IM Prosody iyo isticmaaleyaasha maxalliga ah - Shabakadaha PYMES

Tusmada guud ee taxanaha: Shabakadaha Kombuyuutarka ee loogu talagalay SMEs: Hordhac

Maqaalkani waa sii wadida:

Waad salaaman tihiin asxaabta iyo asxaabta!

Waxaan sii wadeynaa inaan ku darno adeegyo shabakad ku saleysan aqoonsiga isticmaale maxalli ah adeegaha kooxda yar. Xamaasad Software Bilaash ah, gaar ahaan CentOS.

Xaaladihii shaqo ee kooxdu si wanaagsan ayey isu beddeleen. Waxay hadda xarun ahaan leeyihiin guri seddex dabaq leh oo leh dabaq hoose waxayna u baahan yihiin inay hirgeliyaan farriin fariin deg deg ah iyo wareejinta feylka ee u dhexeeya xarumaha shaqada, si loo yareeyo dhibaatada ku saabsan kor u kaca iyo jaranjarooyinka ama socod badan. ;-). Tan awgeed waxay soo jeedinayaan in loo isticmaalo barnaamijka Daawasho.

Waxay go'aansadeen inay daabacaan adeegga Wadahadalka Internetka oo kaliya kuwa Xamaasadda leh, waxayna qorsheynayaan inay ku xiraan farriintooda fariimaha degdegga ah iyo kuwa kale ee isku xira XMPP ee ku yaal Shabakadaha Shabakadaha. Tan awgeed waxay ku iibsadeen magaca domainka fromlinux.fan illaa iyo hadda cinwaanka IP-ga ee la xiriira magacaas waxaa maamula shirkadda bixisa marinkaaga internetka.

Wadahadalka iyada oo loo marayo adeegga Prosody wuxuu u oggolaanayaa iyaga inay isdhaafsadaan farriimaha degdegga ah, wareejinta feylasha, sameystaan ​​shirar cod iyo muuqaal ah, iyo inbadan.

Waa maxay Prosody Instant Messenger?

Daawasho waa server isgaarsiineed casri ah oo ku saleysan hab maamuuska XMPP. Waxaa loogu talagalay rakibidda iyo qaabeynta fudud, iyo maaraynta hufan ee kheyraadka nidaamka. Prosody waa barnaamij Furan - Isha Furan ee lagu abuuray rukhsadda oggolaanshaha MIT / X11.

XMPP waa bedel aan ahayn ganacsi si loo bixiyo adeegyo fariin deg deg ah. Waxaa lagu hirgelin karaa jawi ganacsi wax soo saar, shabakad qoys, shabakad xaafad gaar loo leeyahay, iyo wixii la mid ah. Waxay taageertaa barnaamijyo badan oo macaamiil macaamiisha ah oo loogu talagalay desktop-ka iyo barnaamijyada moobiilka. Iyada oo loo marayo XMPP adeegan ayaa lagu siin karaa qalab kasta.

Intaa waxaa sii dheer, way awoodaan isku xidhka dhowr rakibid ah oo Prosody ah iyo adeegyo kale oo la jaan qaadaya borotokoolka XMPP, oo sameeya shabakad fariin ah oo aan guud ahaan ku xakameyn doonno farriinta iyo faylalka galka ee ku dhici doona hab gebi ahaanba ammaan ah.

Hubsiimo iyo xaqiijin ka dhan ah isticmaaleyaasha maxalliga ah

en el Khariidadda Goobta ee Prosody IM waxaan helnay iskuxirka bogga Bixiyeyaasha Xaqiijinta, kaas oo sheegaya in nooca 0.8 ee Prosody, bixiyeyaasha aqoonsi ee kala duwan lagu taageerayo plugins. Waxaad isticmaali kartaa darawallada software ka dhex dhisan, ama waxaad la midoobi kartaa xaqiijinta dhinac saddexaad iyo bixiyeyaasha kaydinta adoo adeegsanaya oo isdiyaari,.

Bixiyeyaasha xaqiijinta ee aan shaqaaleysiin karno

Tilmaanta Magaca -------------- ---------------------------------- --------------------
qeexitaan gudaha ah   Xaqiijinta asalka ah Furaha sirta qoraalka ah ayaa lagu kaydiyaa iyadoo la adeegsanayo keyd lagu dhex dhisay.

gudaha_lagulatay  Furaha sirta ah ee lagu duugay algorithm-ka gudaha ayaa lagu kaydiyaa iyadoo la adeegsanayo keyd lagu dhex dhisay.

cyrus       Isdhexgalka Cyrus SASL (LDAP, PAM,...)

si qarsoodi ah    Habka xaqiijinta iyadoo la adeegsanayo SASL 'ANONYMOUS' oo leh adeegsi aan rasmi ahayn oo aan u baahnayn aqoonsiga aqoonsiga.

XMPP waxay u isticmaashaa borotokoolka nidaamka hubinta fudud ee Lakabka Sugan - Stusaale Axaqiijinta iyo Sdaawo LShalay (SASL), si loo xaqiijiyo aqoonsiga macaamiisha. Prosody wuxuu ku darayaa maktabadda SASL taas oo markii ugu horreysa xaqiijineysa aqoonsiyada ka soo baxa xisaabaadka jira ee ku jira keydkiisa.

Laga soo bilaabo nooca 0.7 ee Prosody, bixiyaha dibedda ayaa la taageerayaa Cyrus SALS kaas oo xaqiijin kara aqoonsiyada ay bixiyeyaasha dibaddu ka soo horjeedaan ilo kale sida: PAM, LDAP, SQL iyo kuwa kale. Waxa kale oo ay u ogolaataa isticmaalka GSSAPI Adeegyada Hal-ku-Bixitaanka - Adeegyada Gelitaanka Hal Keli ah.

