I-Prosody IM nabasebenzisi bendawo - Amanethiwekhi ama-PYMES

Inkomba ejwayelekile yochungechunge: Ama-Computer Networks ama-SME: Isingeniso

Lo mbhalo ungukuqhubeka kwe:

• Ukuqinisekiswa kwe-squid + PAM ku-CentOS 7.
• Ukuphathwa komsebenzisi wasendaweni neqembu
• Iseva ye-NSD Authoritarian DNS Server + Shorewall
  

Sanibonani bangani nabangane!

Siyaqhubeka nokwengeza izinsizakalo zenethiwekhi ngokususelwa ekuqinisekisweni komsebenzisi wasendaweni kuseva yeqembu elincane. Abathandekayo Isoftware yamahhala, ikakhulukazi i-CentOS.

Izimo zokusebenza kweqembu zashintsha zaba ngcono. Manje banekomkhulu lendlu enezitezi ezintathu enekamelo elingaphansi futhi badinga ukusebenzisa iseva yemiyalezo esheshayo nokudluliswa kwamafayela phakathi kwezindawo zokusebenzela, ukunciphisa ubunzima bokukhuphuka nokukhuphuka izitebhisi noma ukuhamba kakhulu. ;-). Ngalokhu baphakamisa ukusebenzisa uhlelo I-Prosody.

Bazimisele ukushicilela insizakalo ye-Internet Chat kuphela kwabathanda, futhi bahlela ukuxhumanisa i-server yabo yemiyalezo esheshayo namanye amaseva weXMPP ahambisanayo atholakala kwiNethiwekhi Yezinethiwekhi. Ngalokhu bathenga igama lesizinda desdelinux.umlandeli futhi kuze kube manje ikheli le-IP elihambisana nalelo gama liphethwe ngumhlinzeki wakho wokufinyelela ku-inthanethi.

Insizakalo yeChat ngokusebenzisa iProsody izovumela ukuthi bashintshane ngemiyalezo esheshayo, badlulise amafayela, benze izingqungquthela zezwi nezevidiyo, nokuningi.

Yini iProsody Instant Messenger?

I-Prosody iseva yokuxhumana yesimanje ngokuya ngomthetho olandelwayo we-XMPP. Yenzelwe ukufakwa nokulungiswa okulula, nokuphathwa kahle kwezinsiza zohlelo. I-Prosody ngumthombo ovulekile - Uhlelo Lomthombo Ovulekile olwenziwe ngaphansi kwelayisense yokuvumela IMIT / X11.

I-XMPP kungenye indlela engeyona eyezentengiso yokuhlinzeka ngezinsizakalo zemiyalezo esheshayo. Ingasetshenziswa endaweni yebhizinisi lokukhiqiza, kunethiwekhi yomndeni, kwinethiwekhi yangasese yomakhelwane, njalonjalo. Ixhasa isoftware enhlobonhlobo yamakhasimende ezindawo zedeskithophu nezamaselula. Nge-XMPP le sevisi inganikezwa kunoma iyiphi idivayisi.

Ngokwengeziwe, bangakwazi isixhumanisi ukufakwa okuningana kweProsody kanye nezinye izinsizakalo ezihambisana nomthetho olandelwayo we-XMPP, futhi zakhe inethiwekhi yokuthumela imiyalezo lapho sizoba nokulawula okuphelele komlayezo kanye nethrafikhi yefayela ezokwenzeka ngendlela ephephe ngokuphelele.

Prosody kanye ubuqiniso ngokumelene abasebenzisi bendawo

Ku Imephu Yesayithi ye-Prosody IM sithole isixhumanisi ekhasini Abahlinzeki bokufakazela ubuqiniso, okusho ukuthi ngokwenguqulo 0.8 yeProsody, abahlinzeki bokuqinisekisa abahlukahlukene bayasekelwa ngokusebenzisa ama-plugin. Ungasebenzisa abashayeli isoftware eyakhelwe ngaphakathi, noma ungahlanganisa nabahlinzeki bobuqiniso besithathu kanye nabahlinzeki besitoreji usebenzisa ezabo Ama-API.

Abahlinzeki bokufakazela ubuqiniso esingabaqasha

Incazelo yegama -------------- -------------------------------------- -----------------------
i-internal_plain   Ukuqinisekiswa okuzenzakalelayo. Amaphasiwedi wombhalo ongenalutho agcinwa kusetshenziswa isitoreji esakhelwe ngaphakathi.

i-internal_hashed  Amaphasiwedi afakwe i-algorithm yangaphakathi agcinwa kusetshenziswa isitoreji esakhelwe ngaphakathi.

ukhukhamba       Ukuhlanganiswa noCyrus SASL (LDAP, WFP,...)

