IM mai Prosody da masu amfani na gari - Hanyoyin sadarwar PYMES

Janar jeri na jerin: Hanyoyin sadarwar Kwamfuta don SMEs: Gabatarwa

Wannan labarin shine ci gaba na:

• Squid + PAM Tabbatarwa akan CentOS 7.
• Mai amfani da gida da kuma kula da rukuni
• NSD Server na DNS Mai sarrafawa + Shorewall
  

Barka dai abokai da abokai!

Muna ci gaba da ƙara sabis na cibiyar sadarwa dangane da ƙididdigar mai amfani na gida zuwa ƙananan uwar garken rukuni. Masu kwazo Free Software, musamman CentOS.

Yanayin aiki na kungiyar ya canza don mafi kyau. Yanzu suna da matsayin hedikwata gida mai hawa uku tare da ginshiki kuma suna buƙatar aiwatar da uwar garken saƙon nan take da canja wurin fayil tsakanin wuraren aiki, don sauƙaƙa wahalar hawa sama da sauka ko hawa mai yawa. ;-) Don wannan suna ba da shawara don amfani da shirin Wadatarwa.

Sun ƙuduri aniyar buga sabis na Hirar Intanet don Masu Entauna, kuma suna shirin haɗa haɗin sabar saƙonnin su nan take tare da sauran masu amfani da saitunan XMPP waɗanda ke kan hanyar sadarwar. Saboda wannan sun sayi sunan yankin desdelinux.fan kuma har zuwa yanzu adireshin IP ɗin da ke hade da wannan sunan yana gudanar da mai ba da damar shiga Intanet.

Hirar ta hanyar sabis na Prosody zai ba su damar musayar saƙonnin nan take, canja wurin fayiloli, yin taron murya da bidiyo, da ƙari.

Menene Prosody Instant Messenger?

Wadatarwa sabar sadarwa ce ta zamani dangane da yarjejeniyar XMPP. An tsara shi don sauƙin shigarwa da daidaitawa, da ingantaccen kula da albarkatun tsarin. Prosody shine Buɗeɗɗen Maɓuɓɓuga - Shirye-shiryen Buɗaɗɗen Source da aka kirkira ƙarƙashin lasisin lasisi MIT / X11.

XMPP wani zaɓi ne na kasuwanci don samar da sabis na saƙon nan take. Ana iya aiwatar da shi a cikin yanayin kasuwancin samarwa, a cikin hanyar sadarwar dangi, cibiyar sadarwar makwabta, da sauransu. Yana tallafawa ɗumbin software na abokin ciniki don tebur da dandamali na hannu. Ta hanyar XMPP ana iya samar da wannan sabis ɗin ga kowace na'ura.

Bugu da ƙari, za su iya mahada shigarwa da yawa na Prosody da sauran sabis waɗanda suka dace da yarjejeniyar XMPP, kuma suka samar da hanyar sadarwar saƙonni wanda zamu sami ikon sarrafa saƙon da kuma jigilar fayil wanda zai faru ta hanyar amintacciyar hanya.

Tallafawa da tabbatarwa akan masu amfani da gida

en el Taswirar Shafin IM na Prosody mun sami hanyar haɗi zuwa shafin Masu Bayar da Tabbatarwa, wanda ya ce kamar na 0.8 na Prosody, ana ba da tallafi ga masu samar da sahihan bayanai ta hanyar plugins. Zaka iya amfani da direbobi ginanniyar software, ko zaka iya haɗawa tare da ingantaccen ɓangare na uku da masu samar da adanawa ta amfani da su APIs.

Providersila za mu iya amfani da masu ba da tabbacin

Bayanin Suna ----------------- ---------------------
bayanin ciki   Tsoffin tabbaci. Bayyanannun kalmomin sirri suna adana ta amfani da ginanniyar ajiya.

na ciki_  Ana adana kalmomin shiga ta hanyar algorithm na ciki ta amfani da ginanniyar ajiya.

Sairus       Haɗuwa tare da Cyrus SASL (LDAP, Pam,...)

m    Tsarin tantancewa ta amfani da SASL 'ANONYMOUS' tare da sunan mai amfani bazuwar wanda baya buƙatar takardun shaidarka na asali.

