IM Prosody iyo isticmaaleyaasha maxalliga ah - Shabakadaha PYMES

Tusmada guud ee taxanaha: Shabakadaha Kombuyuutarka ee loogu talagalay SMEs: Hordhac

Maqaalkani waa sii wadida:

• Xaqiijinta Squid + PAM ee CentOS 7.
• Isticmaalaha maxaliga ah iyo maamulka kooxda
• NSD Maamulaha DNS Server + Shorewall
  

Waad salaaman tihiin asxaabta iyo asxaabta!

Waxaan sii wadeynaa inaan ku darno adeegyo shabakad ku saleysan aqoonsiga isticmaale maxalli ah adeegaha kooxda yar. Xamaasad Software Bilaash ah, gaar ahaan CentOS.

Xaaladihii shaqo ee kooxdu si wanaagsan ayey isu beddeleen. Waxay hadda xarun ahaan leeyihiin guri seddex dabaq leh oo leh dabaq hoose waxayna u baahan yihiin inay hirgeliyaan farriin fariin deg deg ah iyo wareejinta feylka ee u dhexeeya xarumaha shaqada, si loo yareeyo dhibaatada ku saabsan kor u kaca iyo jaranjarooyinka ama socod badan. ;-). Tan awgeed waxay soo jeedinayaan in loo isticmaalo barnaamijka Daawasho.

Waxay go'aansadeen inay daabacaan adeegga Wadahadalka Internetka oo kaliya kuwa Xamaasadda leh, waxayna qorsheynayaan inay ku xiraan farriintooda fariimaha degdegga ah iyo kuwa kale ee isku xira XMPP ee ku yaal Shabakadaha Shabakadaha. Tan awgeed waxay ku iibsadeen magaca domainka desdelinux. taageere illaa iyo hadda cinwaanka IP-ga ee la xiriira magacaas waxaa maamula shirkadda bixisa marinkaaga internetka.

Wadahadalka iyada oo loo marayo adeegga Prosody wuxuu u oggolaanayaa iyaga inay isdhaafsadaan farriimaha degdegga ah, wareejinta feylasha, sameystaan ​​shirar cod iyo muuqaal ah, iyo inbadan.

Waa maxay Prosody Instant Messenger?

Daawasho waa server isgaarsiineed casri ah oo ku saleysan hab maamuuska XMPP. Waxaa loogu talagalay rakibidda iyo qaabeynta fudud, iyo maaraynta hufan ee kheyraadka nidaamka. Prosody waa barnaamij Furan - Isha Furan ee lagu abuuray rukhsadda oggolaanshaha MIT / X11.

XMPP waa bedel aan ahayn ganacsi si loo bixiyo adeegyo fariin deg deg ah. Waxaa lagu hirgelin karaa jawi ganacsi wax soo saar, shabakad qoys, shabakad xaafad gaar loo leeyahay, iyo wixii la mid ah. Waxay taageertaa barnaamijyo badan oo macaamiil macaamiisha ah oo loogu talagalay desktop-ka iyo barnaamijyada moobiilka. Iyada oo loo marayo XMPP adeegan ayaa lagu siin karaa qalab kasta.

Intaa waxaa sii dheer, way awoodaan isku xidhka dhowr rakibid ah oo Prosody ah iyo adeegyo kale oo la jaan qaadaya borotokoolka XMPP, oo sameeya shabakad fariin ah oo aan guud ahaan ku xakameyn doonno farriinta iyo faylalka galka ee ku dhici doona hab gebi ahaanba ammaan ah.

Hubsiimo iyo xaqiijin ka dhan ah isticmaaleyaasha maxalliga ah

en el Khariidadda Goobta ee Prosody IM waxaan helnay iskuxirka bogga Bixiyeyaasha Xaqiijinta, kaas oo sheegaya in nooca 0.8 ee Prosody, bixiyeyaasha aqoonsi ee kala duwan lagu taageerayo plugins. Waxaad isticmaali kartaa darawallada software ka dhex dhisan, ama waxaad la midoobi kartaa xaqiijinta dhinac saddexaad iyo bixiyeyaasha kaydinta adoo adeegsanaya oo isdiyaari,.

Bixiyeyaasha xaqiijinta ee aan shaqaaleysiin karno

Tilmaanta Magaca -------------- ---------------------------------- --------------------
qeexitaan gudaha ah   Xaqiijinta asalka ah Furaha sirta qoraalka ah ayaa lagu kaydiyaa iyadoo la adeegsanayo keyd lagu dhex dhisay.

gudaha_lagulatay  Furaha sirta ah ee lagu duugay algorithm-ka gudaha ayaa lagu kaydiyaa iyadoo la adeegsanayo keyd lagu dhex dhisay.

cyrus       Isdhexgalka Cyrus SASL (LDAP, PAM,...)

si qarsoodi ah    Habka xaqiijinta iyadoo la adeegsanayo SASL 'ANONYMOUS' oo leh adeegsi aan rasmi ahayn oo aan u baahnayn aqoonsiga aqoonsiga.

