I-Prosody IM nabasebenzisi bendawo - Amanethiwekhi ama-PYMES

Inkomba ejwayelekile yochungechunge: Ama-Computer Networks ama-SME: Isingeniso

Lo mbhalo ungukuqhubeka kwe:

Sanibonani bangani nabangane!

Siyaqhubeka nokwengeza izinsizakalo zenethiwekhi ngokususelwa ekuqinisekisweni komsebenzisi wasendaweni kuseva yeqembu elincane. Abathandekayo Isoftware yamahhala, ikakhulukazi i-CentOS.

Izimo zokusebenza kweqembu zashintsha zaba ngcono. Manje banekomkhulu lendlu enezitezi ezintathu enekamelo elingaphansi futhi badinga ukusebenzisa iseva yemiyalezo esheshayo nokudluliswa kwamafayela phakathi kwezindawo zokusebenzela, ukunciphisa ubunzima bokukhuphuka nokukhuphuka izitebhisi noma ukuhamba kakhulu. ;-). Ngalokhu baphakamisa ukusebenzisa uhlelo I-Prosody.

Bazimisele ukushicilela insizakalo ye-Internet Chat kuphela kwabathanda, futhi bahlela ukuxhumanisa i-server yabo yemiyalezo esheshayo namanye amaseva weXMPP ahambisanayo atholakala kwiNethiwekhi Yezinethiwekhi. Ngalokhu bathenga igama lesizinda kusuka futhi kuze kube manje ikheli le-IP elihambisana nalelo gama liphethwe ngumhlinzeki wakho wokufinyelela ku-inthanethi.

Insizakalo yeChat ngokusebenzisa iProsody izovumela ukuthi bashintshane ngemiyalezo esheshayo, badlulise amafayela, benze izingqungquthela zezwi nezevidiyo, nokuningi.

Yini iProsody Instant Messenger?

I-Prosody iseva yokuxhumana yesimanje ngokuya ngomthetho olandelwayo we-XMPP. Yenzelwe ukufakwa nokulungiswa okulula, nokuphathwa kahle kwezinsiza zohlelo. I-Prosody ngumthombo ovulekile - Uhlelo Lomthombo Ovulekile olwenziwe ngaphansi kwelayisense yokuvumela IMIT / X11.

I-XMPP kungenye indlela engeyona eyezentengiso yokuhlinzeka ngezinsizakalo zemiyalezo esheshayo. Ingasetshenziswa endaweni yebhizinisi lokukhiqiza, kunethiwekhi yomndeni, kwinethiwekhi yangasese yomakhelwane, njalonjalo. Ixhasa isoftware enhlobonhlobo yamakhasimende ezindawo zedeskithophu nezamaselula. Nge-XMPP le sevisi inganikezwa kunoma iyiphi idivayisi.

Ngokwengeziwe, bangakwazi isixhumanisi ukufakwa okuningana kweProsody kanye nezinye izinsizakalo ezihambisana nomthetho olandelwayo we-XMPP, futhi zakhe inethiwekhi yokuthumela imiyalezo lapho sizoba nokulawula okuphelele komlayezo kanye nethrafikhi yefayela ezokwenzeka ngendlela ephephe ngokuphelele.

Prosody kanye ubuqiniso ngokumelene abasebenzisi bendawo

Ku Imephu Yesayithi ye-Prosody IM sithole isixhumanisi ekhasini Abahlinzeki bokufakazela ubuqiniso, okusho ukuthi ngokwenguqulo 0.8 yeProsody, abahlinzeki bokuqinisekisa abahlukahlukene bayasekelwa ngokusebenzisa ama-plugin. Ungasebenzisa abashayeli isoftware eyakhelwe ngaphakathi, noma ungahlanganisa nabahlinzeki bobuqiniso besithathu kanye nabahlinzeki besitoreji usebenzisa ezabo Ama-API.

Abahlinzeki bokufakazela ubuqiniso esingabaqasha

Incazelo yegama -------------- -------------------------------------- -----------------------
i-internal_plain   Ukuqinisekiswa okuzenzakalelayo. Amaphasiwedi wombhalo ongenalutho agcinwa kusetshenziswa isitoreji esakhelwe ngaphakathi.

i-internal_hashed  Amaphasiwedi afakwe i-algorithm yangaphakathi agcinwa kusetshenziswa isitoreji esakhelwe ngaphakathi.

ukhukhamba       Ukuhlanganiswa noCyrus SASL (LDAP, WFP, ...)

Engaziwa    Indlela yokufakazela ubuqiniso isebenzisa i-SASL 'ANONYMOUS' enegama lomsebenzisi elingahleliwe elingadingi ukuqinisekiswa.

I-XMPP isebenzisa umthetho olandelwayo wokuqinisekisa okulula okuqinisekisiwe - Simple Authentication futhi Secure LIzolo (I-SASL), ukuqinisekisa imininingwane yamakhasimende. I-Prosody ifaka umtapo wezincwadi I-SASL okuzenzakalelayo okuqinisekisa ubuqiniso ngokuqhathaniswa nama-akhawunti akhona kusitoreji sayo esakhelwe ngaphakathi.