XMPP yana amfani da daidaitattun ka'idodin Tabbatar da Tabbacin Tabbacin Secasa don tabbatarwa - Skwaikwayo ATantance kalmar sirri da Swarkewa LJiya (SASL), don inganta takardun shaidarka na abokan ciniki. Prosody ya ƙunshi ɗakin karatu SASL wanda ta tsoho yana tabbatar da takardun shaidarka akan asusun da ke akwai a cikin ginanniyar ajiyarsa.

Tun da sigar 0.7 na Prosody, ana tallafawa mai ba da sabis na waje Cyrus SALS wanda zai iya inganta takaddun bayanan da masu amfani na waje suka bayar akan wasu kafofin kamar: Pam, LDAP, SQL da sauransu. Hakanan yana ba da damar amfani da GSSAPI don Sabis-sa-hannu guda - Sabis-sa-hannu guda.

A cikin wannan labarin akan Prosody, don samun tabbaci akan masu amfani na gida ta hanyar PAM, zamuyi amfani da mai ba da tabbacin «Sairus»An bayar da kunshin«crus-sasl»Kuma wannan yana aiki tare da daemon sullauthd.

cyrus-sasl da saslauthd

[tushen @ linuxbox ~] # yum shigar da cyrus-sasl

An riga an shigar daemon saslauthd

[tushen @ linuxbox ~] # getsebool -a | grep saslauthd
saslauthd_read_shadow -> kashe

[tushen @ linuxbox ~] # setsebool saslauthd_read_shadow on
[tushen @ linuxbox ~] # getsebool -a | grep saslauthd
saslauthd_read_shadow -> kan

[tushen @ linuxbox ~] # tsarin systemctl saslauthd
La saslauthd.service - SASL Tantance kalmar sirri daemon. Loaded: ɗora Kwatancen (/usr/lib/systemd/system/saslauthd.service; nakasassu; mai siyarwa saiti: naƙasasshe) Mai aiki: mara aiki (matacce)

[tushen @ linuxbox ~] # systemctl kunna saslauthd
Irƙirar sasantawa daga /etc/systemd/system/multi-user.target.wants/saslauthd.service to /usr/lib/systemd/system/saslauthd.service.

[tushen @ linuxbox ~] # systemctl fara saslauthd
[tushen @ linuxbox ~] # tsarin systemctl saslauthd
La saslauthd.service - SASL Tantance kalmar sirri daemon. An ɗora: ɗora Kwatancen (/usr/lib/systemd/system/saslauthd.service; kunna; saiti mai saiti: naƙasasshe) Mai aiki: aiki (gudu) tun Sat 2017-04-29 10:31:20 EDT; Tsarin 2s da suka gabata: 1678 ExecStart = / usr / sbin / saslauthd -m $ SOCKETDIR -a $ MECH $ FLAGS (lambar = fita, status = 0 / SUCCESS) Babban PID: 1679 (saslauthd) CGroup: /system.slice/saslauthd. sabis ├─1679 / usr / sbin / saslauthd -m / run / saslauthd -a pam ├─1680 / usr / sbin / saslauthd -m / run / saslauthd -a pam ├─1681 / usr / sbin / saslauthd -m / run / saslauthd -a pam ├─1682 / usr / sbin / saslauthd -m / run / saslauthd -a pam └─1683 / usr / sbin / saslauthd -m / run / saslauthd -a pam

Prosody da lua-cyrussasl

[tushen @ linuxbox ~] # yum shigar da jini
---- An warware dogaro ========================================== == ================================== Tsarin Ma'ajin Gine-ginen Kunshin Girman Ma'aji ========= == ============================================== = = ================== Girkawa: prosody x86_64 0.9.12-1.el7 Epel-Repo 249 k Girkawa don masu dogaro: lua-expat x86_64 1.3.0- 4.el7 Epel -Repo 32 k lua-filesystem x86_64 1.6.2-2.el7 Epel-Repo 28 k lua-sec x86_64 0.5-4.el7 Epel-Repo 31 k lua-soket x86_64 3.0-0.10.rc1.el7 Epel -Repo 176k Transaction Takaitawa ================================== ======== ================================ Shigar da Kunshin 1 (+ 4 Dogayen Buƙatun) --- -

[tushen @ linuxbox ~] # getsebool -a | gaisuwa
wadatar_bind_http_port -> a kashe
[tushen @ linuxbox ~] # setsebool prosody_bind_http_port on
[tushen @ linuxbox ~] # getsebool -a | gaisuwa
su_da_ba_da_bau -> on