XMPP waxay u isticmaashaa borotokoolka nidaamka hubinta fudud ee Lakabka Sugan - Stusaale Axaqiijinta iyo Sdaawo LShalay (SASL), si loo xaqiijiyo aqoonsiga macaamiisha. Prosody wuxuu ku darayaa maktabadda SASL taas oo markii ugu horreysa xaqiijineysa aqoonsiyada ka soo baxa xisaabaadka jira ee ku jira keydkiisa.

Laga soo bilaabo nooca 0.7 ee Prosody, bixiyaha dibedda ayaa la taageerayaa Cyrus SALS kaas oo xaqiijin kara aqoonsiyada ay bixiyeyaasha dibaddu ka soo horjeedaan ilo kale sida: PAM, LDAP, SQL iyo kuwa kale. Waxa kale oo ay u ogolaataa isticmaalka GSSAPI Adeegyada Hal-ku-Bixitaanka - Adeegyada Gelitaanka Hal Keli ah.

Maqaalkan ku saabsan Prosody, si looga gaaro xaqiijin ka dhan ah isticmaaleyaasha maxalliga ah iyada oo loo marayo PAM, waxaan u adeegsan doonnaa bixiyeha xaqiijinta «cyrus»Waxaa bixiyay xirmada«cirus-sasl»Taasina waxay la shaqeysaa sheyga salaad.

cyrus-sasl iyo saslauthd

[xididka @ linuxbox ~] # yum ku rakib cyrus-sasl

The saslauthd daemon horay ayaa loo rakibay

[xididka @ linuxbox ~] # getsebool -a | grep saslauthd
saslauthd_read_shadow -> off

[xididka @ linuxbox ~] # setsebool saslauthd_read_shadow on
[xididka @ linuxbox ~] # getsebool -a | grep saslauthd
saslauthd_read_shadow -> on

[xididka @ linuxbox ~] # systemctl status saslauthd
● saslauthd.service - daemon xaqiijinta SASL. Xamuus: xamuul (/usr/lib/systemd/system/saslauthd.service; naafo ah; iibiyaha horena uleeyahay: naafo ah) Firfircoon: firfircoonayn (dhintay)

[xididka @ Linux_ ~] # systemctl oo awood u siinaya saslauthd
Waxaa laga sameeyay iskuxir / /etc/systemd/system/multi-user.target.wants/saslauthd.service to /usr/lib/systemd/system/saslauthd.service.

[xididka @ linuxbox ~] # systemctl bilaw saslauthd
[xididka @ linuxbox ~] # systemctl status saslauthd
● saslauthd.service - SASL xaqiijinta daemon. Rarid: raran (/usr/lib/systemd/system/saslauthd.service; karti leh; iibiyaha horay loo sii qorsheeyay: naafo ah) Firfircoon: firfircoon (socda) tan iyo Sab 2017-04-29 10:31:20 EDT; 2s kahor Geedi socodka: 1678 ExecStart = / usr / sbin / saslauthd -m $ SOCKETDIR -a $ MECH $ CALANADA (koodhka = kabaxay, status = 0 / SUCCESS) Main PID: 1679 (saslauthd) CGroup: /system.slice/saslauthd adeegga ├─1679 / usr / sbin / saslauthd -m / run / saslauthd -a pam ├─1680 / usr / sbin / saslauthd -m / run / saslauthd -a pam ├─1681 / usr / sbin / saslauthd -m / run / saslauthd -a pam ├─1682 / usr / sbin / saslauthd -m / run / saslauthd -a pam └─1683 / usr / sbin / saslauthd -m / run / saslauthd -a pam

Prosody iyo lua-cyrussasl

[xididka @ linuxbox ~] # yum rakibi prosody
---- Ku-tiirsanaanta la xalliyey ========================================== == ================================== Nakhshadda Nooca Dhismaha Qalabka Cabbirka Xajmiga ========= == ============================================== === ================== Ku rakibida: prosody x86_64 0.9.12-1.el7 Epel-Repo 249 k Ku rakibida ku-tiirsanaanta: lua-expat x86_64 1.3.0- 4.el7 Epel -Repo 32 k lua-filesystem x86_64 1.6.2-2.el7 Epel-Repo 28 k lua-sec x86_64 0.5-4.el7 Epel-Repo 31 k lua-socket x86_64 3.0-0.10.rc1.el7 Epel -Repo 176k Macaamil Soo Koobid ====================================== ================== Ku rakib 1 Xirmo (+ 4 Xidhmooyinka Ku Xidhnaanta) --- -