Engaziwa    Indlela yokufakazela ubuqiniso isebenzisa i-SASL 'ANONYMOUS' enegama lomsebenzisi elingahleliwe elingadingi ukuqinisekiswa.

I-XMPP isebenzisa umthetho olandelwayo wokuqinisekisa okulula okuqinisekisiwe - Simple Authentication futhi Sukwelapha LIzolo (I-SASL), ukuqinisekisa imininingwane yamakhasimende. I-Prosody ifaka umtapo wezincwadi I-SASL okuzenzakalelayo okuqinisekisa ubuqiniso ngokuqhathaniswa nama-akhawunti akhona kusitoreji sayo esakhelwe ngaphakathi.

Njengoba inguqulo 0.7 yeProsody, umhlinzeki wangaphandle usekelwa Cyrus SALS engagunyaza imininingwane enikezwe abasebenzisi bangaphandle kweminye imithombo efana: WFP, LDAP, SQL nabanye. Iphinde ivumele ukusetshenziswa kwe- I-GSSAPI Yezinsizakalo Zokungena Ngezodwa - Izinsizakalo Zokungena Okukodwa.

Kulesi sihloko ku-Prosody, ukufeza ukufakazela ubuqiniso kubasebenzisi basendaweni nge-PAM, sizosebenzisa umhlinzeki wokufakazela ubuqinisoukhukhamba»Kuhlinzekwe yiphakheji«cyrus sasl»Futhi lokho kusebenza kuhlanganiswe ne-daemon saslauthd.

i-cyrus-sasl ne-saslauthd

[root @ linuxbox ~] # yum ukufaka i-cyrus-sasl

I-saslauthd daemon isivele ifakiwe

[impande @ linuxbox ~] # i-getsebool -a | grep saslauthd
saslauthd_read_shadow -> kucishiwe

[root @ linuxbox ~] # setsebool saslauthd_read_shadow ivuliwe
[impande @ linuxbox ~] # i-getsebool -a | grep saslauthd
saslauthd_read_shadow -> ku

[root @ linuxbox ~] # systemctl isimo saslauthd
● saslauthd.service - I-daemon yokufakazela ubuqiniso ye-SASL. Kulayishiwe: kulayishiwe (/usr/lib/systemd/system/saslauthd.service; kukhutshaziwe; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: akusebenzi (kufile)

[root @ linuxbox ~] # systemctl vumela i-saslauthd
Kudalwe i-symlink kusuka ku /etc/systemd/system/multi-user.target.wants/saslauthd.service to /usr/lib/systemd/system/saslauthd.service.

[root @ linuxbox ~] # systemctl qala i-saslauthd
[root @ linuxbox ~] # systemctl isimo saslauthd
● saslauthd.service - I-daemon yokufakazela ubuqiniso ye-SASL. Kulayishiwe: kulayishiwe (/usr/lib/systemd/system/saslauthd.service; kunikwe amandla; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: iyasebenza (iyasebenza) kusukela Sat 2017-04-29 10:31:20 EDT; Inqubo engu-2s edlule: 1678 ExecStart = / usr / sbin / saslauthd -m $ SOCKETDIR -a $ MECH $ FLAGS (code = exited, status = 0 / SUCCESS) Main PID: 1679 (saslauthd) CGroup: /system.slice/saslauthd. insizakalo ├─1679 / usr / sbin / saslauthd -m / run / saslauthd -a pam ├─1680 / usr / sbin / saslauthd -m / run / saslauthd -a pam ├─1681 / usr / sbin / saslauthd -m / run / saslauthd -a pam ├─1682 / usr / sbin / saslauthd -m / run / saslauthd -a pam └─1683 / usr / sbin / saslauthd -m / run / saslauthd -a pam

I-Prosody ne-lua-cyrussasl

[root @ linuxbox ~] # yum ukufaka prosody
---- Ukuncika kuxazululwe ========================================= = ================================== Iphakethe Lokwakhiwa Kwesayizi Yendawo Yokugcina ========= == ============================================ === ================== Ukufaka: prosody x86_64 0.9.12-1.el7 Epel-Repo 249 k Ukufaka ukuthembela: lua-expat x86_64 1.3.0- 4.el7 Epel -Repo 32 k lua-fileystem x86_64 1.6.2-2.el7 Epel-Repo 28 k lua-sec x86_64 0.5-4.el7 Epel-Repo 31 k lua-socket x86_64 3.0-0.10.rc1.el7 Epel -Repo 176k Transaction Isifinyezo ================================================== ======== ============================== Faka iPhakheji eli-1 (+4 Amaphakheji Axhomekile) --- -