Maqaalkan ku saabsan Prosody, si looga gaaro xaqiijin ka dhan ah isticmaaleyaasha maxalliga ah iyada oo loo marayo PAM, waxaan u adeegsan doonnaa bixiyeha xaqiijinta «cyrus»Waxaa bixiyay xirmada«cirus-sasl»Taasina waxay la shaqeysaa sheyga salaad.

cyrus-sasl iyo saslauthd

[xididka @ linuxbox ~] # yum ku rakib cyrus-sasl

The saslauthd daemon horay ayaa loo rakibay

[xididka @ linuxbox ~] # getsebool -a | grep saslauthd
saslauthd_read_shadow -> off

[xididka @ linuxbox ~] # setsebool saslauthd_read_shadow on
[xididka @ linuxbox ~] # getsebool -a | grep saslauthd
saslauthd_read_shadow -> on

[xididka @ linuxbox ~] # systemctl status saslauthd
● saslauthd.service - daemon xaqiijinta SASL. Xamuus: xamuul (/usr/lib/systemd/system/saslauthd.service; naafo ah; iibiyaha horena uleeyahay: naafo ah) Firfircoon: firfircoonayn (dhintay)

[xididka @ Linux_ ~] # systemctl oo awood u siinaya saslauthd
Waxaa laga sameeyay iskuxir / /etc/systemd/system/multi-user.target.wants/saslauthd.service to /usr/lib/systemd/system/saslauthd.service.

[xididka @ linuxbox ~] # systemctl bilaw saslauthd
[xididka @ linuxbox ~] # systemctl status saslauthd
● saslauthd.service - SASL xaqiijinta daemon. Rarid: raran (/usr/lib/systemd/system/saslauthd.service; karti leh; iibiyaha horay loo sii qorsheeyay: naafo ah) Firfircoon: firfircoon (socda) tan iyo Sab 2017-04-29 10:31:20 EDT; 2s kahor Geedi socodka: 1678 ExecStart = / usr / sbin / saslauthd -m $ SOCKETDIR -a $ MECH $ CALANADA (koodhka = kabaxay, status = 0 / SUCCESS) Main PID: 1679 (saslauthd) CGroup: /system.slice/saslauthd adeegga ├─1679 / usr / sbin / saslauthd -m / run / saslauthd -a pam ├─1680 / usr / sbin / saslauthd -m / run / saslauthd -a pam ├─1681 / usr / sbin / saslauthd -m / run / saslauthd -a pam ├─1682 / usr / sbin / saslauthd -m / run / saslauthd -a pam └─1683 / usr / sbin / saslauthd -m / run / saslauthd -a pam

Prosody iyo lua-cyrussasl

[xididka @ linuxbox ~] # yum rakibi prosody
---- Ku-tiirsanaanta la xalliyey ========================================== == ================================== Nakhshadda Nooca Dhismaha Qalabka Cabbirka Xajmiga ========= == ============================================== === ================== Ku rakibida: prosody x86_64 0.9.12-1.el7 Epel-Repo 249 k Ku rakibida ku-tiirsanaanta: lua-expat x86_64 1.3.0- 4.el7 Epel -Repo 32 k lua-filesystem x86_64 1.6.2-2.el7 Epel-Repo 28 k lua-sec x86_64 0.5-4.el7 Epel-Repo 31 k lua-socket x86_64 3.0-0.10.rc1.el7 Epel -Repo 176k Macaamil Soo Koobid ====================================== ================== Ku rakib 1 Xirmo (+ 4 Xidhmooyinka Ku Xidhnaanta) --- -

[xididka @ linuxbox ~] # getsebool -a | salaax prosody
prosody_bind_http_port -> off
[xididka @ linuxbox ~] # setsebool prosody_bind_http_port on
[xididka @ linuxbox ~] # getsebool -a | salaax prosody
prosody_bind_http_port -> on

[xididka @ linuxbox ~] # systemctl oo awood u siiya in loo isticmaalo
Summad laga sameeyay /etc/systemd/system/multi-user.target.wants/prosody.service to /usr/lib/systemd/system/prosody.service. [root @ linuxbox ~] # systemctl status prosody ● prosody.service - Server Prosody XMPP (Jabber) Load: xamuul ah (/usr/lib/systemd/system/prosody.service; karti u leh; iibiyaha horay loo sii qorsheeyay: naafo ah) Firfircoon: firfircoon (dhintay) )

[xididka @ linuxbox ~] # systemctl bilaw inaad soo bandhigto
[xididka @ linuxbox ~] # systemctl status prosody
Prosody.service - Prosody XMPP (Jabber) server Loaded: raran (/usr/lib/systemd/system/prosody.service; karti u leh; iibiyaha horay loo sii qorsheeyay: naafo yahay) Firfircoon: firfircoon (socda) ilaa Sab 2017-04-29 10:35:07 EDT; 2s kahor Geeddi-socod: 1753 ExecStart = / usr / bin / prosodyctl start (code = exited, status = 0 / SUCCESS) Main PID: 1756 (lua) CGroup: /system.slice/prosody.service └─1756 lua / usr / lib64 / dhiig-shuban /..///biin/badiyo

