How to install Prosody an Open source and modern XMPP communication server

Install Prosody an Open source and modern XMPP communication server.

I will provide Jabber service on example.org domain using xmpp.example.org server and multi-user chat on conference.example.org.

DNS configuration

Create required DNS records. At first define A records for both sub-domains. After that create SRV records to specify the location of Jabber services using format specified in RFC 2782 - DNS SRV RR.

xmpp              10800 IN A 192.0.2.200
conference        10800 IN A 192.0.2.200

_xmpp-client._tcp 10800 IN SRV 0 5 5222 xmpp
_xmpp-server._tcp 10800 IN SRV 0 5 5269 xmpp

_xmpp-server._tcp.conference 10800 IN SRV 0 5 5269 xmpp

Verify DNS configuration.

$ host -t SRV _xmpp-client._tcp.example.org
_xmpp-client._tcp.example.org has SRV record 0 5 5222 xmpp.example.org.
$ host -t SRV _xmpp-server._tcp.example.org
_xmpp-server._tcp.example.org has SRV record 0 5 5269 xmpp.example.org.
$ host -t SRV _xmpp-server._tcp.conference.example.org
_xmpp-server._tcp.conference.example.org has SRV record 0 5 5269 xmpp.example.org.
$ host -t A xmpp.example.org
xmpp.example.org has address 46.165.244.206
$ host -t A conference.example.org
conference.example.org has address 46.165.244.206

Install Jabber/XMPP server

Install packages required to complete installation process.

$ sudo apt-get install wget gnupg2 dirmngr apt-transport-https
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  ca-certificates gnupg gnupg-agent gnupg-l10n libassuan0 libcurl3-gnutls libffi6 libgmp10 libgnutls30 libhogweed4
  libidn2-0 libksba8 libldap-2.4-2 libldap-common libnettle6 libnghttp2-14 libnpth0 libp11-kit0 libpsl5
  libreadline7 librtmp1 libsasl2-2 libsasl2-modules libsasl2-modules-db libsqlite3-0 libssh2-1 libssl1.1
  libtasn1-6 libunistring0 openssl pinentry-curses publicsuffix readline-common
Suggested packages:
  dbus-user-session libpam-systemd pinentry-gnome3 tor parcimonie xloadimage scdaemon gnutls-bin
  libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal libsasl2-modules-ldap libsasl2-modules-otp
  libsasl2-modules-sql pinentry-doc readline-doc
The following NEW packages will be installed:
  apt-transport-https ca-certificates dirmngr gnupg gnupg-agent gnupg-l10n gnupg2 libassuan0 libcurl3-gnutls
  libffi6 libgmp10 libgnutls30 libhogweed4 libidn2-0 libksba8 libldap-2.4-2 libldap-common libnettle6
  libnghttp2-14 libnpth0 libp11-kit0 libpsl5 libreadline7 librtmp1 libsasl2-2 libsasl2-modules libsasl2-modules-db
  libsqlite3-0 libssh2-1 libssl1.1 libtasn1-6 libunistring0 openssl pinentry-curses publicsuffix readline-common
  wget
0 upgraded, 37 newly installed, 0 to remove and 0 not upgraded.
Need to get 11.0 MB of archives.
After this operation, 28.4 MB of additional disk space will be used.
[...]

Add external repository.

$ echo "deb https://packages.prosody.im/debian stretch main" | sudo tee /etc/apt/sources.list.d/prosody.list
deb https://packages.prosody.im/debian stretch main

Import key used to create repository signature. More information about this step can be found in how to download in advance the public key used to sign repository signatures blog post.

$ sudo apt-key --keyring /etc/apt/trusted.gpg.d/prosody.gpg \
               adv \
               --no-default-keyring \
               --keyserver keyserver.ubuntu.com \
               --recv $(wget --quiet \
                             --output-document - \
                             https://packages.prosody.im/debian/dists/stretch/Release.gpg | \
                        gpg --no-default-keyring --list-packets - | \
                        awk '/^:/ {print $NF}')
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
Executing: /tmp/apt-key-gpghome.mYUsMrsrOD/gpg.1.sh --no-default-keyring --keyserver keyserver.ubuntu.com --recv 7393D7E674D9DBB5
gpg: key 7393D7E674D9DBB5: public key "Prosody IM Debian Packages <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1

Update package index.

$ sudo apt-get update
Hit:1 http://security.debian.org stretch/updates InRelease
Ign:2 http://deb.debian.org/debian stretch InRelease
Hit:3 http://deb.debian.org/debian stretch Release
Get:5 https://packages.prosody.im/debian stretch InRelease [5918 B]
Get:6 https://packages.prosody.im/debian stretch/main amd64 Packages [1554 B]
Fetched 7472 B in 0s (13.9 kB/s)   
Reading package lists... Done

Install Jabber/XMPP server.

$ sudo apt-get install prosody
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  libexpat1 lua-bitop lua-expat lua-filesystem lua-sec lua-socket lua5.1 ssl-cert
Suggested packages:
  lua-event lua-dbi-mysql lua-dbi-postgresql lua-dbi-sqlite3 lua-zlib openssl-blacklist
The following NEW packages will be installed:
  libexpat1 lua-bitop lua-expat lua-filesystem lua-sec lua-socket lua5.1 prosody ssl-cert
0 upgraded, 9 newly installed, 0 to remove and 10 not upgraded.
Need to get 570 kB of archives.
After this operation, 3374 kB of additional disk space will be used.
Do you want to continue? [Y/n] 
[...]

Copy SSL certificates for main domain example.org and conferences sub-domain to /etc/prosody/certs directory .

$ sudo ls /etc/prosody/certs/
Makefile
certificate.pem
example.org.pem
example.org.key
conference.example.org.pem
conference.example.org.key
localhost.cnf
localhost.crt
localhost.key
openssl.cnf

Ensure that registration of new accounts via Jabber clients is disabled.

$ grep ^allow_registration /etc/prosody/prosody.cfg.lua
allow_registration = false

Ensure that authentication provider is set to hashed passwords stored using built-in storage.

$ grep ^authentication /etc/prosody/prosody.cfg.lua 
authentication = "internal_hashed"

Define yourself as an admin.

$ sudo sed -i -e "s/^admins = { }/admins = { \"[email protected]\" }/" /etc/prosody/prosody.cfg.lua

Define domain on which user accounts can be created.

$ sudo sed -i -e "s/^VirtualHost \"localhost\"/VirtualHost \"example.org\"/" /etc/prosody/prosody.cfg.lua

Enable multi-user conference component.

$ sudo sed -i -e "/VirtualHost \"example.org\"/a \ \ Component \"conference.example.org\" \"muc\"" /etc/prosody/prosody.cfg.lua

Restart Jabber service.

$ sudo prosodyctl restart

Verify that service is running.

$  sudo prosodyctl status
Prosody is running with PID 4644

Add an admin account.

$ sudo prosodyctl register milosz example.org
Enter new password:  *********
Retype new password: *********

Connect using your favourite Jabber/XMPP client.