[impande @ linuxbox ~] # i-getsebool -a | grep prosody
prosody_bind_http_port -> kucishiwe
[root @ linuxbox ~] # setsebool prosody_bind_http_port ivuliwe
[impande @ linuxbox ~] # i-getsebool -a | grep prosody
prosody_bind_http_port -> ivuliwe

[root @ linuxbox ~] # systemctl vumela i-prosody
Kudalwe i-symlink kusuka ku /etc/systemd/system/multi-user.target.wants/prosody.service to /usr/lib/systemd/system/prosody.service. [root @ linuxbox ~] # systemctl status prosody ● prosody.service - Iseva ye-Prosody XMPP (Jabber) Elayishiwe: ilayishiwe (/usr/lib/systemd/system/prosody.service; inikwe amandla; ukusetha kabusha komthengisi: kukhutshaziwe) Kuyasebenza: akusebenzi (kufile )

[root @ linuxbox ~] # systemctl qala prosody
[root @ linuxbox ~] # systemctl isimo prosody
● prosody.service - Prosody XMPP (Jabber) server Loaded: loaded (/usr/lib/systemd/system/prosody.service; inikwe amandla; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: iyasebenza (iyasebenza) kusukela ngoSat 2017-04-29 10:35:07 EDT; Inqubo engu-2s eyedlule: 1753 ExecStart = / usr / bin / prosodyctl start (code = exited, status = 0 / SUCCESS) Main PID: 1756 (lua) CGroup: /system.slice/prosody.service └─1756 lua / usr / lib64 /prosody/../../bin/prosody

[impande @ linuxbox ~] # umsila /var/log/prosody/prosody.log
Apr 29 10:35:06 info general Sawubona futhi wamukelekile ku-Prosody version 0.9.12 Apr 29 10:35:06 info jikelele I-Prosody isebenzisa i-backend yokukhetha ukuphatha ukuxhumana ngo-Apr 29 10:35:06 info portmanager info Service activated 's2s' ku- [::]: 5269, [*]: 5269 Apr 29 10:35:06 portmanager info Kuvuselelwa insiza 'c2s' ku- [::]: 5222, [*]: 5222 Apr 29 10:35:06 portmanager info Kuvuliwe service 'legacy_ssl' on no ports Apr 29 10:35:06 mod_posix info I-Prosody isizokhipha kukhonsoli, ikhubaza okukhiphayo okwengeziwe kwe-console ngoMashi 29 10:35:06 imininingwane ye-mod_posix ngempumelelo yenziwe i-PID 1756

[root @ linuxbox ~] # yum ukufaka i-lua-cyrussasl

Sakha i-virtual host «chat.desdelinux.fan" kusukela ku-"example.com" efakwa yi-Prosody

[izimpande @ linuxbox ~] # cp /etc/prosody/conf.d/example.com.cfg.lua \
/etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua

[izimpande @ linuxbox ~] # nano /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua
- Isigaba sengxoxo ye-VirtualHost

I-VirtualHost "ingxoxo.desdelinux.umlandeli"

- Nikeza lo mgcini isitifiketi se-TLS, ngaphandle kwalokho izosebenzisa eyodwa - esethwe esigabeni somhlaba jikelele (uma sikhona). - Qaphela ukuthi i-SSL yesitayela esidala ethekwini 5223 isekela isitifiketi esisodwa kuphela, - futhi izosebenzisa njalo eyomhlaba jikelele.
        ssl = {
                 ukhiye = "/etc/pki/prosody/chat.key";
                isitifiketi = "/etc/pki/prosody/chat.crt";
        }

------ Izingxenye ------ -- Ungacacisa izingxenye zokwengeza abasingathi abahlinzeka ngamasevisi akhethekile, -- njengezinkomfa zabasebenzisi abaningi, nezokuthutha. -- Ukuze uthole ulwazi olwengeziwe mayelana nezingxenye, bheka ku-http://prosody.im/doc/components ---Setha iseva yegumbi le-MUC (ingxoxo enabasebenzisi abaningi) ku-conference.chat.desdelinux.umlandeli:
Ingxenye "conference.chat.desdelinux.fan" "muc"
igama = "Abashisekayo" - INGABE IGAMA LENDIMA YENGQONDO EYOKUMENZELWA - UZOJOYINA NINI IKamelo
limited_room_creation = kuyiqiniso