[xididka @ linuxbox ~] # getsebool -a | salaax prosody
prosody_bind_http_port -> off
[xididka @ linuxbox ~] # setsebool prosody_bind_http_port on
[xididka @ linuxbox ~] # getsebool -a | salaax prosody
prosody_bind_http_port -> on

[xididka @ linuxbox ~] # systemctl oo awood u siiya in loo isticmaalo
Summad laga sameeyay /etc/systemd/system/multi-user.target.wants/prosody.service to /usr/lib/systemd/system/prosody.service. [root @ linuxbox ~] # systemctl status prosody ● prosody.service - Server Prosody XMPP (Jabber) Load: xamuul ah (/usr/lib/systemd/system/prosody.service; karti u leh; iibiyaha horay loo sii qorsheeyay: naafo ah) Firfircoon: firfircoon (dhintay) )

[xididka @ linuxbox ~] # systemctl bilaw inaad soo bandhigto
[xididka @ linuxbox ~] # systemctl status prosody
Prosody.service - Prosody XMPP (Jabber) server Loaded: raran (/usr/lib/systemd/system/prosody.service; karti u leh; iibiyaha horay loo sii qorsheeyay: naafo yahay) Firfircoon: firfircoon (socda) ilaa Sab 2017-04-29 10:35:07 EDT; 2s kahor Geeddi-socod: 1753 ExecStart = / usr / bin / prosodyctl start (code = exited, status = 0 / SUCCESS) Main PID: 1756 (lua) CGroup: /system.slice/prosody.service └─1756 lua / usr / lib64 / dhiig-shuban /..///biin/badiyo

[xididka @ linuxbox ~] # dabada /var/log/prosody/prosody.log
Abriil 29 10: 35: 06 faahfaahin guud Guud ahaan waad salaaman tihiin kuna soo dhowow nooca Prosody 0.9.12 Abriil 29 10:35:06 guud ahaan faahfaahinta guud Prosody wuxuu adeegsanayaa dib-u-xulasho dib-u-xallin ah Apr 29 10: 35: 06 Macluumaadka xawilaadaha 'S2s' on [::]: 5269, [*]: 5269 Apr 29 10:35:06 info portmanager info Adeegsi hawlgal ah 'c2s' on [::]: 5222, [*]: 5222 Apr 29 10:35:06 faahfaahinta xayeysiinta firfircoon adeegga 'legacy_ssl' oo aan lahayn dekedo Apr 29 10: 35: 06 mod_posix info Prosody wuxuu qarka u saaran yahay inuu ka baxo qunsulka, isaga oo curyaaminaya wax soo saar qunsuliyadeed oo dheeri ah Apr 29 10: 35: 06 mod_posix info Si guul leh loogu darey PID 1756

[xididka @ Linux_ ~] # yum ku rakib lua-cyrussasl

Creamos el virtual host «chat.desdelinux.fan» a partir del «example.com» que instala el Prosody

[xididka @ Linux_ ~] # cp /etc/prosody/conf.d/example.com.cfg.lua \
/etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua

[xidid @ linuxbox ~] # nano /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua
- Qeybta loogu talagalay wada sheekaysiga VirtualHost

VirtualHost "chat.desdelinux.fan"

- U qoondee martigeliyahaan shahaado TLS, haddii kale waxay u adeegsan doontaa midka - loo dejiyey qaybta caalamiga ah (haddii ay jirto). - Ogsoonow in qaabkii hore ee SSL ee dekedda 5223 kaliya ay taageerto hal shahaado, - mar walbana wuxuu isticmaali doonaa midka caalamiga ah.
        ssl = {
                 fure = "/etc/pki/prosody/chat.key";
                shahaadada = "/etc/pki/prosody/chat.crt";
        }

------ Components ------
-- You can specify components to add hosts that provide special services,
-- like multi-user conferences, and transports.
-- For more information on components, see http://prosody.im/doc/components

---Set up a MUC (multi-user chat) room server on conference.chat.desdelinux.fan:
Component "conference.chat.desdelinux.fan" "muc"
magaca = "Xamaasadda" - WAA MAGACA QOLKA SHIRKA LAGU SOO BADBAADINAYO - Goormaad qolka ku biiraysaa
restrict_room_creation = run

