Many of us use Gtalk o Facebook Chat without knowing that the protocol we use to communicate is none other than XMPP (Extensible Messaging and Presence Protocol) which is open as well.
En GNU / Linux we have several applications to set up our own server XMPP o Jabber as it is also known, some more complicated than others when configuring. For example, we have ejabberd, which is quite simple and light, but if we want to optimize much more, we have Prosody.
Then I leave you an article published in GUTL by one of our users (Hugo) and where he shows us how to configure our own server XMPP with Prosody.
Introduction
When installing an XMPP (Jabber) server for internal messaging on a local network, many choose jabber, ejabberd or openfire, but although functional, these applications can demand a lot of resources.
If you have a small or medium network and you just want a simple instant messaging service, fortunately there is a lightweight server alternative called prosody, which although it is programmed in LUA which is an interpreted language, according to its developers it works very well thanks to luajit.
This short tutorial will explain how to install and configure prosody on Debian stable.
Preparations and installation
Prosody packages are located in the Debian repository, but the developers of this software have prepared a repository for Debian and derivatives containing recent packages and additional modules, which we can use as follows:
echo "deb http://packages.prosody.im/debian stable main" | sudo tee -a /etc/apt/sources.list wget http://prosody.im/files/prosody-debian-packages.key -O- | sudo apt-key add - sudo aptitude update
Once the repository is added, we can proceed to install prosody (additionally adding modules to use sasl
as an authentication mechanism if necessary, which allows to integrate prosody with pam
, LDAP, Etc.).
sudo aptitude install sasl2-bin libsasl2-modules-ldap prosody liblua5.1- {sec0, cyrussasl0, event-prosody0}
We then proceed to generate self-signed certificates for our domain:
cd / etc / prosody / certs sudo openssl req -new -x509 -days 1095 -nodes -out "mydomain.cu.cert" -keyout "mydomain.cu.key"
The wizard will ask us a series of data, of which the really essential one is “Common Name (eg server FQDN or YOUR name) ”where we have to put our domain, as we will use it in the section virtual host configuration file.
Additionally, if on the server where we install prosody we have configured iptables
With default deny policies, we need to open the required ports for our network, for example:
sudo iptables -A INPUT -i lo -j ACCEPT sudo iptables -A INPUT -i eth1 -s 192.168.0.0/24 -p tcp -m tcp -m state --state ESTABLISHED, RELATED -j ACCEPT sudo iptables -A INPUT - i eth1 -s 192.168.0.0/24 -p tcp -m tcp -m multiport --dports 5222,5223,5269 -m state --state NEW -j ACCEPT
Configuration
Next, we proceed to modify some lines of the configuration file, for which we must edit /etc/prosody/prosody.cfg.lua
so it looks like this:
-
ports = {5222, 5269} ssl_ports = {5223} admins = {"juan@mydomain.cu", "pedro@mydomain.cu"} use_libevent = true; - the default option is based on the select () function, instead libevent uses epoll (), which is more efficient and scalable. modules_enabled = {"roster"; "saslauth"; "tls"; "dialback"; "disk"; "private"; "vcard"; "privacy"; "compression"; "legacyauth"; "version"; "uptime"; "time"; "ping"; "pep"; "register"; - do not disable this module, it allows not only to register but also to change "adhoc" passwords; "admin_adhoc"; "posix"; "bosh"; - add this line if you want to enable jabber over http}; allow_registration = false; - disabled for security - change to true if you want to enable account creation from the client itself ssl = {key = "/etc/prosody/certs/localhost.key"; certificate = "/etc/prosody/certs/localhost.cert"; } storage = "internal"; - the default storage is an xml file - optionally we can use the "sql" storage method - this allows using SQLite, MySQL or PostgreSQL as a backend (although certain parameters must be added) authentication = "internal_hashed"; - we can use "internal_plain" if the client does not support SCRAM-SHA-1 - if we want to use the sasl method to later use LDAP, we must use "cyrus" log = {error = "/ var / log / prosody / prosody. err "; info = "/var/log/prosody/prosody.log"; } pidfile = "/var/run/prosody/prosody.pid"; VirtualHost "localhost" VirtualHost "mydomain.cu" ssl = {key = "/etc/prosody/certs/mydomain.cu.key"; certificate = "/etc/prosody/certs/mydomain.cu.crt"; }
Once the configuration file has been modified, we restart the service:
sudo service prosody subtract
Now we will proceed to create the accounts. In this case, as in the configuration file we disable the registry from the clients, the accounts will have to be created manually on the server. The authentication method that we choose in the configuration (internal_hashed) makes that the passwords are not saved in clear but with the mechanism SCRAM-SHA-1
. If the messaging client we intend to use does not support this mechanism, the "internal_plain" method could be used in the configuration.