[xididka @ linuxbox ~] # dabada /var/log/prosody/prosody.log
Abriil 29 10: 35: 06 faahfaahin guud Guud ahaan waad salaaman tihiin kuna soo dhowow nooca Prosody 0.9.12 Abriil 29 10:35:06 guud ahaan faahfaahinta guud Prosody wuxuu adeegsanayaa dib-u-xulasho dib-u-xallin ah Apr 29 10: 35: 06 Macluumaadka xawilaadaha 'S2s' on [::]: 5269, [*]: 5269 Apr 29 10:35:06 info portmanager info Adeegsi hawlgal ah 'c2s' on [::]: 5222, [*]: 5222 Apr 29 10:35:06 faahfaahinta xayeysiinta firfircoon adeegga 'legacy_ssl' oo aan lahayn dekedo Apr 29 10: 35: 06 mod_posix info Prosody wuxuu qarka u saaran yahay inuu ka baxo qunsulka, isaga oo curyaaminaya wax soo saar qunsuliyadeed oo dheeri ah Apr 29 10: 35: 06 mod_posix info Si guul leh loogu darey PID 1756

[xididka @ Linux_ ~] # yum ku rakib lua-cyrussasl

Waxaan ka abuureynaa hoyga martida "chat.desdelinux.fan" oo ka socda "example.com" oo rakibaysa Prosody

[xididka @ Linux_ ~] # cp /etc/prosody/conf.d/example.com.cfg.lua \
/etc/prosody/conf.d/chat.fromlinux.fan.cfg.lua

[xidid @ linuxbox ~] # nano /etc/prosody/conf.d/chat.laga bilaabo Linux.fan.cfg.lua
- Qeybta loogu talagalay wada sheekaysiga VirtualHost

VirtualHost "chat.desdelinux.fan"

- U qoondee martigeliyahaan shahaado TLS, haddii kale waxay u adeegsan doontaa midka - loo dejiyey qaybta caalamiga ah (haddii ay jirto). - Ogsoonow in qaabkii hore ee SSL ee dekedda 5223 kaliya ay taageerto hal shahaado, - mar walbana wuxuu isticmaali doonaa midka caalamiga ah.
        ssl = {
                 fure = "/etc/pki/prosody/chat.key";
                shahaadada = "/etc/pki/prosody/chat.crt";
        }

------ Qeybaha ---- - Waxaad qeexi kartaa qaybaha si aad ugu darto marti-geliyeyaasha bixiya adeegyada gaarka ah, - sida shirarka isticmaalayaasha badan, iyo gaadiidka. - Wixii macluumaad dheeraad ah ee ku saabsan qaybaha, ka eeg http://prosody.im/doc/components --- U samee serverka qolka MUC (wada-hadallo badan-isticmaalayaal ah) oo ku yaal conference.chat.desdelinux.fan:
Qeybta "conference.chat.desdelinux.fan" "muc"
magaca = "Xamaasadda" - WAA MAGACA QOLKA SHIRKA LAGU SOO BADBAADINAYO - Goormaad qolka ku biiraysaa
restrict_room_creation = run

- Samee wakiil SOCKS5 bytestream wakiil ah oo loogu talagalay wareejinta faylka server-ka: - Qaybta "proxy.chat" "proxy65" --- Samee qayb ka baxsan (dekedda qaybta caadiga ah waa 5347) - - Qaybaha dibedda u oggolaanaya in lagu daro adeegyo kala duwan, sida sida albaabbada / - loo raro shabakadaha kale sida ICQ, MSN iyo Yahoo. Faahfaahin dheeraad ah - eeg: http://prosody.im/doc/components#adding_an_external_component - --Component "gateway.chat" - component_secret = "password"

sugitaan = "cyrus"
cyrus_service_name = "xmpp"
cyrus_require_provisioning = been
cyrus_application_name = "prosody"
cyrus_server_fqdn = "chat.fromlinux.fan"

Waxaan hagaajineynaa kooxda leh feylka /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua

[xididka @ linuxbox ~] # ls -l /etc/prosody/conf.d/chat.laga bilaabo Linux.fan.cfg.lua 
-rw-r -----. 1 xididka xididka 1361 Apr 29 10:45 /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua

[xididka @ linuxbox ~] # xididka la jarjaray: prosody /etc/prosody/conf.d/chat.laga bilaabo Linux.fan.cfg.lua 
[xididka @ linuxbox ~] # ls -l /etc/prosody/conf.d/chat.laga bilaabo Linux.fan.cfg.lua 
-rw-r -----. 1 xididka prosody 1361 Apr 29 10:45 /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua

Waxaan hubineynaa qaabeynta

[xididka @ Linux_ ~] # luac -p /etc/prosody/conf.d/chat.laga bilaabo Linux.fan.cfg.lua
[xididka @ Linux_ ~] #

Shahaadooyinka SSL ee isku xirnaanta aaminka ah

Si loogu xiro server-ka Prosody - oo labadaba laga helo shabakada maxalliga ah iyo internetka - lana hubiyo in aqoonsiyadu ay si ammaan ah ugu safraan, waa inaan soo saarnaa shahaadooyinka SSL - Lakabka Amniga lagu caddeeyay feylka qaabeynta qaabeynta martigeliyaha /etc/prosody/conf.d/chat.fromlinux.fan.cfg.lua:

[xididka @ linuxbox ~] # cd / iwm / prosody / certs /

[root @ linuxbox cadeynaya] # openssl req -new -x509 -days 365 -nodes \
-out "chat.crt" -newkey rsa: 2048 -keyout "chat.key"
Abuurista fure gaar ah oo 2048 ah oo RSA ah ..... +++ .......... +++ qorista fure gaar ah oo cusub 'chat.key' ----- Waxaa lagaa codsan doonaa inaad geli macluumaadka lagu dari doono codsigaaga shahaadada. Waxa aad gali doontid waa waxa loogu yeero Magac Sharaf leh ama DN. Waxaa jira dhowr goobood laakiin waad ka tagi kartaa xoogaa bannaan Meelaha qaar waxaa ku jiri doona qiime caadi ah, haddii aad gasho '.', Goobta ayaa laga tagi doonaa iyadoo maran. ----- Magaca Wadanka (2 lambar xarfo) [XX]: CU State ama Magaca Gobolka (magac buuxa) []: Magaca Deegaanka Cuba (tusaale, magaalo) [Default City]: Magaca Ururka Habana (tusaale, shirkad) [ Shirkadda Default Ltd]: FromLinux.Fan Magaca Cutubka Abaabulka (tusaale ahaan, qaybta) []: Xamaasadda Magaca Guud (tusaale, magacaaga ama magacaaga martigeliyaha ee server-ka) []: chat.desdelinux.fan Cinwaanka Emailka []: buzz@desdelinux.fan