- Samee wakiil SOCKS5 bytestream wakiil ah oo loogu talagalay wareejinta faylka server-ka: - Qaybta "proxy.chat" "proxy65" --- Samee qayb ka baxsan (dekedda qaybta caadiga ah waa 5347) - - Qaybaha dibedda u oggolaanaya in lagu daro adeegyo kala duwan, sida sida albaabbada / - loo raro shabakadaha kale sida ICQ, MSN iyo Yahoo. Faahfaahin dheeraad ah - eeg: http://prosody.im/doc/components#adding_an_external_component - --Component "gateway.chat" - component_secret = "password"

sugitaan = "cyrus"
cyrus_service_name = "xmpp"
cyrus_require_provisioning = been
cyrus_application_name = "prosody"
cyrus_server_fqdn = "chat.desdelinux.fan"

Ajustamos el grupo propietario del archivo /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua

[xididka @ linuxbox ~] # ls -l /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua 
-rw-r -----. 1 xididka xididka 1361 abr 29 10:45 /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua

[xididka @ linuxbox ~] # xididka la jarjaray: prosody /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua 
[xididka @ linuxbox ~] # ls -l /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua 
-rw-r-----. 1 root prosody 1361 abr 29 10:45 /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua

Waxaan hubineynaa qaabeynta

[xididka @ Linux_ ~] # luac -p /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua
[xididka @ Linux_ ~] #

Shahaadooyinka SSL ee isku xirnaanta aaminka ah

Si loogu xiro server-ka Prosody - oo labadaba laga helo shabakada maxalliga ah iyo internetka - lana hubiyo in aqoonsiyadu ay si ammaan ah ugu safraan, waa inaan soo saarnaa shahaadooyinka SSL - Lakabka Amniga lagu caddeeyay feylka qaabeynta qaabeynta martigeliyaha /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua:

[xididka @ linuxbox ~] # cd / iwm / prosody / certs /

[root @ linuxbox cadeynaya] # openssl req -new -x509 -days 365 -nodes \
-out "chat.crt" -newkey rsa: 2048 -keyout "chat.key"
Generating a 2048 bit RSA private key
.....+++
..........+++
writing new private key to 'chat.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CU
State or Province Name (full name) []:Cuba
Locality Name (eg, city) [Default City]:Habana
Organization Name (eg, company) [Default Company Ltd]:DesdeLinux.Fan
Organizational Unit Name (eg, section) []:Entusiastas
Common Name (eg, your name or your server's hostname) []:chat.desdelinuxCiwaanka iimaylka taageere []:buzz@desdelinux. taageere

Waxaan wax ka bedelnaa xulashooyinka qaabeynta adduunka

Kaliya waanu tafatiri doonaa fursadaha soo socda ee faylka ku jira /etc/prosody/prosody.cfg.lua:

[xididka @ linuxbox ayaa xaqiijinaya] # cp /etc/prosody/prosody.cfg.lua \ /etc/prosody/prosody.cfg.lua.original [xididka @ linuxbox ~] # nano /etc/prosody/prosody.cfg. lua
- Faylka isku duwidda Tusaalaha Tusaalaha - - Macluumaadka ku saabsan qaabeynta Prosody waxaa laga heli karaa websaytkayaga oo ah http://prosody.im/doc/configure - - Talo: Waxaad iska hubin kartaa in qaabeynta faylkani ay sax tahay - marka aad dhammayso adigoo ordaya: luac -p prosody.cfg.lua - Haddii ay jiraan wax khaladaad ah, waxay kuu sheegi doontaa waxa iyo meesha - ay yihiin, haddii kale way aamusi doontaa - - Waxa kaliya ee haray in la sameeyo ayaa ah in magaca faylalka la beddelo si meesha looga saaro dhammaadka .dist, oo la buuxiyo - meelaha banaan. Nasiib wacan, iyo farxad Jabbering! ---------- Dejinta adeegaha oo dhan ---------- - Dejinta qaybtan waxay khuseysaa serverka oo dhan waana goobaha caadiga ah - ee martigaliyaal kasta oo dalwad leh - Tani waa (by default, madhan) liiska koontooyinka maamulku yahay - ee serverka. Xusuusnow waa inaad si gooni gooni ah u sameysid koontooyinka - (eeg http://prosody.im/doc/creating_accounts wixii macluumaad ah) - Tusaale: admins = {"user1@example.com", "user2@example.net"}
admins = { "buzz@chat.desdelinux.fan", "trancos@chat.desdelinux.fan" }