- Setha ummeleli we-SOCKS5 bytestream wokudluliswa kwamafayela okwenziwe ngeseva: --Component "proxy.chat" "proxy65" --- Setha isakhi sangaphandle (imbobo yento ezenzakalelayo ingu-5347) - - Izinto zangaphandle zivumela ukwengeza okuhlukahlukene services, njengamasango / - ukuhanjiswa kwamanye amanethiwekhi afana ne-ICQ, i-MSN ne-Yahoo. Ngeminye imininingwane - bona: http://prosody.im/doc/components#adding_an_external_component - --Component "gateway.chat" - component_secret = "password"

ubuqiniso = "cyrus"
cyrus_service_name = "xmpp"
cyrus_require_provisioning = amanga
cyrus_application_name = "prosody"
cyrus_server_fqdn = "chat.desdelinux.umlandeli"

Silungisa iqembu elingumnikazi wefayela /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua

[izimpande @ linuxbox ~] # ls -l /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua 
-rw-r -----. 1 impande yezimpande 1361 Apr 29 10:45 /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua

[root @ linuxbox ~] # impande ekhethiwe: prosody /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua 
[izimpande @ linuxbox ~] # ls -l /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua 
-rw-r-----. 1 impande prosody 1361 Apr 29 10:45 /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua

Sihlola ukumiswa

[izimpande @ linuxbox ~] # luac -p /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua
[impande @ linuxbox ~] #

Izitifiketi ze-SSL zokuxhumana okuphephile

Ukuxhuma kuseva ye-Prosody -kokubili kusuka kunethiwekhi yasendaweni naku-Intanethi- futhi siqinisekise ukuthi iziqinisekiso zihamba zibethelwe ngokuphepha, kufanele sikhiqize izitifiketi ze-SSL - Isendlalelo Sokhethi Yezokuphepha kumenyezelwe kufayela lokumiswa komgcini ophathekayo /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua:

[root @ linuxbox ~] # cd / njll / prosody / izitifiketi /

[izimpande @ linuxbox certs] # ​​openssl req -new -x509 -days 365 -nodes \
-out "chat.crt" -newkey rsa: 2048 -keyout "chat.key"
Ikhiqiza ukhiye oyimfihlo we-2048 bit RSA .....+++ ..........+++ ukubhala ukhiye oyimfihlo omusha ku-'chat.key' ----- Usuzocelwa ukuthi faka ulwazi oluzofakwa esicelweni sakho sesitifiketi. Osuzongena khona yilokho okubizwa ngeGama Elihloniphekile noma i-DN. Kukhona izinkambu ezimbalwa kodwa ungazishiya zingenalutho Kwezinye izinkambu kuzoba nenani elizenzakalelayo, Uma ufaka '.', inkambu izoshiywa ingenalutho. ----- Igama Lezwe (2 ikhodi yezinhlamvu) [XX]:CU Igama Lesifunda noma Lesifundazwe (igama eligcwele) []:Igama Lendawo yase-Cuba (isib. I-Default Company Ltd]:DesdeLinux.Igama Leyunithi Yenhlangano Yabalandeli (isb, isigaba) []:Igama Elivamile Labashisekeli (isb, igama lakho noma igama lomethuli weseva yakho) []:ingxoxo.desdelinux.Ikheli le-imeyili labalandeli []:buzz@desdelinux.umlandeli

Siguqula izinketho zokumiswa komhlaba jikelele

Kuphela sizohlela izinketho ezilandelayo kufayela /etc/prosody/prosody.cfg.lua:

[izimpande @ linuxbox certs] # ​​cp /etc/prosody/prosody.cfg.lua \ /etc/prosody/prosody.cfg.lua.original [root @ linuxbox ~] # nano /etc/prosody/prosody.cfg.lua
- Ifayela Lokumiswa Kwesibonelo seProsody - - Imininingwane yokwenza i-Prosody ingatholakala kwiwebhusayithi yethu - ku-http: //prosody.im/doc/configure - - Ithiphu: Ungahlola ukuthi i-syntax yaleli fayela iyiqiniso - uma usuqedile ngokusebenza: luac -p prosody.cfg.lua - Uma kukhona amaphutha, kuzokwazisa ukuthi yini nokuthi ikuphi - ikuphi, ngaphandle kwalokho izothula. - - Ukuphela kwento esele ukuyenza ukuqamba kabusha leli fayela ukususa isiphetho se-.dist, bese ugcwalisa - izikhala. Sikufisela inhlanhla, futhi Jabbering ujabule! ---------- Amasethingi abanzi weSeva ---------- - Amasethingi akulesi sigaba asebenza kuseva yonke futhi ayizilungiselelo ezizenzakalelayo - zanoma imuphi umphathi we-virtual - Lokhu (ngu okuzenzakalelayo, okungenalutho) uhlu lwama-akhawunti angama-admins - wesiphakeli. Qaphela ukuthi kufanele wenze ama-akhawunti ngokuhlukile - (bona http://prosody.im/doc/creating_accounts for info) - Isibonelo: admins = {"user1@example.com", "user2@example.net"}
admins = {"buzz@chat.desdelinux.fan", "trancos@chat.desdelinux.umlandeli" }