[tushen @ linuxbox ~] # systemctl ya ba da damar mutum
Symirƙirar haɗin kai daga /etc/systemd/system/multi-user.target.wants/prosody.service to /usr/lib/systemd/system/prosody.service. [root @ linuxbox ~] # systemctl status prosody ● prosody.service - Prosody XMPP (Jabber) uwar garke Loaded: ɗora Kwatancen (/usr/lib/systemd/system/prosody.service; an kunna; mai saiti saiti: naƙasasshe) Mai aiki: ba ya aiki (ya mutu) )

[tushen @ linuxbox ~] # systemctl fara farawa
[tushen @ linuxbox ~] # systemctl matsayi mai kyau
Ody prosody.service - Prosody XMPP (Jabber) uwar garken An ɗora Kwatancen: ɗora Kwatancen (/usr/lib/systemd/system/prosody.service; kunna; saiti mai saiti: naƙasasshe) Mai aiki: aiki (gudu) tun Sat 2017-04-29 10:35:07 EDT; Tsarin 2s da suka gabata: 1753 ExecStart = / usr / bin / prosodyctl fara (lambar = fita, matsayi = 0 / SUCCESS) Babban PID: 1756 (lua) CGroup: /system.slice/prosody.service └─1756 lua / usr / lib64 / jinin-jini /..////bin/ yaduwar jini

[tushen @ linuxbox ~] # wutsiya /var/log/tallakawa/prosody.log
Apr 29 10:35:06 general info Barka da zuwa barka da zuwa Prosody version 0.9.12 Apr 29 10:35:06 general info Prosody yana amfani da backend na zaɓaɓɓe don haɗawa Apr 29 10: 35: 06 Bayanin mai amfani da aka Kunna 's2s' akan [::]: 5269, [*]: 5269 Apr 29 10:35:06 bayanin mai jigilar kaya An kunna sabis 'c2s' akan [::]: 5222, [*]: 5222 Apr 29 10:35:06 bayanin mai sarrafa bayanai An kunna sabis 'legacy_ssl' ba a kan tashar jiragen ruwa ba Apr 29 10:35:06 mod_posix info Prosody na gab da ficewa daga na'ura mai kwakwalwa, wanda hakan zai iya dakatar da fitowar kayan aiki a cikin Apr 29 10: 35: 06 mod_posix info Cikin nasara ya zama ruwan dare zuwa PID 1756

[tushen @ linuxbox ~] # yum shigar lua-cyrussasl

Mun ƙirƙiri kama-da-wane host «chat.desdelinux.fan" daga "example.com" wanda Prosody ya girka

[tushen @ Linuxbox ~] # cp /etc/prosody/conf.d/example.com.cfg.lua \
/etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua

[tushen @ Linuxbox ~] # nano /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua
- Sashe don VirtualHost hira

VirtualHost" hira.desdelinux.fan"

- Sanya wa wannan rundunar takardar shaidar TLS, in ba haka ba zai yi amfani da wanda aka saita a cikin ɓangaren duniya (idan akwai). - Lura cewa salon SSL na da a tashar 5223 kawai yana tallafawa satifiket ɗaya kawai, kuma koyaushe zaiyi amfani da na duniya.
        ssl = {
                 mabuɗi = "/etc/pki/prosody/chat.key";
                takardar shaida = "/etc/pki/prosody/chat.crt";
        }

-- Abubuwan da aka gyara ------ Za ka iya ƙididdige sassa don ƙara runduna waɗanda ke ba da ayyuka na musamman, -- kamar taron masu amfani da yawa, da jigilar kaya. -- Don ƙarin bayani kan abubuwan da aka haɗa, duba http://prosody.im/doc/components --- Saita uwar garken ɗaki (Multi-user chat) akan conference.chat.desdelinux.fan:
Bangaren "conference.chat.desdelinux.fan" "muc"
suna = "Masu kishin zuciya" - SHINE SUNAN DAFAR TARO DON Sanarwa - YAUSHE ZAKU SHIGA DAKIN
restrict_room_creation = gaskiya ne

- Kafa SOCKS5 bytestream wakili don canja wurin fayil mai amfani da sabar: - Component "proxy.chat" "proxy65" --- Kafa wani waje na waje (tsoffin tashar jirgin ruwa shine 5347) - - Abubuwan haɗin waje suna ba da damar ƙara ayyuka daban-daban, kamar azaman ƙofofin / - jigilar kaya zuwa wasu hanyoyin sadarwa kamar ICQ, MSN da Yahoo. Don ƙarin bayani - duba: http://prosody.im/doc/components#adding_an_external_component - --Component "gateway.chat" - component_secret = "password"