Waxaan wax ka bedelnaa xulashooyinka qaabeynta adduunka

Kaliya waanu tafatiri doonaa fursadaha soo socda ee faylka ku jira /etc/prosody/prosody.cfg.lua:

[xididka @ linuxbox ayaa xaqiijinaya] # cp /etc/prosody/prosody.cfg.lua \ /etc/prosody/prosody.cfg.lua.original [xididka @ linuxbox ~] # nano /etc/prosody/prosody.cfg. lua
- Faylka isku duwidda Tusaalaha Tusaalaha - - Macluumaadka ku saabsan qaabeynta Prosody waxaa laga heli karaa websaytkayaga oo ah http://prosody.im/doc/configure - - Talo: Waxaad iska hubin kartaa in qaabeynta faylkani ay sax tahay - marka aad dhammayso adigoo ordaya: luac -p prosody.cfg.lua - Haddii ay jiraan wax khaladaad ah, waxay kuu sheegi doontaa waxa iyo meesha - ay yihiin, haddii kale way aamusi doontaa - - Waxa kaliya ee haray in la sameeyo ayaa ah in magaca faylalka la beddelo si meesha looga saaro dhammaadka .dist, oo la buuxiyo - meelaha banaan. Nasiib wacan, iyo farxad Jabbering! ---------- Dejinta adeegaha oo dhan ---------- - Dejinta qaybtan waxay khuseysaa serverka oo dhan waana goobaha caadiga ah - ee martigaliyaal kasta oo dalwad leh - Tani waa (by default, madhan) liiska koontooyinka maamulku yahay - ee serverka. Xusuusnow waa inaad si gooni gooni ah u sameysid koontooyinka - (eeg http://prosody.im/doc/creating_accounts wixii macluumaad ah) - Tusaale: admins = {"user1@example.com", "user2@example.net"}
maamullada = {"buzz@chat.desdelinux.fan", "trancos@chat.desdelinux.fan"}

- Awood u yeelo isticmaalka xayeysiinta waxqabadka wanaagsan ee culeyska sarreeya - Wixii macluumaad dheeraad ah eeg: http://prosody.im/doc/libevent --use_libevent = run; - Tani waa liiska qaybaha Prosody uu ku shuban doono bilowga. - Waxay u egtahay mod_modulename.lua galka plugins-ka, markaa hubi inay taasi jirto sidoo kale. - Dukumiintiyada ku saabsan modules waxaa laga heli karaa: http://prosody.im/doc/modules modules_enabled = {- Guud ahaan loo baahan yahay "liiska"; - U oggolow isticmaaleyaasha in ay liis garayn yeeshaan. Lagu taliyay;) "saslauth"; - Hubinta macaamiisha iyo server-yada. Lagu taliyay haddii aad rabto inaad gasho. "tls"; - Ku dar taageerada TLS-ka aaminka ah isku xirka c2s / s2s "dialback"; - s2s taageerada dialback "disk"; - Soo helid adeeg - Maaha muhiim, laakiin waxaa lagula taliyay "gaar"; - Kaydinta XML ee gaarka loo leeyahay (calaamadaha qolka, iwm) "vcard"; - U oggolow isticmaaleyaasha inay dejiyaan vCards - Kuwani waxaa looga faaloodaa asal ahaan maadaama ay leeyihiin saameyn waxqabad - "asturnaan"; - Taageer liisaska asturnaanta - "riixitaan"; - Cadaadiska qulqulka (Xusuusin: Waxay ubaahantahay xirmo lua-zlib RPM rakibay) - Waa hagaag in la helo "nooca"; - Kajawaabida codsiyada nooca serverka "waqtigiisa"; - Ka warbixi inta serverka uu "waqti" shaqeynayay; - Ogeysii kuwa kale inay ogaadaan waqtiga halkan ku yaal adeeggan "ping"; - Jawaabaha pings XMPP leh pongs "pep"; - Waxay awood u siineysaa dadka isticmaala inay daabacaan xaaladdooda, dhaqdhaqaaqooda, muusig garaacid iyo wax badan oo "diiwaangelin" ah; - U oggolow isticmaalayaasha inay iska diiwaangeliyaan adeeggan iyagoo adeegsanaya macmiil isla markaana beddelaya furaha sirta ah - Isdhexgalka maamulka "admin_adhoc"; - Waxay u oggolaaneysaa maamulka iyada oo loo marayo macmiil XMPP ah oo taageera amarada ad-hoc - "admin_telnet"; - Wuxuu ka furmaa isgaarsiinta telnet konsol dekedda maxalliga ah 5582 - modules HTTP
        "bosh"; - Sahlo macaamiisha BOSH, aka "Jabber over HTTP"
        - "http_files"; - Ku kaydi faylasha ma guurtada ah buugga HTTP - Waxqabadka kale ee gaarka ah "posix" - Waxqabadka POSIX, wuxuu u diraa server asalka, wuxuu awood u siiyaa syslog, iwm. - "kooxo"; - Taageero qoraal ah oo la wadaago - "ku dhawaaq"; - U dir ogeysiis dhammaan isticmaaleyaasha internetka - "soo dhawow"; - Soo dhawow isticmaalayaasha diiwaangeliya xisaabaadka - "diiwaangelinta daawashada"; - Ogeysiis maamullada diiwaangelinta - "motd"; - U dir farriin isticmaaleyaasha markay soo galayaan - "legacyauth"; - Aqoonsiga dhaxalka. Kaliya waxaa isticmaala qaar ka mid ah macaamiisha duugga ah iyo bots. };