- Nika amandla ukusetshenziswa kwe-libevent ukuze isebenze kangcono ngaphansi komthwalo omkhulu - Ngeminye imininingwane bheka: http://prosody.im/doc/libevent --use_libevent = true; - Lolu uhlu lwamamojula amaProsody azolayisha ekuqaleni. - Ifuna i-mod_modulename.lua kufolda yama-plugins, ngakho-ke qiniseka ukuthi nayo ikhona. - Imibhalo kumamojula ingatholakala ku: http://prosody.im/doc/modules modules_enabled = {- Ngokuvamile kudinga "uhlu"; - Vumela abasebenzisi ukuthi babe nohlu. Kunconyiwe;) "i-saslauth"; - Ukuqinisekiswa kwamakhasimende namaseva. Kunconywe uma ufuna ukungena ngemvume. "tls"; - Faka ukusekelwa kwe-TLS ephephile ekuxhumekeni kwe-c2s / s2s "ukuphinda ushaye"; - ukwesekwa kokuphindwa kwe-s2s "disk"; - Ukutholakala kwensizakalo - Akubalulekile, kepha kunconyiwe "okuyimfihlo"; - Isitoreji se-XML sangasese (samabhukhimakhi egumbi, njll.) "I-vcard"; - Vumela abasebenzisi ukusetha ama-vCards - Lawa aphawulwa ngokuzenzakalela njengoba anomthelela ekusebenzeni - "ubumfihlo"; - Uhlu lobumfihlo lokusekela - "ukuminyaniswa"; - Ukusakaza kokucindezelwa (Qaphela: Kudinga iphakheji ye-lua-zlib RPM efakiwe) - Kuhle ukuba ne- "version"; - Izimpendulo kuzicelo zenguqulo yeseva "isikhathi esengeziwe"; - Bika ukuthi iseva kade isebenza kanjani "isikhathi"; - Vumela abanye bazi isikhathi lapha kule "ping" yale seva; - Uphendula izimpiko ze-XMPP ezinama-pong "pep"; - Inika amandla abasebenzisi ukushicilela imizwa yabo, umsebenzi, ukudlala umculo nokuningi "ukubhalisa"; - Vumela abasebenzisi ukuthi babhalise kule seva besebenzisa iklayenti futhi bashintshe amaphasiwedi - Izindawo zokulawula ze- "admin_adhoc"; - Ivumela ukuphathwa ngeklayenti le-XMPP elisekela imiyalo ye-ad-hoc - "admin_telnet"; - Ivula isikhombimsebenzisi se-telnet console kumbobo we-localhost 5582 - amamojula we-HTTP
        "bosh"; - Nika amandla amaklayenti e-BOSH, aka "Jabber over HTTP"
        - "http_files"; - Khonza amafayela amile kusuka enkombeni ngaphezulu kwe-HTTP - Okunye ukusebenza okuthile "posix"; Ukusebenza kwe-POSIX, kuthumela iseva ngemuva, kunika amandla i-syslog, njll. - "amaqembu"; - Ukwesekwa kohlu okwabiwe - "memezela"; - Thumela isimemezelo kubo bonke abasebenzisi online - "wamukelekile"; - Abasebenzisi abamukelekile ababhalisa ama-akhawunti - "ukubhaliswa kokubuka"; - Abaphathi besaziso sokubhaliswa - "motd"; - Thumela umlayezo kubasebenzisi lapho bengena ngemvume - "legacyauth"; - Ukuqinisekiswa kwefa. Kusetshenziswa kuphela ngamanye amaklayenti amadala nama-bots. };

ama-bosh_ports = {{port = 5280; indlela = "http-bind"; isikhombimsebenzisi = "127.0.0.1"; }}

bosh_max_inactivity = 60
- Sebenzisa uma umelela i-HTTPS-> HTTP ohlangothini lweseva
cabangela_bosh_secure = iqiniso
- Vumela ukufinyelela kusuka kwizikripthi kunoma yiliphi isayithi ngaphandle kommeleli (kudinga isiphequluli sesimanje)
cross_domain_bosh = kuyiqiniso