Tantance kalmar sirri = "cyrus"
cyrus_service_name = "xmpp"
cyrus_require_provisioning = karya ne
sunan cyrus_application_name = "mai wucewa"
cyrus_server_fqdn = "tattaunawa.desdelinux.fan"

Muna daidaita ƙungiyar da ta mallaki fayil ɗin /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua

[tushen @ Linuxbox ~] # ls -l /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua 
-rw-r -----. daya tushen tushe 1361 Afrilu 29 10:45 /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua

[tushen @ linuxbox ~] # tushen da aka zaba: prosody /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua 
[tushen @ Linuxbox ~] # ls -l /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua 
-rw-r--. 1 tushen prosody 1361 Afrilu 29 10:45 /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua

Muna duba sanyi

[tushen @ Linuxbox ~] # luac -p /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua
[tushen @ Linuxbox ~] #

Takaddun shaida na SSL don amintaccen haɗi

Don haɗawa zuwa sabar Prosody - duka daga cibiyar sadarwar gida da kuma daga Intanit- kuma tabbatar da cewa takardun shaidarka sunyi tafiya cikin ɓoye lafiya, dole ne mu samar da takaddun shaidar SSL - Layer Socket Layer bayyana a cikin fayil ɗin kwastomomi mai ɗauke da tsari /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua:

[tushen @ Linuxbox ~] # cd / sauransu / prosody / certs /

[tushen @ linuxbox ya tabbata] # openssl req -new -x509 -days 365 -nodes \
-out "chat.crt" -newkey rsa: 2048 -keyout "chat.key"
Samar da maɓalli na sirri na 2048 RSA .....+++ ..........+++ rubuta sabon maɓalli na sirri zuwa 'chat.key' ----- Ana gab da tambayar ku shigar da bayanin da za a haɗa cikin buƙatar takardar shaidar ku. Abin da kuke shirin shigar shine abin da ake kira Distinguished Name ko DN. Akwai 'yan filaye kaɗan amma kuna iya barin wasu fanko Ga wasu filayen za a sami ƙimar tsoho, Idan kun shigar da '.', za a bar filin babu komai. -- Sunan Ƙasa (lambar harafi 2) [XX]: CU Jiha ko Sunan Lardi (cikakken suna) []: Sunan yankin Cuba (misali, birni) [Default City]:Havana Organization Name (misali, kamfani) [ Kamfanin Default Ltd]:DesdeLinux.Fan Organizational Unit Name (misali, sashe) []:Masu sha'awa Sunan gama gari (misali, sunanka ko sunan uwar garken ku) []: taɗi.desdelinux.fan Email Address []:buzz@desdelinux.fan

Muna gyara zaɓuɓɓukan daidaitawar duniya

Kawai zamu gyara zaɓuɓɓuka masu zuwa a cikin fayil ɗin /etc/nayiwa / yaduwar.cfg.lua:

[tushen @ linuxbox ya tabbata] # cp /etc/prosody/prosody.cfg.lua \ /etc/prosody/prosody.cfg.lua.original [root @ linuxbox ~] # nano /etc/prosody/prosody.cfg. lua
- Fayil na Tsarin Misalin Tsarin Tsarin - - Za a iya samun bayani game da daidaita Prosody a shafinmu na yanar gizo a http://prosody.im/doc/configure - - Tukwici: Kuna iya duba cewa rubutun wannan fayil ɗin daidai ne - idan kun gama ta gudana: luac -p prosody.cfg.lua - Idan akwai wasu kurakurai, zai sanar da ku abin da kuma inda - su ne, in ba haka ba zai yi shiru. - - Abinda ya rage kawai shine sake sunan wannan fayil don cire ƙarshen .dist, kuma cika - blanks. Sa'a mai kyau, da farin ciki Jabbering! ---------- Saitunan gabaɗaya ---------- - Saituna a cikin wannan ɓangaren sun shafi duka uwar garken kuma sune saitunan tsoho - ga kowane runduna mai kama da - Wannan shi ne (by tsoho, fanko) lissafin asusun admins - na saba. Lura cewa dole ne ku ƙirƙiri asusun daban - (duba http://prosody.im/doc/creating_accounts don bayani) - Misali: admins = {"user1@example.com", "user2@example.net"}
admins = {"buzz@chat.desdelinux.fan", "trancos@chat.desdelinux.fan" }