bosh_ports = {{dekedda = 5280; dariiqa = "http-bind"; interface = "127.0.0.1"; }}

firfircooni la'aan = 60
- U isticmaal haddii aad u baahan tahay HTTPS-> HTTP dhinaca adeegga
tixgelin_bosh_secure = run
- U oggolow marinka qoraallada bog kasta oo aan wakiil lahayn (waxay u baahan tahay biraawsar casri ah)
cross_domain_bosh = run

- Qaybtani waa otomaatig ku raran yihiin, laakiin waa inaad rabto - inaad naafo ka dhigto ka dibna halkan ku soo koob: modules_disabled = {- "offline"; - Keydso farriimaha qad la'aanta - "c2s"; - Qabso isku xirnaanta macmiilka - "s2s"; - Qabso isku xirnaanta server-to-server}; - Ka jooji sameynta koontada asal ahaan, amniga - Wixii macluumaad dheeraad ah eeg http://prosody.im/doc/creating_accounts allow_registration = been; - Kuwani waa goobaha la xiriira SSL / TLS. Haddii aadan rabin - inaad isticmaasho SSL / TLS, waad faallo ka bixin kartaa ama ka saari kartaa ssl = {key = "/etc/pki/prosody/localhost.key"; shahaadada = "/etc/pki/prosody/localhost.crt"; } - Ma ku khasbaysaa macaamiisha inay isticmaalaan xiriirro qarsoodi ah? Ikhtiyaarkan ayaa - ka hor istaagi doona macaamiisha inay xaqiijiyaan ilaa ay isticmaalayaan sirta.

c2s_require_encryption = run

- Xaqiijinta shahaadada ee iskuxirka server-to-server? - Tani waxay bixisaa nabadgelyo ku habboon, laakiin waxay u baahan tahay adeegaha aad la xiriirto - si ay u taageerto sirta iyo soo bandhigida shahaadooyin ansax ah, oo lagu kalsoon yahay. - XUSUUS: Noocaaga LuaSec waa inuu taageeraa xaqiijinta shahaadada! - Wixii macluumaad dheeri ah ka eeg http://prosody.im/doc/s2s#security s2s_secure_auth = been - Adeegyo badan oo ka mid ahi ma taageeraan qarinta ama ma laha shahaadooyin aan ansax ahayn ama is-saxeexan. Waxaad ku qori kartaa cinwaanada halkan aan looga baahneyn - xaqiijin adoo isticmaalaya shahaadooyin. Waxaa lagu xaqiijin doonaa iyadoo la adeegsanayo DNS. --s2s_insecure_domains = {"gmail.com"} - Xitaa haddii aad ka tagto s2s_secure_auth oo naafo ah, weli waxaad u baahan kartaa ansax - shahaadooyin qaar ka mid ah boggaga adoo ku qoraya liistada halkan. --s2s_secure_domains = {"jabber.org"} - Xulo gadaal sugida si aad u isticmaasho. Bixiyeyaasha 'gudaha' - waxay u adeegsadaan keydinta xogta loo habeeyay Prosody si ay u kaydiso xogta sugida. - Si loogu oggolaado Prosody inuu u soo bandhigo macaamiisha habab aqoonsi oo aamin ah, bixiyaha asalka u ah wuxuu keydiyaa furaha sirta ah ee la socda. Haddii aadan ku kalsoonayn - serverkaaga fadlan eeg http://prosody.im/doc/modules/mod_auth_internal_hashed - wixii macluumaad ah ee ku saabsan adeegsiga dhabarka dambe ee degdegga ah.

- sugitaan = "gudaha_plain"
sugitaan = "cyrus"
cyrus_service_name = "xmpp"
cyrus_require_provisioning = been

- Xulo backend kaydinta si aad u isticmaasho. Markii hore Prosody wuxuu adeegsadaa feylal fidsan - galka xogta ee la qaabeeyey, laakiin sidoo kale waxay taageertaa gadaal dambe - iyada oo loo marayo modules. Daminta "sql" waxaa lagu soo daray qaab ahaan, laakiin waxay u baahan tahay - ku-tiirsanaan dheeri ah. Eeg http://prosody.im/doc/storage si aad u hesho macluumaad dheeraad ah. --storage = "sql" - Default waa "gudaha" (Fiiro gaar ah: "sql" waxay u baahan tahay rakib - lua-dbi RPM pack) - "back" sjl, waad ka xumaan kartaa * mid * ka mid ah kuwa hoose si aad u qaabeyso: - sql = {driver = "SQLite3", database = "prosody.sqlite"} - Default. 'database' waa magaca faylka. --sql = {driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost"} --sql = {driver = "PostgreSQL", database = "prosody" ", username =" prosody ", password =" secret ", host =" localhost "} - Conflication Logging - For logging advanced see http://prosody.im/doc/logging log = {- Diiwaangeli wax kasta oo heerka ah" info " iyo ka sareeya (taasi waa, dhammaan marka laga reebo "farriimaha" farriimaha) - to /var/log/prosody/prosody.log iyo khaladaadka sidoo kale /var/log/prosody/prosody.err
    debug = "/var/log/prosody/prosody.log"; - Ku beddel 'info' oo 'u qax' wixii loo yaqaan 'verbose logging'
    qalad = "/var/log/prosody/prosody.err"; - Gal khaladaadka sidoo kale in la xareeyo - error = "* syslog"; - Gal khaladaadka sidoo kale syslog - log = "* console"; - Soo gal qunsulka, oo waxtar u leh khaladka la daemonize = been ah} - qaabeynta POSIX, eeg sidoo kale http://prosody.im/doc/modules/mod_posix pidfile = "/run/prosody/prosody.pid"; --daemonize = been - Default waa "run" ------ Faylal dheeri ah oo iskudhaf ah ------ - Ujeeddooyin abaabul ahaan waxaad doorbidi kartaa inaad kudarto VirtualHost iyo - Qeexitaanka Qeybaha feylasha iskudhafka. Khadkan waxaa ka mid ah - dhammaan faylasha isku xirnaanta ee /etc/prosody/conf.d/ Ku dar "conf.d / *. Cfg.lua"