- Lawa amamojula alayishwa ngokuzenzakalela, kepha uma ufuna - ukuwakhubaza bese uwahlakaza lapha: modules_disabled = {- "offline"; - Gcina imilayezo engaxhunyiwe ku-inthanethi - "c2s"; - Handle ukuxhumana kwamakhasimende - "s2s"; - Bamba ukuxhumana kweseva neseva}; - Khubaza ukwenziwa kwe-akhawunti ngokuzenzakalela, ukuphepha - Ukuthola eminye imininingwane bheka http://prosody.im/doc/creating_accounts allow_registration = false; - Lezi izilungiselelo ezihlobene ne-SSL / TLS. Uma ungafuni - ukusebenzisa i-SSL / TLS, ungabeka amazwana noma ususe le ssl = {key = "/etc/pki/prosody/localhost.key"; isitifiketi = "/etc/pki/prosody/localhost.crt"; } - Phoqelela amaklayenti ukuthi asebenzise ukuxhumana okubethelwe? Le nketho izovimbela amaklayenti ekuqinisekiseni ngaphandle uma esebenzisa ukubethela.

c2s_require_encryption = iqiniso

- Phoqelela ukufakazela ubuqiniso besitifiketi sokuxhuma kweseva neseva? - Lokhu kunikeza ukuphepha okuhle, kepha kudinga amaseva oxhumana nawo - ukusekela ukubethela KANYE nokwethula izitifiketi ezivumelekile nezethembekile. - QAPHELA: Uhlobo lwakho lweLuaSec kumele lusekele ukuqinisekiswa kwesitifiketi! - Ngemininingwane engaphezulu bheka i-http: //prosody.im/doc/s2s#security s2s_secure_auth = false - Amaseva amaningi awasekeli ukubethela noma anezitifiketi ezingavumelekile noma ezizisayinele. Ungabhala izizinda lapha ezingazodingeka ukuthi - uqinisekise usebenzisa izitifiketi. Zizofakazelwa ubuqiniso besebenzisa i-DNS. --s2s_insecure_domains = {"gmail.com"} - Noma ungashiya i-s2s_secure_auth ikhutshaziwe, usengadinga izitifiketi ezivumelekile zezinye izizinda ngokuchaza uhlu lapha. --s2s_secure_domains = {"jabber.org"} - Khetha i-backend yokufakazela ubuqiniso ongayisebenzisa. Abahlinzeki 'bangaphakathi' - sebenzisa isitoreji sedatha esilungisiwe seProsody ukugcina idatha yokufakazela ubuqiniso. - Ukuvumela iProsody ukuthi inikeze izindlela zokuqinisekisa eziphephile kumakhasimende, umhlinzeki ozenzakalelayo ugcina amaphasiwedi ngokusobala. Uma ungathembi i-server yakho - sicela ubheke ku-http: //prosody.im/doc/modules/mod_auth_internal_hashed - ukuthola ulwazi ngokusebenzisa i-backhed hashed.

- ubuqiniso = "okwangaphakathi_okucacayo"
ubuqiniso = "cyrus"
cyrus_service_name = "xmpp"
cyrus_require_provisioning = amanga

- Khetha i-backend yokugcina ozoyisebenzisa. Ngokuzenzakalelayo i-Prosody isebenzisa amafayili ayisicaba - enkombeni yayo yedatha emisiwe, kepha futhi isekela ukubuyela emuva okuningi - ngamamojula. I-backend ye- "sql" ifakiwe ngokwakhona, kepha idinga - ukuncika okungeziwe. Bona http://prosody.im/doc/storage ukuthola eminye imininingwane. --storage = "sql" - Okuzenzakalelayo kungaphakathi "(Qaphela:" sql "idinga ukufakwa - iphakheji ye-lua-dbi RPM) - Okwe-backend ye-" sql ", unganqamula * okukodwa kokungezansi ukulungisa : --sql = {driver = "SQLite3", database = "prosody.sqlite"} - Okuzenzakalelayo. 'i-database' igama lefayela. --sql = {driver = "MySQL", database = "prosody", igama lomsebenzisi = "prosody", iphasiwedi = "imfihlo", host = "localhost"} --sql = {driver = "PostgreSQL", database = "prosody ", username =" prosody ", password =" secret ", host =" localhost "} - Ukumiswa kokungena ngemvume - Ngokungena okuthuthukile bheka i-http: //prosody.im/doc/logging log = {- Ngena konke okusezingeni "info" nangaphezulu (okungukuthi, yonke ngaphandle kwemiyalezo "yokulungisa iphutha") - kuya /var/log/prosody/prosody.log namaphutha futhi ku- /var/log/prosody/prosody.err
    ukulungisa iphutha = "/var/log/prosody/prosody.log"; - Shintsha 'imininingwane' ukuze 'isuse iphutha' ngokungena ngemvume kwe-verbose
    iphutha = "/var/log/prosody/prosody.err"; - Amaphutha we-Log nawo ukufaka - iphutha = "* syslog"; - Amaphutha we-Log nawo ku-syslog - log = "* console"; - Ngena kukhonsoli, ulusizo ukulungisa iphutha nge-daemonize = false} - Ukumiswa kwe-POSIX, bona futhi i-http: //prosody.im/doc/modules/mod_posix pidfile = "/run/prosody/prosody.pid"; --daemonize = false - Okuzenzakalelayo "kuyiqiniso" ------ Amafayela wokumiswa angeziwe ------ - Ngezinhloso zenhlangano ungakhetha ukwengeza i-VirtualHost kanye - Nezincazelo zezinto kumafayili azo wokumisa. Lo mugqa uhlanganisa - wonke amafayela wokumisa ku /etc/prosody/conf.d/ Faka phakathi "conf.d / *. Cfg.lua"

