Categories
SysOps

How to install Prosody an Open source and modern XMPP communication server

Install Prosody, an Open-source and modern XMPP communication server.

I will provide Jabber service on example.org domain using xmpp.example.org server and multi-user chat on conference.example.org.

DNS configuration

Create required DNS records. At first, define A records for both sub-domains. After that, create SRV records to specify Jabber services’ location using the format specified in RFC 2782 – DNS SRV RR.

xmpp              10800 IN A 192.0.2.200
conference        10800 IN A 192.0.2.200
_xmpp-client._tcp 10800 IN SRV 0 5 5222 xmpp
_xmpp-server._tcp 10800 IN SRV 0 5 5269 xmpp
_xmpp-server._tcp.conference 10800 IN SRV 0 5 5269 xmpp

Verify DNS configuration.

$ host -t SRV _xmpp-client._tcp.example.org
_xmpp-client._tcp.example.org has SRV record 0 5 5222 xmpp.example.org.
$ host -t SRV _xmpp-server._tcp.example.org
_xmpp-server._tcp.example.org has SRV record 0 5 5269 xmpp.example.org.
$ host -t SRV _xmpp-server._tcp.conference.example.org
_xmpp-server._tcp.conference.example.org has SRV record 0 5 5269 xmpp.example.org.
$ host -t A xmpp.example.org
xmpp.example.org has address 46.165.244.206
$ host -t A conference.example.org
conference.example.org has address 46.165.244.206

Install the Jabber/XMPP server

Install packages required to complete the installation process.

$ sudo apt-get install wget gnupg2 dirmngr apt-transport-https
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  ca-certificates gnupg gnupg-agent gnupg-l10n libassuan0 libcurl3-gnutls libffi6 libgmp10 libgnutls30 libhogweed4
  libidn2-0 libksba8 libldap-2.4-2 libldap-common libnettle6 libnghttp2-14 libnpth0 libp11-kit0 libpsl5
  libreadline7 librtmp1 libsasl2-2 libsasl2-modules libsasl2-modules-db libsqlite3-0 libssh2-1 libssl1.1
  libtasn1-6 libunistring0 openssl pinentry-curses publicsuffix readline-common
Suggested packages:
  dbus-user-session libpam-systemd pinentry-gnome3 tor parcimonie xloadimage scdaemon gnutls-bin
  libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal libsasl2-modules-ldap libsasl2-modules-otp
  libsasl2-modules-sql pinentry-doc readline-doc
The following NEW packages will be installed:
  apt-transport-https ca-certificates dirmngr gnupg gnupg-agent gnupg-l10n gnupg2 libassuan0 libcurl3-gnutls
  libffi6 libgmp10 libgnutls30 libhogweed4 libidn2-0 libksba8 libldap-2.4-2 libldap-common libnettle6
  libnghttp2-14 libnpth0 libp11-kit0 libpsl5 libreadline7 librtmp1 libsasl2-2 libsasl2-modules libsasl2-modules-db
  libsqlite3-0 libssh2-1 libssl1.1 libtasn1-6 libunistring0 openssl pinentry-curses publicsuffix readline-common
  wget
0 upgraded, 37 newly installed, 0 to remove and 0 not upgraded.
Need to get 11.0 MB of archives.
After this operation, 28.4 MB of additional disk space will be used.
[...]

Add external repository.

$ echo "deb https://packages.prosody.im/debian stretch main" | sudo tee /etc/apt/sources.list.d/prosody.list
deb https://packages.prosody.im/debian stretch main

Import key used to create a repository signature. More information about this step can be found in downloading in advance the public key used to sign repository signatures blog post.

$ sudo apt-key --keyring /etc/apt/trusted.gpg.d/prosody.gpg \
               adv \
               --no-default-keyring \
               --keyserver keyserver.ubuntu.com \
               --recv $(wget --quiet \
                             --output-document - \
                             https://packages.prosody.im/debian/dists/stretch/Release.gpg | \
                        gpg --no-default-keyring --list-packets - | \
                        awk '/^:/ {print $NF}')
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
Executing: /tmp/apt-key-gpghome.mYUsMrsrOD/gpg.1.sh --no-default-keyring --keyserver keyserver.ubuntu.com --recv 7393D7E674D9DBB5
gpg: key 7393D7E674D9DBB5: public key "Prosody IM Debian Packages <developers@prosody.im>" imported
gpg: Total number processed: 1
gpg:               imported: 1

Update package index.

$ sudo apt-get update
Hit:1 http://security.debian.org stretch/updates InRelease
Ign:2 http://deb.debian.org/debian stretch InRelease
Hit:3 http://deb.debian.org/debian stretch Release
Get:5 https://packages.prosody.im/debian stretch InRelease [5918 B]
Get:6 https://packages.prosody.im/debian stretch/main amd64 Packages [1554 B]
Fetched 7472 B in 0s (13.9 kB/s)
Reading package lists... Done

Install the Jabber/XMPP server.

$ sudo apt-get install prosody
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  libexpat1 lua-bitop lua-expat lua-filesystem lua-sec lua-socket lua5.1 ssl-cert
Suggested packages:
  lua-event lua-dbi-mysql lua-dbi-postgresql lua-dbi-sqlite3 lua-zlib openssl-blacklist
The following NEW packages will be installed:
  libexpat1 lua-bitop lua-expat lua-filesystem lua-sec lua-socket lua5.1 prosody ssl-cert
0 upgraded, 9 newly installed, 0 to remove and 10 not upgraded.
Need to get 570 kB of archives.
After this operation, 3374 kB of additional disk space will be used.
Do you want to continue? [Y/n]
[...]

Copy SSL certificates for the main domain example.org and conferences sub-domain to /etc/prosody/certs directory.

$ sudo ls /etc/prosody/certs/
Makefile
certificate.pem
example.org.pem
example.org.key
conference.example.org.pem
conference.example.org.key
localhost.cnf
localhost.crt
localhost.key
openssl.cnf

Ensure that registration of new accounts via Jabber clients is disabled.

$ grep ^allow_registration /etc/prosody/prosody.cfg.lua
allow_registration = false

Ensure that the authentication provider is set to hashed passwords stored using built-in storage.

$ grep ^authentication /etc/prosody/prosody.cfg.lua
authentication = "internal_hashed"

Define yourself as an admin.

$ sudo sed -i -e "s/^admins = { }/admins = { \"milosz@example.org\" }/" /etc/prosody/prosody.cfg.lua

Define the domain on which user accounts can be created.

$ sudo sed -i -e "s/^VirtualHost \"localhost\"/VirtualHost \"example.org\"/" /etc/prosody/prosody.cfg.lua

Enable multi-user conference component.

$ sudo sed -i -e "/VirtualHost \"example.org\"/a \ \ Component \"conference.example.org\" \"muc\"" /etc/prosody/prosody.cfg.lua

Restart Jabber service.

$ sudo prosodyctl restart

Verify that service is running.

$  sudo prosodyctl status
Prosody is running with PID 4644

Add an admin account.

$ sudo prosodyctl register milosz example.org
Enter new password:  *********
Retype new password: *********

Connect using your favorite Jabber/XMPP client.