- Awood u yeelo isticmaalka xayeysiinta waxqabadka wanaagsan ee culeyska sarreeya - Wixii macluumaad dheeraad ah eeg: http://prosody.im/doc/libevent --use_libevent = run; - Tani waa liiska qaybaha Prosody uu ku shuban doono bilowga. - Waxay u egtahay mod_modulename.lua galka plugins-ka, markaa hubi inay taasi jirto sidoo kale. - Dukumiintiyada ku saabsan modules waxaa laga heli karaa: http://prosody.im/doc/modules modules_enabled = {- Guud ahaan loo baahan yahay "liiska"; - U oggolow isticmaaleyaasha in ay liis garayn yeeshaan. Lagu taliyay;) "saslauth"; - Hubinta macaamiisha iyo server-yada. Lagu taliyay haddii aad rabto inaad gasho. "tls"; - Ku dar taageerada TLS-ka aaminka ah isku xirka c2s / s2s "dialback"; - s2s taageerada dialback "disk"; - Soo helid adeeg - Maaha muhiim, laakiin waxaa lagula taliyay "gaar"; - Kaydinta XML ee gaarka loo leeyahay (calaamadaha qolka, iwm) "vcard"; - U oggolow isticmaaleyaasha inay dejiyaan vCards - Kuwani waxaa looga faaloodaa asal ahaan maadaama ay leeyihiin saameyn waxqabad - "asturnaan"; - Taageer liisaska asturnaanta - "riixitaan"; - Cadaadiska qulqulka (Xusuusin: Waxay ubaahantahay xirmo lua-zlib RPM rakibay) - Waa hagaag in la helo "nooca"; - Kajawaabida codsiyada nooca serverka "waqtigiisa"; - Ka warbixi inta serverka uu "waqti" shaqeynayay; - Ogeysii kuwa kale inay ogaadaan waqtiga halkan ku yaal adeeggan "ping"; - Jawaabaha pings XMPP leh pongs "pep"; - Waxay awood u siineysaa dadka isticmaala inay daabacaan xaaladdooda, dhaqdhaqaaqooda, muusig garaacid iyo wax badan oo "diiwaangelin" ah; - U oggolow isticmaalayaasha inay iska diiwaangeliyaan adeeggan iyagoo adeegsanaya macmiil isla markaana beddelaya furaha sirta ah - Isdhexgalka maamulka "admin_adhoc"; - Waxay u oggolaaneysaa maamulka iyada oo loo marayo macmiil XMPP ah oo taageera amarada ad-hoc - "admin_telnet"; - Wuxuu ka furmaa isgaarsiinta telnet konsol dekedda maxalliga ah 5582 - modules HTTP
        "bosh"; - Sahlo macaamiisha BOSH, aka "Jabber over HTTP"
        - "http_files"; - Ku kaydi faylasha ma guurtada ah buugga HTTP - Waxqabadka kale ee gaarka ah "posix" - Waxqabadka POSIX, wuxuu u diraa server asalka, wuxuu awood u siiyaa syslog, iwm. - "kooxo"; - Taageero qoraal ah oo la wadaago - "ku dhawaaq"; - U dir ogeysiis dhammaan isticmaaleyaasha internetka - "soo dhawow"; - Soo dhawow isticmaalayaasha diiwaangeliya xisaabaadka - "diiwaangelinta daawashada"; - Ogeysiis maamullada diiwaangelinta - "motd"; - U dir farriin isticmaaleyaasha markay soo galayaan - "legacyauth"; - Aqoonsiga dhaxalka. Kaliya waxaa isticmaala qaar ka mid ah macaamiisha duugga ah iyo bots. };

bosh_ports = {{dekedda = 5280; dariiqa = "http-bind"; interface = "127.0.0.1"; }}

firfircooni la'aan = 60
- U isticmaal haddii aad u baahan tahay HTTPS-> HTTP dhinaca adeegga
tixgelin_bosh_secure = run
- U oggolow marinka qoraallada bog kasta oo aan wakiil lahayn (waxay u baahan tahay biraawsar casri ah)
cross_domain_bosh = run

- Qaybtani waa otomaatig ku raran yihiin, laakiin waa inaad rabto - inaad naafo ka dhigto ka dibna halkan ku soo koob: modules_disabled = {- "offline"; - Keydso farriimaha qad la'aanta - "c2s"; - Qabso isku xirnaanta macmiilka - "s2s"; - Qabso isku xirnaanta server-to-server}; - Ka jooji sameynta koontada asal ahaan, amniga - Wixii macluumaad dheeraad ah eeg http://prosody.im/doc/creating_accounts allow_registration = been; - Kuwani waa goobaha la xiriira SSL / TLS. Haddii aadan rabin - inaad isticmaasho SSL / TLS, waad faallo ka bixin kartaa ama ka saari kartaa ssl = {key = "/etc/pki/prosody/localhost.key"; shahaadada = "/etc/pki/prosody/localhost.crt"; } - Ma ku khasbaysaa macaamiisha inay isticmaalaan xiriirro qarsoodi ah? Ikhtiyaarkan ayaa - ka hor istaagi doona macaamiisha inay xaqiijiyaan ilaa ay isticmaalayaan sirta.