Ukulungiswa kokucushwa kwe-Dnsmasq ku-linuxbox

/ Etc/dnsmasq.conf ifayela

Vele ungeze inani cname=xoxa.desdelinux.fan,linuxbox.desdelinux.umlandeli:

[izimpande @ linuxbox ~] # nano /etc/dnsmasq.conf

----- # ------------------------------------------- ----------------------- # RECORDSCNAMEMXTXT # ------------------------ ----------------------------------------- # Lolu hlobo lokubhalisa ludinga faka # kufayela /etc/hosts # ex: 192.168.10.5 linuxbox.desdelinux.i-linuxbox yabalandeli # cname=ALIAS,REAL_NAME cname=mail.desdelinux.fan,linuxbox.desdelinux.umlandeli
cname=xoxa.desdelinux.fan,linuxbox.desdelinux.umlandeli
----

[root @ linuxbox ~] # service dnsmasq restart
[root @ linuxbox ~] # service dnsmasq status [root @ linuxbox ~] # ingxoxo yokusingathwa
xoxa.desdelinuxI-.fan isibizo se-linuxbox.desdelinux.umlandeli. linuxbox.desdelinux.fan unekheli 192.168.10.5 linuxbox.desdelinux.imeyili yabalandeli iphathwa ngemeyili engu-1.desdelinux.umlandeli.

/ Etc/resolv.conf ifayela

[izimpande @ linuxbox ~] # nano /etc/resolv.conf 
search desdelinux.fan nameserver 127.0.0.1 # Ngemibuzo ye-DNS yangaphandle noma engu-# engeyona eyesizinda desdelinux.umlandeli # wendawo=/desdelinux.fan/ nameserver 172.16.10.30

Ukulungiswa ku-DNS yangaphandle ku-ISP

Sinikezela yonke indatshana «I-NSD Authoritarian DNS Server + Shorewall - Amanethiwekhi we-SME»Mayelana nodaba lokuthi ungawaveza kanjani amarekhodi e-SRV ahlobene ne-XMPP ukuze insizakalo Yemiyalezo Esheshayo ikwazi ukuphuma iye kwi-Inthanethi, futhi ukuze iseva ye-Prosody ikwazi ukuhlangana namanye amaseva we-XMPP ahambisanayo akhona kwiWebhu.

Siqala kabusha iProsody

[root @ linuxbox ~] # service prosody restart
Iqondisa kabusha ku- / bin / systemctl restart prosody.service
[root @ linuxbox ~] # service prosody status
Iqondisa kabusha ku- / bin / systemctl status prosody.service ● prosody.service - Iseva ye-Prosody XMPP (Jabber) Elayishiwe: ilayishiwe (/usr/lib/systemd/system/prosody.service; inikwe amandla; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: iyasebenza (iyasebenza) kusukela ngeLanga 2017-05-07 12:07:54 EDT; Inqubo engu-8s eyedlule: 1388 ExecStop = / usr / bin / prosodyctl stop (code = exited, status = 0 / SUCCESS) Inqubo: 1390 ExecStart = / usr / bin / prosodyctl start (code = exited, status = 0 / SUCCESS) Main PID : 1393 (lua) CGroup: /system.slice/prosody.service └─1393 lua /usr/lib64/prosody/../../bin/prosody

[impande @ linuxbox ~] # umsila -f /var/log/prosody/prosody.log

• Kuphilile kakhulu ukuvula ikhonsoli entsha ngomyalo wangaphambilini osebenzayo, futhi ubuke umphumela we-Prosody debug ngenkathi insiza iqala kabusha.