Wax ka beddelka qaabeynta Dnsmasq ee linuxbox

Faylka /Etc/dnsmasq.conf

Kaliya ku dar qiimaha cname = chat.fromlinux.fan, linuxbox.fromlinux.fan:

[xididka @ linuxbox ~] # nano /etc/dnsmasq.conf
----- # ---------------------------------------------------- ---------------------- # DIIWAANGELINTAXUKUMMXTXT # -------------------- ------------------------------------------ # Diiwaangelinta noocan ahi waxay u baahan tahay gelitaanka # ee faylka / iwm / martida loo yahay # ex: 192.168.10.5 linuxbox.fromlinux.fan linuxbox # cname = ALIAS, REAL_NAME cname = mail.fromlinux.fan, linuxbox.fromlinux.fan
cname = chat.fromlinux.fan, linuxbox.fromlinux.fan
----

[root @ linuxbox ~] # adeeg dnsmasq dib u bilaw
[xididka @ linuxbox ~] # adeegga dnsmasq xaaladdiisa [xididka @ linuxbox ~] # wada sheekaysiga martigeliyaha
chat.desdelinux.fan waa magac u gaar ah linuxbox.desdelinux.fan. linuxbox.desdelinux.fan wuxuu leeyahay cinwaan 192.168.10.5 linuxbox.desdelinux.fan mail waxaa gacanta ku haya 1 mail.desdelinux.fan.

Faylka /Etc/resolv.conf

[xididka @ linuxbox ~] # nano /etc/resolv.conf 
raadi desdelinux.fan magac bixiyaha 127.0.0.1 # Wixii su'aalo DNS ah oo bannaanka ama aan ahayn domain # desdelinux.fan # local = / desdelinux.fan / nameserver 172.16.10.30

Wax ka beddelka DNS-ka dibedda ee ISP

Waxaan u hibeynay maqaalka oo dhan «NSD Server Server DNS + Shorewall - Shabakadaha SME»Mawduuca ku saabsan sida loogu dhawaaqo diiwaanada SRV ee la xiriira XMPP si adeegga fariimaha degdega ah ay ugu baxaan internetka, iyo xitaa in server-ka Prosody uu ula midoobo inta kale ee la jaan qaada XMPP server ee ka jira Webka.

Waxaan dib u bilaabi doonaa Prosody

[xididka @ linuxbox ~] # adeeg dib u bilaabid prosody
U hagida dhanka / bin / systemctl dib u bilaabi prosody.service
[xididka @ linuxbox ~] # Xaaladda adeegga
U jihaynta / bin / systemctl status prosody.service ● prosody.service - Server Prosody XMPP (Jabber) Loaded: raran (/usr/lib/systemd/system/prosody.service; karti leh; iibiyaha horay loo sii qorsheeyay: naafo yahay) Firfircoon: firfircoon (socda) ilaa Sun 2017-05-07 12:07:54 EDT; 8s kahor Hannaanka: 1388 ExecStop = / usr / bin / prosodyctl stop (koodh = kabax, xaalad = 0 / SUCCESS) Habka: 1390 ExecStart = / usr / bin / prosodyctl bilowga (koodh = kabax, xaalad = 0 / GUUL) Main PID : 1393 (lua) CGroup: /system.slice/prosody.service └─1393 lua /usr/lib64/prosody/../../bin/prosody

[xididka @ linuxbox ~] # dabada -f /var/log/prosody/prosody.log
  • Waa wax aad u caafimaad badan in la furo qunsuliyad cusub oo amarkii hore uu socdo, lana daawado wax soo saarka khaldan ee ka socda Prosody inta adeeggu dib u bilaabmayo.

Waxaan u qaabeyneynaa Cyrus SASL

[xidid @ linuxbox ~] # nano /etc/sasl2/prosody.conf
pwcheck_method: saslauthd mech_list: PLAIN

[xididka @ linuxbox ~] # adeeg saslauthd dib u bilaw
U hagida dhanka / bin / systemctl dib u bilaabi saslauthd.service
[xididka @ Linux_ ~] # adeegga xaaladda saslauthd

- Haddii ...
[xididka @ linuxbox ~] # adeeg dib u bilaabid prosody

Qaabeynta PAM

[xididka @ linuxbox ~] # nano /etc/pam.d/xmpp
auth waxaa ka mid ah koontada sirta-auth ay ku jiraan lambarka sirta-auth

Hubinta xaqiijinta PAM

  • Si loo hubiyo, waa inaan fulinnaa amarka soo socda sida saxda ah ee hoos ku xusan, maadaama ay ku saabsan tahay fulinta amar sida isticmaalaha "prosody" oo aan ahayn "isticmaalaha" xididka:
[root @ linuxbox ~] # sudo -u prosody testsaslauthd -s xmpp -u strides -p strides
0: OK "Guul."