Njengoba inguqulo 0.7 yeProsody, umhlinzeki wangaphandle usekelwa Cyrus SALS engagunyaza imininingwane enikezwe abasebenzisi bangaphandle kweminye imithombo efana: WFP, LDAP, SQL nabanye. Iphinde ivumele ukusetshenziswa kwe- I-GSSAPI Yezinsizakalo Zokungena Ngezodwa - Izinsizakalo Zokungena Okukodwa.

Kulesi sihloko ku-Prosody, ukufeza ukufakazela ubuqiniso kubasebenzisi basendaweni nge-PAM, sizosebenzisa umhlinzeki wokufakazela ubuqinisoukhukhamba»Kuhlinzekwe yiphakheji«cyrus-sasl»Futhi lokho kusebenza kuhlanganiswe ne-daemon saslauthd.

i-cyrus-sasl ne-saslauthd

[root @ linuxbox ~] # yum ukufaka i-cyrus-sasl

I-saslauthd daemon isivele ifakiwe

[impande @ linuxbox ~] # i-getsebool -a | grep saslauthd
saslauthd_read_shadow -> kucishiwe

[root @ linuxbox ~] # setsebool saslauthd_read_shadow ivuliwe
[impande @ linuxbox ~] # i-getsebool -a | grep saslauthd
saslauthd_read_shadow -> ku

[root @ linuxbox ~] # systemctl isimo saslauthd
● saslauthd.service - I-daemon yokufakazela ubuqiniso ye-SASL. Kulayishiwe: kulayishiwe (/usr/lib/systemd/system/saslauthd.service; kukhutshaziwe; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: akusebenzi (kufile)

[root @ linuxbox ~] # systemctl vumela i-saslauthd
Kudalwe i-symlink kusuka ku /etc/systemd/system/multi-user.target.wants/saslauthd.service to /usr/lib/systemd/system/saslauthd.service.

[root @ linuxbox ~] # systemctl qala i-saslauthd
[root @ linuxbox ~] # systemctl isimo saslauthd
● saslauthd.service - I-daemon yokufakazela ubuqiniso ye-SASL. Kulayishiwe: kulayishiwe (/usr/lib/systemd/system/saslauthd.service; kunikwe amandla; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: iyasebenza (iyasebenza) kusukela Sat 2017-04-29 10:31:20 EDT; Inqubo engu-2s edlule: 1678 ExecStart = / usr / sbin / saslauthd -m $ SOCKETDIR -a $ MECH $ FLAGS (code = exited, status = 0 / SUCCESS) Main PID: 1679 (saslauthd) CGroup: /system.slice/saslauthd. insizakalo ├─1679 / usr / sbin / saslauthd -m / run / saslauthd -a pam ├─1680 / usr / sbin / saslauthd -m / run / saslauthd -a pam ├─1681 / usr / sbin / saslauthd -m / run / saslauthd -a pam ├─1682 / usr / sbin / saslauthd -m / run / saslauthd -a pam └─1683 / usr / sbin / saslauthd -m / run / saslauthd -a pam

I-Prosody ne-lua-cyrussasl

[root @ linuxbox ~] # yum ukufaka prosody
---- Ukuncika kuxazululwe ========================================= = ================================== Iphakethe Lokwakhiwa Kwesayizi Yendawo Yokugcina ========= == ============================================ === ================== Ukufaka: prosody x86_64 0.9.12-1.el7 Epel-Repo 249 k Ukufaka ukuthembela: lua-expat x86_64 1.3.0- 4.el7 Epel -Repo 32 k lua-fileystem x86_64 1.6.2-2.el7 Epel-Repo 28 k lua-sec x86_64 0.5-4.el7 Epel-Repo 31 k lua-socket x86_64 3.0-0.10.rc1.el7 Epel -Repo 176k Transaction Isifinyezo ================================================== ======== ============================== Faka iPhakheji eli-1 (+4 Amaphakheji Axhomekile) --- -

[impande @ linuxbox ~] # i-getsebool -a | grep prosody
prosody_bind_http_port -> kucishiwe
[root @ linuxbox ~] # setsebool prosody_bind_http_port ivuliwe
[impande @ linuxbox ~] # i-getsebool -a | grep prosody
prosody_bind_http_port -> ivuliwe

[root @ linuxbox ~] # systemctl vumela i-prosody
Kudalwe i-symlink kusuka ku /etc/systemd/system/multi-user.target.wants/prosody.service to /usr/lib/systemd/system/prosody.service. [root @ linuxbox ~] # systemctl status prosody ● prosody.service - Iseva ye-Prosody XMPP (Jabber) Elayishiwe: ilayishiwe (/usr/lib/systemd/system/prosody.service; inikwe amandla; ukusetha kabusha komthengisi: kukhutshaziwe) Kuyasebenza: akusebenzi (kufile )