Silungiselela uCyrus SASL

[izimpande @ linuxbox ~] # nano /etc/sasl2/prosody.conf
pwcheck_method: saslauthd mech_list: PLAIN

[root @ linuxbox ~] # service saslauthd restart
Iqondisa kabusha ku- / bin / systemctl restart saslauthd.service
[root @ linuxbox ~] # service saslauthd isimo

- Uma ...
[root @ linuxbox ~] # service prosody restart

Ukumiswa kwe-PAM

[izimpande @ linuxbox ~] # nano /etc/pam.d/xmpp
i-auth ifaka i-akhawunti ye-password-auth ifaka i-password-auth

Ukuhlolwa kokuqinisekiswa kwe-PAM

• Ukuhlola, kufanele sisebenzise umyalo olandelayo NGOKUKHOMBILE njengoba kukhonjisiwe ngezansi, ngoba kumayelana nokwenza umyalo njengomsebenzisi we- "prosody" hhayi njengomsebenzisi "wezimpande":

[root @ linuxbox ~] # sudo -u prosody testaslauthd -s xmpp -u strides -p amagxathu
0: KULUNGILE "Impumelelo."

[impande @ linuxbox ~] # sudo -u prosody testaslauthd -s xmpp -u legolas -p legolas
0: KULUNGILE "Impumelelo."

[izimpande @ linuxbox ~] # i-sudo -u ukuhlolwa kwe-prosodyaslauthd -s xmpp -u legolas -p Lengolas
0: AKUKHO "ukufakazela ubuqiniso kwehlulekile"

Inqubo yokuqinisekisa ngokumelene nabasebenzisi bendawo isebenza kahle.

Siguqula i-FirewallD

Kusetshenziswa okusetshenziswayo kokuqhafaza «Isicishamlilo«, Okwindawo«umphakathi»Sisebenzisa izinsizakalo:

• amasikuma
• xmpp-iklayenti
• xmpp-iseva
• xmpp-yendawo

Ngokufanayo endaweni «zangaphandle»Sisebenzisa izinsizakalo:

• xmpp-iklayenti
• xmpp-iseva

Futhi sivula amachweba tcp 5222 no-5269.

Ekugcineni, senza izinguquko ku Isikhathi sokwenza a unomphela y layisha kabusha i-FirewallD.

Iklayenti le-XMPP Psi

Ukuxhuma kwiseva esanda kufakwa ye-Prosody Messaging Messaging, singakhetha phakathi kwamakhasimende ahlukahlukene akhona:

• Uzwela
• IGajim
• UKadu
• I-Psi
• I-Psi Plus
• I-Pidgin
• Ukuthayipha
• I-Weechat

Uhlu luyaqhubeka. Sikhethe ifayela le- Psi +. Ukuyifaka kufakwa sisebenzisa umyalo oyithandayo noma sikwenza ngamathuluzi wokuqhafaza atholakalayo walowo msebenzi. Uma sesifakiwe, siyayisebenzisa, futhi ekugcineni kwendatshana sinikeza uchungechunge lwezithombe esethemba ukuthi zizoba wusizo kuwe.

Isifingqo

• Singafaka insiza Yemilayezo Esheshayo esuselwa ku-Prosody yabasebenzisi bendawo besistimu, bese sihambisa ngokwakhiwa kwabasebenzisi be-Prosody bangaphakathi noma ezinye izinhlobo zokuqinisekisa okuqinisekisiwe.
• Ukuqinisekiswa kokufakazela ubuqiniso kuzohamba kubethelwe kusuka kwiklayenti kuye kuseva, kanye nezimpendulo zamanje nakwiklayenti.
• Singafaka insiza engaphezu kweyodwa ngokususelwa ekuqinisekisweni kwasendaweni nge-PAM kuseva eyodwa.
• Kuze kube manje, iseva linuxbox.desdelinux.umlandeli ihlinzeka ngezinsizakalo ezilandelayo kwi-SME Network:
  • Ukulungiswa Kwamagama Esizinda noma i-DNS.
  • Ukwabiwa okunamandla kwamakheli e-IP noma e-DCHP
  • Isevisi Yesikhathi Senethiwekhi noma i-NTP
  • Izipele ngeSSH kusuka kumakhasimende we-UNIX / Linux, noma ngeWinSCP yamakhasimende we-Microsoft Windows.
  • Isevisi Yemiyalezo Esheshayo - Ingxoxo. Futhi kuyatholakala kwi-Intanethi.
    
  • Insizakalo yokwabelana ngefayela ngeNgxoxo uqobo. Futhi kuyatholakala kwi-Intanethi
  • Insizakalo ye-Teleconferencing ongayilungiselela ku-Prosody.

Futhi zonke izinsizakalo zangaphambilini ezinamathuluzi ambalwa wokuqhafaza wokucushwa kwe-Firewall - i-FirewallD, kanye ne-User and Group Management yohlelo okulula kakhulu ukuyisebenzisa uma sinolwazi oluyisisekelo ngalokho esifuna ukukwenza.

Kubalulekile

Qiniseka ukuthi uvakashela i-URL elandelayo ukuze ube nolwazi oluphelele mayelana Pi-rosody: http: //prosody.im.

Kuze isitolimende esilandelayo!