[xididka @ linuxbox ~] # sudo -u prosody testsaslauthd -s xmpp -u legolas -p legolas
0: OK "Guul."

[xididka @ Linux_ ~] # sudo -u prosody testsaslauthd -s xmpp -u legolas -p Lengolas
0: MAYA "xaqiijintii way fashilantay"

Nidaamka xaqiijinta ee ka dhanka ah isticmaaleyaasha maxalliga ah wuxuu u shaqeeyaa si sax ah.

Waxaan wax ka badalnay FirewallD

Adeegsiga aaladda garaafka «Dabka«, Aaggadadweynaha»Waxaan dhaqaajineynaa adeegyada:

  • xmpp-bosch
  • xmpp-macmiil
  • xmpp-server
  • xmpp-maxalli ah

Sidoo kale aagga «external»Waxaan dhaqaajineynaa adeegyada:

  • xmpp-macmiil
  • xmpp-server

Annaguna waanu furaynaa dekadaha tcp 5222 iyo 5269

Ugu dambeyntii, waxaan ku sameynaa isbedel Waqtiga fulinta a Joogto ah y dib u cusbooneysii FirewallD.

XMPP Macmiilka Psi

Si aad ula xiriirto server-ka fariimaha degdega ah ee Prosody Instant Messaging, waxaan kala dooran karnaa macaamiisha kala duwan ee jira:

  • Faham
  • Gajim
  • Qadu
  • Psi
  • psi lagu daray
  • Pidgin
  • Telepathy
  • Weechat

Liisku wuu socdaa. Waxaan dooranay Psi +. Si loo rakibo waxaan u isticmaalnaa amarka la door bidaa ama waxaan ku sameynaa qalabka garaafka ee loo heli karo hawshaas. Marka la rakibo, waan fulinaa, dhamaadka maqaalka waxaan ku siineynaa sawirro taxane ah oo aan rajeyneyno inay waxtar kuu yeelan doonaan.

Resumen

  • Waxaan ku rakibi karnaa adeegga Fariimaha Degdegga ah oo ku saleysan Prosody ee loogu talagalay dadka isticmaala maxalliga ah ee nidaamka, oo waxaan ku bixin karnaa abuuritaanka isticmaaleyaasha gudaha Prosody ama noocyada kale ee aqoonsiga keydka aqoonsiga.
  • Aqoonsiga aqoonsigu wuxuu u socdaalayaa si qarsoodi ah macmiilka ilaa serverka, iyo jawaabaha dambe ee macmiilka sidoo kale.
  • Waxaan ku rakibi karnaa wax ka badan hal adeeg oo ku saleysan xaqiijinta maxalliga ah iyada oo loo marayo PAM hal adeeg.
  • Ilaa hadda, serverka linuxbox.fromlinux.fan waxay siisaa adeegyadan soo socda Shabakada SME:
    • Xallinta Magaca Magacyada ama DNS.
    • Qoondaynta firfircoon ee cinwaanada IP ama DCHP
    • Adeegga Waqtiga Shabakadda ama NTP
    • Kaydinta iyada oo loo marayo SSH macaamiisha UNIX / Linux, ama iyada oo loo marayo WinSCP macaamiisha Microsoft Windows.
    • Adeegga Fariimaha degdega ah - Wadahadal. Sidoo kale waxaad ka heli kartaa internetka.
    • Adeegga wadaaga faylka iyada oo loo marayo Chat laftiisa. Sidoo kale waxaad ka heli kartaa internetka
    • Adeeg isgaarsiineed oo aad ku qaabeyn karto Prosody.

Iyo dhammaan adeegyadii hore oo leh dhowr qalab garaaf ah oo loogu talagalay qaabeynta Firewall - FirewallD, iyo Isticmaalaha iyo Maareynta Kooxda ee nidaamka runti sahlan in la isticmaalo haddii aan haysanno aqoonta aasaasiga ah ee waxa aan dooneyno inaan sameyno.

Muhiim ah

Hubso inaad booqato cinwaanka soo socda si loo helo macluumaad dhameystiran ku saabsan Prosody: http: //siirsanaan.im.

Ilaa qaybta soo socota!


Nuxurka maqaalka wuxuu u hogaansamayaa mabaadi'deena anshaxa tifaftirka. Si aad u soo sheegto khalad guji Halkan.

10 faallooyin, ka tag taada

Ka tag faalladaada

cinwaanka email aan la daabacin doonaa.

*

*

  1. Masuul ka ah xogta: Miguel Ángel Gatón
  2. Ujeedada xogta: Xakamaynta SPAM, maaraynta faallooyinka.
  3. Sharci: Oggolaanshahaaga
  4. Isgaarsiinta xogta: Xogta looma gudbin doono dhinacyada saddexaad marka laga reebo waajibaadka sharciga ah.
  5. Kaydinta xogta: Macluumaadka ay martigelisay Shabakadaha Occentus (EU)
  6. Xuquuqda: Waqti kasta oo aad xadidi karto, soo ceshan karto oo tirtiri karto macluumaadkaaga.

  1.   Guillermo dijo

    Sidee xiiso u leedahay dhammaan tabarucaadkaaga, aad ayaad ugu mahadsan tahay dhammaantood.