c2s_require_encryption = run

- Xaqiijinta shahaadada ee iskuxirka server-to-server? - Tani waxay bixisaa nabadgelyo ku habboon, laakiin waxay u baahan tahay adeegaha aad la xiriirto - si ay u taageerto sirta iyo soo bandhigida shahaadooyin ansax ah, oo lagu kalsoon yahay. - XUSUUS: Noocaaga LuaSec waa inuu taageeraa xaqiijinta shahaadada! - Wixii macluumaad dheeri ah ka eeg http://prosody.im/doc/s2s#security s2s_secure_auth = been - Adeegyo badan oo ka mid ahi ma taageeraan qarinta ama ma laha shahaadooyin aan ansax ahayn ama is-saxeexan. Waxaad ku qori kartaa cinwaanada halkan aan looga baahneyn - xaqiijin adoo isticmaalaya shahaadooyin. Waxaa lagu xaqiijin doonaa iyadoo la adeegsanayo DNS. --s2s_insecure_domains = {"gmail.com"} - Xitaa haddii aad ka tagto s2s_secure_auth oo naafo ah, weli waxaad u baahan kartaa ansax - shahaadooyin qaar ka mid ah boggaga adoo ku qoraya liistada halkan. --s2s_secure_domains = {"jabber.org"} - Xulo gadaal sugida si aad u isticmaasho. Bixiyeyaasha 'gudaha' - waxay u adeegsadaan keydinta xogta loo habeeyay Prosody si ay u kaydiso xogta sugida. - Si loogu oggolaado Prosody inuu u soo bandhigo macaamiisha habab aqoonsi oo aamin ah, bixiyaha asalka u ah wuxuu keydiyaa furaha sirta ah ee la socda. Haddii aadan ku kalsoonayn - serverkaaga fadlan eeg http://prosody.im/doc/modules/mod_auth_internal_hashed - wixii macluumaad ah ee ku saabsan adeegsiga dhabarka dambe ee degdegga ah.

- sugitaan = "gudaha_plain"
sugitaan = "cyrus"
cyrus_service_name = "xmpp"
cyrus_require_provisioning = been

- Xulo backend kaydinta si aad u isticmaasho. Markii hore Prosody wuxuu adeegsadaa feylal fidsan - galka xogta ee la qaabeeyey, laakiin sidoo kale waxay taageertaa gadaal dambe - iyada oo loo marayo modules. Daminta "sql" waxaa lagu soo daray qaab ahaan, laakiin waxay u baahan tahay - ku-tiirsanaan dheeri ah. Eeg http://prosody.im/doc/storage si aad u hesho macluumaad dheeraad ah. --storage = "sql" - Default waa "gudaha" (Fiiro gaar ah: "sql" waxay u baahan tahay rakib - lua-dbi RPM pack) - "back" sjl, waad ka xumaan kartaa * mid * ka mid ah kuwa hoose si aad u qaabeyso: - sql = {driver = "SQLite3", database = "prosody.sqlite"} - Default. 'database' waa magaca faylka. --sql = {driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost"} --sql = {driver = "PostgreSQL", database = "prosody" ", username =" prosody ", password =" secret ", host =" localhost "} - Conflication Logging - For logging advanced see http://prosody.im/doc/logging log = {- Diiwaangeli wax kasta oo heerka ah" info " iyo ka sareeya (taasi waa, dhammaan marka laga reebo "farriimaha" farriimaha) - to /var/log/prosody/prosody.log iyo khaladaadka sidoo kale /var/log/prosody/prosody.err
    debug = "/var/log/prosody/prosody.log"; - Ku beddel 'info' oo 'u qax' wixii loo yaqaan 'verbose logging'
    qalad = "/var/log/prosody/prosody.err"; - Gal khaladaadka sidoo kale in la xareeyo - error = "* syslog"; - Gal khaladaadka sidoo kale syslog - log = "* console"; - Soo gal qunsulka, oo waxtar u leh khaladka la daemonize = been ah} - qaabeynta POSIX, eeg sidoo kale http://prosody.im/doc/modules/mod_posix pidfile = "/run/prosody/prosody.pid"; --daemonize = been - Default waa "run" ------ Faylal dheeri ah oo iskudhaf ah ------ - Ujeeddooyin abaabul ahaan waxaad doorbidi kartaa inaad kudarto VirtualHost iyo - Qeexitaanka Qeybaha feylasha iskudhafka. Khadkan waxaa ka mid ah - dhammaan faylasha isku xirnaanta ee /etc/prosody/conf.d/ Ku dar "conf.d / *. Cfg.lua"