- Enable amfani da kayan haɓaka don ingantaccen aiki a ƙarƙashin babban nauyi - Don ƙarin bayani duba: http://prosody.im/doc/libevent --use_libevent = gaskiya ne; - Wannan shine jerin matakan Prosody da zai ɗora akan farawa. - Yana neman mod_modulename.lua a cikin fayil ɗin plugins, don haka tabbatar da wanzuwar. - Ana iya samun takardu akan kayan aiki a: http://prosody.im/doc/modules modules_enabled = {- Gabaɗaya ake buƙata "roster"; - Bada masu amfani damar samun aiki. Nagari;) "saslauth"; - Tabbatarwa don abokan ciniki da sabobin. Nagari idan kuna son shiga. "tls"; - Addara tallafi don amintaccen TLS akan haɗin c2s / s2s "bugun kira"; - s2s goyon bayan bugun kira "faifai"; - Gano sabis - Ba mahimmanci ba, amma shawarar "masu zaman kansu"; - Adana XML na sirri (don alamun daki, da sauransu) "vcard"; - Bada masu amfani damar saita vCards - Waɗannan ana yin tsokaci ta tsoho saboda suna da tasirin yin aiki - "sirri"; - Tallafa jeren bayanan sirri - "matsi"; - Matsawar kwarara (Lura: Yana buƙatar shigar da kunshin RPM lua-zlib) - Kyakkyawan samun "sigar"; - Amsawa ga buƙatun sigar uwar garken "lokacin aiki"; - Yi rahoton tsawon lokacin da saba ta ke aiki "lokaci"; - Bari wasu su san lokaci anan kan wannan sabar "ping"; - Amsoshi ga pings na XMPP tare da pongs "pep"; - Yana bawa masu amfani damar wallafa yanayin su, ayyukansu, kunna kida da karin "rajista"; - Bada masu amfani damar yin rajista a kan wannan sabar ta amfani da abokin ciniki kuma canza kalmomin shiga - Maɓallan gudanarwa "admin_adhoc"; - Yana ba da izinin gudanarwa ta hanyar abokin ciniki na XMPP wanda ke tallafawa umarnin ad-hoc - "admin_telnet"; - Yana buɗe keɓaɓɓiyar na'ura mai kwakwalwa ta hanyar sadarwa a tashar jirgin ruwa ta gida 5582 - HTTP kayayyaki
        "bosh"; - Enable abokan BOSH, aka "Jabber kan HTTP"
        - "http_files"; - Yi aiki da fayiloli tsayayyu daga kundin adireshi akan HTTP - Sauran takamaiman aikin "posix"; - Ayyukan POSIX, aika uwar garke zuwa bango, yana bawa syslog, da sauransu. - "kungiyoyi"; - Rarraba jerin gwano - "sanarwa"; - Aika sanarwa ga duk masu amfani da layi - "barka da zuwa"; - Maraba da masu amfani waɗanda ke rajistar asusun - "rajistar kallo"; - Faɗakarwar admins na rajista - "motd"; - Aika sako ga masu amfani lokacin da suka shiga - "legacyauth"; - Ingancin gado. Wasu tsofaffin abokan ciniki da bots ne kawai ke amfani da su. };

bosh_ports = {{tashar jiragen ruwa = 5280; hanya = "http-bind"; dubawa = "127.0.0.1"; }}

rashin aiki_ 60 = XNUMX
- Yi amfani idan yana wakiltar HTTPS-> HTTP a gefen uwar garke
consider_bosh_secure = gaskiya ne
- Bada damar shiga daga rubutun a kowane shafin ba tare da wakili ba (yana buƙatar mai bincike na zamani)
cross_domain_bosh = gaskiya ne