  2.   IWO dijo

    Kun hambalyo Federico maqaal kale oo weyn.
    Halkan qoraagu wuxuu na siinayaa ("wuxuu siinayaa") "sida loo ogaado" sida loo hirgeliyo adeegga Wadahadalka iyada oo loo marayo Prosody oo adeegsada borotokoolka XMPP ee shabakad si loo isweydaarsado farriimaha degdegga ah, loo wareejiyo feylasha, la sameeyo shirar cod iyo muuqaal ah, oo laga sugo maxalliga ah isticmaalayaasha isku xirnaanta aaminka ah.
    Intaas waxaa sii dheer, sida caadiga ah ee taxanaha 'PYMES' oo dhan, qoraagu wuxuu fududeeyaa is-dhexgalka adeegga si loogula jaanqaado adeegyada intiisa kale iyo / ama cabbiraadaha durbaba ka shaqeynaya shabakad:
    1- Isbedelada ay tahay inaan ku sameyno adeegga DNS si loogu daro adeegga Chat wax walbana si sax ah ayey u shaqeeyaan.
    2- Qaabeynta (iyo hubinta) PAM-ka si gudaha looga xaqiijiyo adeegga Chat-ka.
    3- Waxa ay tahay inaan ku sameeyno Firewall-ka shabakada maxalliga ah iyo "Shabakadaha Shabakadaha" si aan u oggolaano adeegga Wada-hadalka, tanina ay ku dhacdo heer nabadgelyo oo ku filan.
    4- Iyo ugu dambeyn xaqiijinta Chat ka macmiil XMPP ah.
    Ma jiraan wax ku kaydin kara boostada galka TIPS goorta adeegan la fulinayo.

  3.   federico dijo

    Waxaan rajeynayaa inay si uun kuugu anfacayaan. Waad ku mahadsantahay faallooyinka

  4.   federico dijo

    IWO saaxiib, waxaad heshay dulucda maqaalka. Kaliya ku dar inaan u fulineyno adeegyo shabakad UNIX / Linux ah, xitaa haddii macaamiishooda oo dhami ay yihiin Microsoft Windows. Akhristayaal badan ayaa laga yaabaa inaysan ogaan faahfaahintaas yar wali. 😉

  5.   Zodiac Carburus dijo

    Wax ku biir aad ufiican saaxiib Fico. Waad ogtahay inaan raacay maqaalladaadii oo dhan 4taan dambana waxaan bartay su'aalo badan oo aanan garanayn sababtoo ah xijaabkii Tusaha Firfircoonaa iyo Maamulaha Domain-ka ayaa wajigayga la geliyay. Waxaan si ficil ah ugu dhashay NT 4 iyo PDC-yada iyo BDC-yada. Ma ogeyn inaan fududeyn karo aqoonsiga shabakad hal mashiin oo leh Centos ama Linux kale. Hadda waxaan baranayaa falsafad cusub oo aan u arkaa inay tahay mid duug ah oo asal ahaan ka soo jeeda taariikhda shabakadaha. In kasta oo aad wax yar iiga sheegi doontid waxa aad daabici doontid Waad ku mahadsantahay sida aad ugu heellan tahay sababaha barnaamijka bilaashka ah. Waxaan sugi doonaa qodobbadaada soo socda, Fico.

  6.   Edward Claus dijo

    Tiger, maqaal weyn !!!!!

    Saaxiibkiis, waxaa ku jira faahfaahin yar, qeybta DNS, waxaad tilmaamaysaa dhammaan cinwaanka laga soo bilaabo desdelinux.fan ilaa IP 172.16.10.10, waxaad haysataa adeegaan lagu hirgeliyay Debian (midka DNS ah), hadda, sheekadan, waxay ku jirtaa CentOS , markaa dabcan waxay leedahay cinwaan IP ka duwan, wixii kaa maqnaa wuxuu u wareejinayay dhammaan taraafikada gidaar-gacmeedka IP-ga halkaasoo adeegga farriinta deg-degga ah uu ku yaallo, maadaama xilligan ay tilmaamayso isla server-ka DNS oo tanina aysan lahayn adeegga dirista.

    Haddii kale wax kasta oo qurux badan, habsiin weyn.

  7.   federico dijo

    Waad ku mahadsan tahay Eduardo inuu faallo ka bixiyo. Si fiican ayaad u akhriday sadarka:

    Sidoo kale aagga "dibedda" waxaan ka hawlgelinnaa adeegyada:

    xmpp-client
    xmpp-server

    Waxaanuna furaynaa dekedaha tcp 5222 iyo 5269.

    Waxaan u oggolaanayaa soo saarista borotokoolka XMPP iyada oo loo marayo is-gaadhsiinta 'ens34 interface'. Xusuusnow boostada hoose, xitaa maqaalka Squid. 😉

  8.   federico dijo

    Saaxiibka Zodiac: waxaad iga dhigeysaa inaan horay u sii sheego waxyaabaha aan la yaabay. Maya, LDAP hadda ma socdo. Waa udub dhexaadka adeegaha boostada oo ku saleysan Postfix, Dovecot, Squirrelmail, iyo xaqiijinta PAM, oo noqon doonta kii ugu dambeeyay taxanahan yar. Inbadan na. ;-). Ka dib haddii hadhay ay timaaddo illaa aan ka gaadhno Samba 4 AD-DC. Nabadeey !.

  9.   Edward Claus dijo

    Haa saaxiibkay, haddii aan akhriyo, laakiin ma arko meel PREROUTING ee dhanka serverka kale, fiiri.

  10.   federico dijo

    Eduardo: Samee rakibaadda. Ku xidho Laptop-ka shebekad IP 172.16.10.0/24 ah. Ku rakib macmiil Chat dushiisa kuna xir Prosody. Markaa waan sameeyay oo sidan ayay u shaqaysay. 😉
    FirewallD waa midka loogu talagalay CentOS ee ku hormarin doona qaabkiisa.