Wax ka beddelka qaabeynta Dnsmasq ee linuxbox

Faylka /Etc/dnsmasq.conf

Kaliya ku dar qiimaha cname=chat.desdelinux.fan,linuxbox.desdelinux. taageere:

[xididka @ linuxbox ~] # nano /etc/dnsmasq.conf

-----
# -------------------------------------------------------------------
# R E G I S T R O S   C N A M E    M X    T X T
# -------------------------------------------------------------------
# Este tipo de registro requiere de una entrada
# en el archivo /etc/hosts
# ej: 192.168.10.5 linuxbox.desdelinux.fan linuxbox # cname=ALIAS,REAL_NAME cname=mail.desdelinux.fan,linuxbox.desdelinux. taageere
cname=chat.desdelinux.fan,linuxbox.desdelinux. taageere
----

[root @ linuxbox ~] # adeeg dnsmasq dib u bilaw
[xididka @ linuxbox ~] # adeegga dnsmasq xaaladdiisa [xididka @ linuxbox ~] # wada sheekaysiga martigeliyaha
sheekeysi.desdelinuxfanku waa magac loo yaqaan linuxbox.desdelinux. taageere. linuxbox.desdelinux.fanku waxa uu leeyahay ciwaanka 192.168.10.5 linuxbox.desdelinuxBoostada fanka waxaa lagu maamulaa 1 mail.desdelinux. taageere.

Faylka /Etc/resolv.conf

[xididka @ linuxbox ~] # nano /etc/resolv.conf 
search desdelinux.fan nameserver 127.0.0.1 # Wixii dibadeed ama # aan domain ahayn weydii DNS desdelinux.fan # local=/desdelinux.fan/ servere 172.16.10.30

Wax ka beddelka DNS-ka dibedda ee ISP

Waxaan u hibeynay maqaalka oo dhan «NSD Server Server DNS + Shorewall - Shabakadaha SME»Mawduuca ku saabsan sida loogu dhawaaqo diiwaanada SRV ee la xiriira XMPP si adeegga fariimaha degdega ah ay ugu baxaan internetka, iyo xitaa in server-ka Prosody uu ula midoobo inta kale ee la jaan qaada XMPP server ee ka jira Webka.

Waxaan dib u bilaabi doonaa Prosody

[xididka @ linuxbox ~] # adeeg dib u bilaabid prosody
U hagida dhanka / bin / systemctl dib u bilaabi prosody.service
[xididka @ linuxbox ~] # Xaaladda adeegga
U jihaynta / bin / systemctl status prosody.service ● prosody.service - Server Prosody XMPP (Jabber) Loaded: raran (/usr/lib/systemd/system/prosody.service; karti leh; iibiyaha horay loo sii qorsheeyay: naafo yahay) Firfircoon: firfircoon (socda) ilaa Sun 2017-05-07 12:07:54 EDT; 8s kahor Hannaanka: 1388 ExecStop = / usr / bin / prosodyctl stop (koodh = kabax, xaalad = 0 / SUCCESS) Habka: 1390 ExecStart = / usr / bin / prosodyctl bilowga (koodh = kabax, xaalad = 0 / GUUL) Main PID : 1393 (lua) CGroup: /system.slice/prosody.service └─1393 lua /usr/lib64/prosody/../../bin/prosody

[xididka @ linuxbox ~] # dabada -f /var/log/prosody/prosody.log

• Waa wax aad u caafimaad badan in la furo qunsuliyad cusub oo amarkii hore uu socdo, lana daawado wax soo saarka khaldan ee ka socda Prosody inta adeeggu dib u bilaabmayo.

Waxaan u qaabeyneynaa Cyrus SASL

[xidid @ linuxbox ~] # nano /etc/sasl2/prosody.conf
pwcheck_method: saslauthd mech_list: PLAIN

[xididka @ linuxbox ~] # adeeg saslauthd dib u bilaw
U hagida dhanka / bin / systemctl dib u bilaabi saslauthd.service
[xididka @ Linux_ ~] # adeegga xaaladda saslauthd

- Haddii ...
[xididka @ linuxbox ~] # adeeg dib u bilaabid prosody

Qaabeynta PAM

[xididka @ linuxbox ~] # nano /etc/pam.d/xmpp
auth waxaa ka mid ah koontada sirta-auth ay ku jiraan lambarka sirta-auth

Hubinta xaqiijinta PAM

• Si loo hubiyo, waa inaan fulinnaa amarka soo socda sida saxda ah ee hoos ku xusan, maadaama ay ku saabsan tahay fulinta amar sida isticmaalaha "prosody" oo aan ahayn "isticmaalaha" xididka:

[root @ linuxbox ~] # sudo -u prosody testsaslauthd -s xmpp -u strides -p strides
0: OK "Guul."