- Waɗannan kayayyaki an ɗora su a atomatik, amma ya kamata ka so - don musaki su sannan ka sanya su cikin damuwa a nan: modules_disabled = {- "offline"; - Adana saƙonnin da ba na layi ba - "c2s"; - Kula da haɗin abokan ciniki - "s2s"; - Haɗa haɗin haɗin sabar-zuwa-uwar garken}; - Kashe ƙirƙirar asusu ta tsohuwa, don tsaro - Don ƙarin bayani duba http://prosody.im/doc/creating_accounts allow_registration = ƙarya; - Waɗannan su ne abubuwan da suka shafi SSL / TLS. Idan ba kwa so - don amfani da SSL / TLS, kuna iya yin tsokaci ko cire wannan ssl = {key = "/etc/pki/prosody/localhost.key"; takardar shaida = "/etc/pki/prosody/localhost.crt"; } - tilasta abokan ciniki suyi amfani da haɗin ɓoye? Wannan zabin zai - hana kwastomomi tantancewa sai dai idan suna amfani da boye-boye.

c2s_require_encryption = gaskiya ne

- certificatearfin takardar shaidar karfi don haɗin uwar garke-zuwa-uwar garken? - Wannan yana samar da cikakken tsaro, amma yana buƙatar sabobin da kuke sadarwa - tare da don tallafawa ɓoyewa da gabatar da ingantattun takardun shaida. - NOTE: Sigar ku ta LuaSec dole ne ta goyi bayan takardar shaidar! - Don ƙarin bayani duba http://prosody.im/doc/s2s#security s2s_secure_auth = ƙarya - Sabis da yawa ba sa goyan bayan ɓoyewa ko kuma ba su da inganci ko sa hannun kansu - takaddun shaida. Kuna iya lissafa yankuna anan waɗanda ba za a buƙata su - gaskata ta amfani da takaddun shaida ba. Za a tabbatar da su ta amfani da DNS. --s2s_insecure_domains = {"gmail.com"} - Ko da ka bar s2s_secure_auth a kashe, har yanzu kana iya buƙatar sahihan - takaddun shaida ga wasu yankuna ta hanyar tantance jerin a nan. --s2s_secure_domains = {"jabber.org"} - Zaɓi bayanan gogewa don amfani. Masu ba da 'ciki' - yi amfani da ingantaccen bayanan Prosody don adana bayanan tabbatarwa. - Don bawa Prosody damar samar da ingantattun hanyoyin tabbatarwa ga kwastomomi, mai bayarda na asali yana adana kalmomin shiga a bayyane. Idan baku amince da sabarku ba don Allah a duba http://prosody.im/doc/modules/mod_auth_internal_hashed - don bayani game da amfani da mara da baya.

- Tantance kalmar sirri = "ciki_plain"
Tantance kalmar sirri = "cyrus"
cyrus_service_name = "xmpp"
cyrus_require_provisioning = karya ne

- Select da ajiya backend don amfani. Ta hanyar tsoho Prosody yana amfani da fayilolin lebur - a cikin bayanan bayanan sa, amma kuma yana tallafawa ƙarin bayanan baya - ta hanyar matakan. An haɗa bayan "sql" ta tsohuwa, amma yana buƙatar - ƙarin dogaro. Duba http://prosody.im/doc/storage don ƙarin bayani. --storage = "sql" - Tsoho ne "na ciki" (Lura: "sql" yana buƙatar shigarwa - lua-dbi RPM kunshin) - Don bayan "sql", zaku iya damuwa * ɗaya * daga cikin ƙasa don daidaitawa: - sql = {driver = "SQLite3", database = "prosody.sqlite"} - Tsoho. 'database' shine sunan filen. --sql = {driver = "MySQL", database = "prosody", sunan mai amfani = "prosody", password = "secret", host = "localhost"} --sql = {driver = "PostgreSQL", database = "proody ", sunan mai amfani =" prosody ", kalmar wucewa =" asiri ", mai masaukin baki =" localhost "} - Sanya saiti - Don yin aikin ci gaba duba http://prosody.im/doc/logging log = {- Shiga duk abin da matakin" bayani " kuma mafi girma (ma'ana, banda saƙonnin "cire kuskure") - to /var/log/prosody/prosody.log kuma kurakurai kuma zuwa /var/log/prosody/prosody.err
    cire kuskure = "/var/log/prosody/prosody.log"; - Canza 'bayani' zuwa 'cire kuskure' don yin amfani da kalmomin verbose
    kuskure = "/var/log/prosody/prosody.err"; - Kuskuren shiga har ila yau don yin fayil - kuskure = "* syslog"; - Kuskuren shiga kuma zuwa syslog - log = "* console"; - Shiga cikin na'urar wasan, mai amfani don gyarawa tare daemonize = ƙarya} - Tsarin POSIX, duba kuma http://prosody.im/doc/modules/mod_posix pidfile = "/run/prosody/prosody.pid"; --daemonize = ƙarya - Tsoho yana da "gaskiya" ------ Additionalarin fayilolin daidaitawa ------ - Don dalilai na ƙungiya ƙila za ku fi son ƙara VirtualHost da - Ma'anar Bangaren a cikin fayilolin saitin nasu. Wannan layin ya hada da - duk fayilolin jeri a cikin /etc/prosody/conf.d/ Hada da "conf.d / *. Cfg.lua"

