypt SSL Cert ======
+===== Initial =====
+****
+  sudo cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/prosody/certs' && sudo chgrp 'prosody' '/etc/prosody/certs/fullchain.pem' '/etc/prosody/certs/privkey.pem' && sync
+===== Certbot Automation =====
+==== Prosody ====
+  sudo -e '/etc/letsencrypt/cli-custom.ini'
+  post-hook = cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/prosody/certs' && chgrp 'prosody' '/etc/prosody/certs/fullchain.pem' '/etc/prosody/certs/privkey.pem' && systemctl restart 'prosody'
+==== nginx + Prosody ====
+  * Requires [[servers:nginx_php_php-fpm | nginx]]
+  sudo -e '/etc/letsencrypt/cli-custom.ini'
+  post-hook = systemctl start 'nginx' && cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/prosody/certs' && chgrp 'prosody' '/etc/prosody/certs/fullchain.pem' '/etc/prosody/certs/privkey.pem' && systemctl restart 'prosody'
+==== nginx + murmur + Prosody ====
+  * Requires [[servers:nginx_php_php-fpm | nginx]] and [[servers:murmur | Murmur]]
+  sudo -e '/etc/letsencrypt/cli-custom.ini'
+  post-hook = systemctl start 'nginx' && cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/murmur/certs' && chgrp 'mumble-server' '/etc/murmur/certs/fullchain.pem' '/etc/murmur/certs/privkey.pem' && systemctl restart 'murmur' && cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/prosody/certs' && chgrp 'prosody' '/etc/prosody/certs/fullchain.pem' '/etc/prosody/certs/privkey.pem' && systemctl restart 'prosody'
+====== Create User ======
+****
+  sudo -H -u 'prosody' prosodyctl adduser 'espionage724@chat.realmofespionage.xyz'
+====== Services ======
+===== Initial =====
+****
+  sudo systemctl enable 'prosody' --now
+===== Backup =====
+==== Service ====
+  mkdir -p ~/'backups' && sudo -e '/etc/systemd/system/chat-fb.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/chat-fb.service'
+  [Service]
+  Type=oneshot
+  WorkingDirectory=/var/lib
+  ExecStart='/bin/bash' -c '"/bin/tar" -cvzf "/home/CHANGEME/backups/prosody-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "prosody"'
+  ExecStartPost='/bin/sync'
+==== Timer ====
+  * This happens weekly ((I assume the files aren't mission-critical enough to be backed-up daily))
+  sudo -e '/etc/systemd/system/chat-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'chat-fb.timer' --now && sudo systemctl start 'chat-fb' && sudo systemctl status 'chat-fb' -l
+  [Unit]
+  Description=Prosody Files Backup
+  [Timer]
+  OnCalendar=weekly
+  Persistent=true
+  [Install]
+  WantedBy=timers.target
+====== Backup ======
+  * Create backup archive on server and transfer to client computer
+===== Server =====
+==== Archive Files ====
+****
+  cd '/var/lib' && sudo tar -cvzf ~/'prosody-files-manual-'$(date +%Y-%m-%d)'.tar.gz' 'prosody' && cd ~ && sync
+===== Client =====
+==== Transfer Archive to Client ====
+****
+  scp espionage724@192.168.1.153:~/'prosody-files-'*'.tar.gz' ~/'Downloads' && sync
+====== Restore ======
+===== Client =====
+==== Transfer Archive to Server ====
+****
+  scp ~/'Downloads/prosody-files-'*'.tar.gz' espionage724@192.168.1.153:~
+==== Remove Archive ====
+****
+  rm ~/'Downloads/prosody-files-'*'.tar.gz' && sync
+===== Server =====
+==== Stop Prosody ====
+****
+  sudo systemctl stop 'prosody'
+==== Remove Previous Folder ====
+****
+  sudo rm -Rf '/var/lib/prosody'
+==== Restore Files ====
+****
+  cd '/var/lib' && sudo tar -xvzf ~/'prosody-files-'*'.tar.gz' 'prosody' && sudo chown -R 'prosody':'prosody' '/var/lib/prosody' && cd ~ && sync
+==== Start Prosody ====
+****
+  sudo systemctl start 'prosody'
+==== Remove Archive ====
+  * Verify that Prosody works before running
+  rm -R ~/'prosody-files-'*'.tar.gz' && sync