[xididka @ linuxbox ~] # sudo -u prosody testsaslauthd -s xmpp -u legolas -p legolas
0: OK "Guul."

[xididka @ Linux_ ~] # sudo -u prosody testsaslauthd -s xmpp -u legolas -p Lengolas
0: MAYA "xaqiijintii way fashilantay"

Nidaamka xaqiijinta ee ka dhanka ah isticmaaleyaasha maxalliga ah wuxuu u shaqeeyaa si sax ah.

Waxaan wax ka badalnay FirewallD

Adeegsiga aaladda garaafka «Dabka«, Aaggadadweynaha»Waxaan dhaqaajineynaa adeegyada:

• xmpp-bosch
• xmpp-macmiil
• xmpp-server
• xmpp-maxalli ah

Sidoo kale aagga «external»Waxaan dhaqaajineynaa adeegyada:

• xmpp-macmiil
• xmpp-server

Annaguna waanu furaynaa dekadaha tcp 5222 iyo 5269

Ugu dambeyntii, waxaan ku sameynaa isbedel Waqtiga fulinta a Joogto ah y dib u cusbooneysii FirewallD.

XMPP Macmiilka Psi

Si aad ula xiriirto server-ka fariimaha degdega ah ee Prosody Instant Messaging, waxaan kala dooran karnaa macaamiisha kala duwan ee jira:

• Faham
• Gajim
• Qadu
• Psi
• psi lagu daray
• Pidgin
• Telepathy
• Wechat

Liisku wuu socdaa. Waxaan dooranay Psi +. Si loo rakibo waxaan u isticmaalnaa amarka la door bidaa ama waxaan ku sameynaa qalabka garaafka ee loo heli karo hawshaas. Marka la rakibo, waan fulinaa, dhamaadka maqaalka waxaan ku siineynaa sawirro taxane ah oo aan rajeyneyno inay waxtar kuu yeelan doonaan.

Resumen

• Waxaan ku rakibi karnaa adeegga Fariimaha Degdegga ah oo ku saleysan Prosody ee loogu talagalay dadka isticmaala maxalliga ah ee nidaamka, oo waxaan ku bixin karnaa abuuritaanka isticmaaleyaasha gudaha Prosody ama noocyada kale ee aqoonsiga keydka aqoonsiga.
• Aqoonsiga aqoonsigu wuxuu u socdaalayaa si qarsoodi ah macmiilka ilaa serverka, iyo jawaabaha dambe ee macmiilka sidoo kale.
• Waxaan ku rakibi karnaa wax ka badan hal adeeg oo ku saleysan xaqiijinta maxalliga ah iyada oo loo marayo PAM hal adeeg.
• Ilaa hadda, serverka linuxbox.desdelinux. taageere waxay siisaa adeegyadan soo socda Shabakada SME:
  • Xallinta Magaca Magacyada ama DNS.
  • Qoondaynta firfircoon ee cinwaanada IP ama DCHP
  • Adeegga Waqtiga Shabakadda ama NTP
  • Kaydinta iyada oo loo marayo SSH macaamiisha UNIX / Linux, ama iyada oo loo marayo WinSCP macaamiisha Microsoft Windows.
  • Adeegga Fariimaha degdega ah - Wadahadal. Sidoo kale waxaad ka heli kartaa internetka.
    
  • Adeegga wadaaga faylka iyada oo loo marayo Chat laftiisa. Sidoo kale waxaad ka heli kartaa internetka
  • Adeeg isgaarsiineed oo aad ku qaabeyn karto Prosody.

Iyo dhammaan adeegyadii hore oo leh dhowr qalab garaaf ah oo loogu talagalay qaabeynta Firewall - FirewallD, iyo Isticmaalaha iyo Maareynta Kooxda ee nidaamka runti sahlan in la isticmaalo haddii aan haysanno aqoonta aasaasiga ah ee waxa aan dooneyno inaan sameyno.

Muhiim ah

Hubso inaad booqato cinwaanka soo socda si loo helo macluumaad dhameystiran ku saabsan Prosody: http: //siirsanaan.im.

Ilaa qaybta soo socota!