Gyarawa a cikin tsarin Dnsmasq a cikin Linuxbox

/Etc/dnsmasq.conf fayil

Kawai ƙara ƙimar cname = hira.desdelinux.fan, Linuxbox.desdelinux.fan:

[tushen @ linuxbox ~] # nano /etc/dnsmasq.conf

-------------------------------------------- --------------------------------- # RECORDSCNAMEMXTXT # ----------------------------------- ------------------------------------------------- # Wannan nau'in rajista yana buƙatar wani shigarwa # a cikin /etc/hosts fayil # ex: 192.168.10.5 linuxbox.desdelinux.fan linuxbox # cname=ALIAS, REAL_NAME cname=mail.desdelinux.fan, Linuxbox.desdelinux.fan
cname = hira.desdelinux.fan, Linuxbox.desdelinux.fan
----

[tushen @ linuxbox ~] # sabis dnsmasq sake kunnawa
[tushen @ Linuxbox ~] # sabis dnsmasq matsayi [tushen @ linuxbox ~] # masaukin baki
hira.desdelinux.fan ana kiransa da linuxbox.desdelinux.fan. linuxbox.desdelinux.fan yana da adireshin 192.168.10.5 linuxbox.desdelinux.fan mail ana sarrafa ta 1 mail.desdelinux.fan.

/Etc/resolv.conf fayil

[tushen @ linuxbox ~] # nano /etc/resolv.conf 
search desdelinux.fan nameserver 127.0.0.1 # Don tambayoyin DNS na waje ko na waje desdelinux.fan # gida =/desdelinux.fan/ mai suna 172.16.10.30

Gyare-gyare a cikin DNS na waje a cikin ISP

Mun sadaukar da labarin duka «NSD Server DNS Server + Shorewall - Sadarwar SME»Zuwa ga maudu'in yadda za a bayyana bayanan SRV da suka shafi XMPP don Sabis ɗin Saƙo na Nan take ya fita zuwa Intanet, har ma da cewa sabar Prosody za ta iya tarayya tare da sauran masu jituwa na XMPP da ke kan Gidan yanar gizo.

Mun sake farawa Prosody

[tushen @ linuxbox ~] # sake farawa sabis
Canza hanya zuwa / bin / systemctl sake farawa prosody.service
[tushen @ linuxbox ~] # matsayin mai ba da sabis
Canza madosa zuwa / bin / systemctl status prosody.service ● prosody.service - Prosody XMPP (Jabber) sabar An loda: an ɗora (/usr/lib/systemd/system/prosody.service; an kunna; saiti mai saiti: naƙasasshe) Mai aiki: aiki (gudu) tun Rana 2017-05-07 12:07:54 EDT; Tsarin 8s da suka gabata: 1388 ExecStop = / usr / bin / prosodyctl stop (lambar = fita, status = 0 / SUCCESS) Tsarin aiki: 1390 ExecStart = / usr / bin / prosodyctl fara (lambar = fita, status = 0 / SUCCESS) Babban PID : 1393 (lua) CGroup: /system.slice/prosody.service └─1393 lua /usr/lib64/prosody/../../bin/prosody

[tushen @ linuxbox ~] # wutsiya -f /var/log/prosody/prosody.log

• Yana da lafiya ƙwarai a buɗe sabon na'ura mai kwakwalwa tare da umarnin da ke gudana a baya, da kuma kallon fitowar cire kuskure daga Prosody yayin sake farawa sabis ɗin.

