Difference between revisions of "Prosody"
(→Links) |
m (Update SSL config for Heartbleed, Poodle bugs) |
||
| Line 24: | Line 24: | ||
key = "/etc/ssl/private/star.yourdomain.com.key"; | key = "/etc/ssl/private/star.yourdomain.com.key"; | ||
certificate = "/etc/ssl/certs/star.yourdomain.com.crt"; | certificate = "/etc/ssl/certs/star.yourdomain.com.crt"; | ||
| + | -- Ix nay on the SSL-ay (Heartbleed, Poodle, etc.) | ||
| + | options = {"no_sslv2", "no_sslv3", "no_ticket", "no_compression", | ||
| + | "cipher_server_preference", "single_dh_use", "single_ecdh_use"}; | ||
| + | |||
} | } | ||
Revision as of 10:00, 13 November 2014
Prosody is a small and fast XMPP daemon written in Lua. You can install it like this:
sudo apt-get install prosody
Edit the config /etc/prosody/prosody.cfg.lua to make sure you have BOSH support, group rosters and compression enabled, and you probably want self-registration off:
modules_enabled = {
"compression";
"bosh";
"groups";
...
}
allow_registration = false;
bosh_ports = { 5280 };
...
Set up a virtual host config for your domain in /etc/prosody/conf.avail/yourdomain.cfg.lua
VirtualHost "yourdomain.com"
enabled = true
ssl = {
key = "/etc/ssl/private/star.yourdomain.com.key";
certificate = "/etc/ssl/certs/star.yourdomain.com.crt";
-- Ix nay on the SSL-ay (Heartbleed, Poodle, etc.)
options = {"no_sslv2", "no_sslv3", "no_ticket", "no_compression",
"cipher_server_preference", "single_dh_use", "single_ecdh_use"};
}
-- optional, for IRC-style chatrooms
Component "chatrooms.yourdomain.com" "muc"
restrict_room_creation = "local"
-- optional, for file transfers
Component "chatproxy.yourdomain.com" "proxy65"
Then enable it with ln -s into /etc/prosody/conf.d
DNS configuration
You need your chat, chatrooms, and chatproxy subdomains to be A records (not CNAME), and you also need 2 SRV records and a TXT record, thus:
_xmpp-client._tcp.yourdomain.com = SRV: 0 5 5222 chat.yourdomain.com _xmpp-server._tcp.yourdomain.com = SRV: 0 5 5269 chat.yourdomain.com TXT: _xmpp-client-xbosh=https://chat.yourdomain.com/http-bind/
Add some users
Add yourself with
sudo prosodyctl adduser yourusername@yourdomain.com
Enabling sane multi-client support
Want persistent message history everywhere, like Hangouts?[1] You'll need:
Luckily, these are all in the community contrib repository:
hg clone https://code.google.com/p/prosody-modules/
Then copy mod_smacks mod_mam* mod_carbons* into /usr/lib/prosody/modules on your server, and add this to your prosody configuration:
modules_enabled = {
-- ...
"smacks";
"mam";
"mam_archive";
"mam_muc";
"carbons";
"carbons_copies";
-- ...
}
storage = {
archive2 = "sql"; -- mam_archive requires SQL storage.
}
default_archive_policy = true;
max_archive_query_results = 100;
Links
- ↑ Then don't use Pidgin.
More documentation at