First we will create the accounts of the administrators of the service that we declare in the configuration (declaring them does not imply that they are created automatically):
sudo prosodyctl adduser juan@mydomain.cu sudo prosodyctl adduser pedro@mydomain.cu
We can use the same command for any other account that we want to create.
Finally, we check that the service is running:
sudo prosodyctl status
We should get a message like the following:
Prosody is running with PID 1310
Client configuration
The configuration depends on the client, but in general the details are simple. For example, for Pidgin:
"Basic" tab
Username: Juan
Domain: mydomain.cu
Resource: pc-john
"Advanced" tab
Connection security: Use encryption if possible
Connection port: 5222
Connect to Server: myserver.mydomain.cu
Notes
More information can be found (including the use of Cyrus SASL with LDAP and how to create entries from DNS) On this article from the Debian Wiki.
A user comments via DesdeLinux that to really stop the service you needed to execute pkill lua5.1
I like it ... let's see if once and for all I change OpenFire for ejabberd or this Prosody 🙂
I'm already doing the tests in VirtualBox precisely for that .. because if we wait for you my son .. ¬¬
^ - ^ U ... hehe ...
Now I send a ticket to the Hosting provider asking about the DNS record that we need to remove the 'jabber .'______
Okay. Jabber, IRC, Facebook, Gtalk, I don't know how or where, but connect ..
How is the integration with LDAP of the Prosody done? and the BD?
Here's how to do it: http://blog.marc-seeger.de/2009/12/30/setting-up-prosody-to-authenticate-against-ldap/
a couple of images for the less knowledgeable would not be bad ^. ^
At home I have prosody, I installed it to test and I liked it for its simplicity. A detail when stopping the server I have to do a pkill lua5.1 to really stop it.
Wow, this is interesting. Is there a way that other people can create users through a GUI (could be web)? How would you go about getting a domain to use it? 😛
You enable the registration in the config and from the same jabber client they are registered by checking the option to create account on the server.
allow_registration = true;
I am looking for prosody packages in slackware, excellent tutorial. Cheers
How can I verify if a user can authenticate? or how can I know if a user is connected to the server?
I succeeded 😀 I was able to install and configure it correctly. Install the server on one PC and the client is another PC. but I have a problem. In order for the client to know that my server with the domain (medellinlibre.org) is LOCAL. I must add to the hosts file IPDELSERVIDOR medellinlibre.org. If not, it does not connect, for obvious reasons. My question is if there is no way for all the PCs on the network to know by default that this domain is on the LAN at a given IP?
same doubt! did you know at the end ?? I'm starting with prosody ...
Very simple, in the pidgin specify the ip of the server in advanced options, the other option is to mount a dns on your LAN.
This topic is very interesting and I wanted to know if Prosody supports websockets. I am interested in making an xmpp web client
You could see this. http://code.google.com/p/xmppwebchat/
Hi, don't you have a version of the tutorial with a configuration that is only for a domestic intranet? No domain or anything like that. barely so that only 1 computer with Liñux is a server and the other computers that connect to it
It is solely to be able to chat between the intranet computers through pidgin.