Mun saita Cyrus SASL

[tushen @ linuxbox ~] # nano /etc/sasl2/prosody.conf
pwcheck_method: saslauthd mech_list: PLAIN

[tushen @ linuxbox ~] # sabis saslauthd sake kunnawa
Canza hanya zuwa / bin / systemctl sake kunnawa saslauthd.service
[tushen @ linuxbox ~] # matsayin saslauthd aiki

- Idan ...
[tushen @ linuxbox ~] # sake farawa sabis

Tsarin PAM

[tushen @ Linuxbox ~] # nano /etc/pam.d/xmpp
auth sun hada da password-auth account sun hada da password-auth

Binciken tabbatarwa na PAM

• Don bincika, dole ne mu aiwatar da umarni na gaba daidai kamar yadda aka nuna a ƙasa, tunda game da aiwatar da umarni ne azaman mai amfani da "wadata" kuma ba matsayin mai amfani "tushen" ba:

[root @ linuxbox ~] # sudo -u prosody testsaslauthd -s xmpp -u strides -p strides
0: Yayi "Nasara."

[tushen @ linuxbox ~] # sudo -u wadatar gwajiaslauthd -s xmpp -u legolas -p legolas
0: Yayi "Nasara."

[root @ linuxbox ~] # sudo -u wadataccen gwajiaslauthd -s xmpp -u legolas -p Lengolas
0: A'A "tantancewa ta kasa"

Tsarin tabbatarwa akan masu amfani na gida yana aiki daidai.

Mun gyara FirewallD

Amfani da zane mai amfani «Gidan wuta«, Ga yankin«jama'a»Muna kunna ayyukan:

• xmpp-bosch
• xmpp-abokin ciniki
• xmpp-sabar
• xmpp-na gari

Hakazalika don yankin «external»Muna kunna ayyukan:

• xmpp-abokin ciniki
• xmpp-sabar

Kuma muna bude tashoshin jiragen ruwa tcp 5222 da 5269.

A ƙarshe, muna yin canje-canje a cikin Lokacin zartarwa a Dindindin y Sake shigar da FirewallD.

XMPP abokin ciniki Psi

Don haɗawa zuwa sabon shigarwar Sabis ɗin Saƙon Saƙo na Prosody Instant, za mu iya zaɓar tsakanin manyan kwastomomin da suke wanzu:

• empathy
• Gajim
• Kaduna
• Psi
• Psi Plusari
• Pidgin
• Telepathy
• Wechat

Jerin ya ci gaba. Mun zabi Psi +. Don shigar da shi muna amfani da umarnin da aka fi so a gare shi ko muna yin shi ta hanyar kayan aikin hoto da ke akwai don wannan aikin. Da zarar mun girka, zamu aiwatar dashi, kuma a ƙarshen labarin zamu bada jerin hotunan da muke fatan zasu muku amfani.

Tsaya

• Zamu iya shigar da sabis na Saƙo na Nan take dangane da Prosody don masu amfani da tsarin na cikin gida, da kuma bayarwa tare da ƙirƙirar masu amfani da Prosody na ciki ko wasu nau'ikan ajiyar bayanan shaidan.
• Takaddun shaidar tabbatarwa zasuyi ɓoyayyen tafiya daga abokin harka zuwa sabar, da kuma martani na ƙarshe ga abokin har ila yau.
• Zamu iya shigar da sabis sama da ɗaya bisa tushen ingantaccen gida ta hanyar PAM akan sabar ɗaya.
• Ya zuwa yanzu, uwar garken linuxbox.desdelinux.fan yana ba da sabis na gaba ga Cibiyar Sadarwar SME:
  • Resolution na Domain Names ko DNS.
  • Ynamididdigar haɓaka na adiresoshin IP ko DCHP
  • Sabis ɗin Hanyar Sadarwa ko NTP
  • Adanawa ta hanyar SSH daga abokan cinikin UNIX / Linux, ko ta hanyar WinSCP don abokan cinikin Microsoft Windows.
  • Sabis na Saƙo nan take - Hira. Hakanan ana samun sa daga Intanet.
    
  • Sabis na raba fayil ta hanyar Hirar kanta. Hakanan ana samun sa daga Intanet
  • Sabis na hanyar sadarwa wanda zaku iya saita shi a cikin Prosody.

Kuma duk ayyukan da suka gabata tare da wasu kayan aikin zane don daidaitawar Firewall - FirewallD, da kuma don Mai amfani da Gudanarwar Rukuni na tsarin waɗanda suke da sauƙin amfani idan muna da ilimin asali game da abin da muke son yi.

Muhimmanci

Tabbatar ziyarci URL mai zuwa don samun cikakken bayani game da Prosody: http: //prosody.im.

Har zuwa kashi na gaba!