[root @ linuxbox ~] # systemctl qala prosody
[root @ linuxbox ~] # systemctl isimo prosody
● prosody.service - Prosody XMPP (Jabber) server Loaded: loaded (/usr/lib/systemd/system/prosody.service; inikwe amandla; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: iyasebenza (iyasebenza) kusukela ngoSat 2017-04-29 10:35:07 EDT; Inqubo engu-2s eyedlule: 1753 ExecStart = / usr / bin / prosodyctl start (code = exited, status = 0 / SUCCESS) Main PID: 1756 (lua) CGroup: /system.slice/prosody.service └─1756 lua / usr / lib64 /prosody/../../bin/prosody

[impande @ linuxbox ~] # umsila /var/log/prosody/prosody.log
Apr 29 10:35:06 info general Sawubona futhi wamukelekile ku-Prosody version 0.9.12 Apr 29 10:35:06 info jikelele I-Prosody isebenzisa i-backend yokukhetha ukuphatha ukuxhumana ngo-Apr 29 10:35:06 info portmanager info Service activated 's2s' ku- [::]: 5269, [*]: 5269 Apr 29 10:35:06 portmanager info Kuvuselelwa insiza 'c2s' ku- [::]: 5222, [*]: 5222 Apr 29 10:35:06 portmanager info Kuvuliwe service 'legacy_ssl' on no ports Apr 29 10:35:06 mod_posix info I-Prosody isizokhipha kukhonsoli, ikhubaza okukhiphayo okwengeziwe kwe-console ngoMashi 29 10:35:06 imininingwane ye-mod_posix ngempumelelo yenziwe i-PID 1756

[root @ linuxbox ~] # yum ukufaka i-lua-cyrussasl

Sakha i-virtual host "chat.desdelinux.fan" kusuka ku- "example.com" efaka iProsody

[izimpande @ linuxbox ~] # cp /etc/prosody/conf.d/example.com.cfg.lua \
/etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua

[izimpande @ linuxbox ~] # nano /etc/prosody/conf.d/chat.kusuka ku-linux.fan.cfg.lua
- Isigaba sengxoxo ye-VirtualHost

I-VirtualHost "chat.desdelinux.fan"

- Nikeza lo mgcini isitifiketi se-TLS, ngaphandle kwalokho izosebenzisa eyodwa - esethwe esigabeni somhlaba jikelele (uma sikhona). - Qaphela ukuthi i-SSL yesitayela esidala ethekwini 5223 isekela isitifiketi esisodwa kuphela, - futhi izosebenzisa njalo eyomhlaba jikelele.
        ssl = {
                 ukhiye = "/etc/pki/prosody/chat.key";
                isitifiketi = "/etc/pki/prosody/chat.crt";
        }

------ Izingxenye ------ - Ungacacisa izinto ongangeza ngazo ababungazi abahlinzeka ngezinsizakalo ezikhethekile, - njengezinkomfa zabasebenzisi abaningi, kanye nezokuthutha. - Ngemininingwane engaphezulu ngezinto, bheka i-http: //prosody.im/doc/components-- Setha i-MUC (ingxoxo yabasebenzisi abaningi) ekamelweni leseva ku conference.chat.desdelinux.fan:
Ingxenye "conference.chat.desdelinux.fan" "muc"
igama = "Abashisekayo" - INGABE IGAMA LENDIMA YENGQONDO EYOKUMENZELWA - UZOJOYINA NINI IKamelo
limited_room_creation = kuyiqiniso

- Setha ummeleli we-SOCKS5 bytestream wokudluliswa kwamafayela okwenziwe ngeseva: --Component "proxy.chat" "proxy65" --- Setha isakhi sangaphandle (imbobo yento ezenzakalelayo ingu-5347) - - Izinto zangaphandle zivumela ukwengeza okuhlukahlukene services, njengamasango / - ukuhanjiswa kwamanye amanethiwekhi afana ne-ICQ, i-MSN ne-Yahoo. Ngeminye imininingwane - bona: http://prosody.im/doc/components#adding_an_external_component - --Component "gateway.chat" - component_secret = "password"

ubuqiniso = "cyrus"
cyrus_service_name = "xmpp"
cyrus_require_provisioning = amanga
cyrus_application_name = "prosody"
cyrus_server_fqdn = "chat.fromlinux.fan"

Silungisa iqembu eliphethe ifayili /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua

[izimpande @ linuxbox ~] # ls -l /etc/prosody/conf.d/chat.kusuka ku-linux.fan.cfg.lua 
-rw-r -----. 1 impande yezimpande 1361 Apr 29 10:45 /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua

[root @ linuxbox ~] # impande ekhethiwe: prosody /etc/prosody/conf.d/chat.kusuka ku-linux.fan.cfg.lua 
[izimpande @ linuxbox ~] # ls -l /etc/prosody/conf.d/chat.kusuka ku-linux.fan.cfg.lua 
-rw-r -----. 1 impande prosody 1361 Apr 29 10:45 /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua

Sihlola ukumiswa

[izimpande @ linuxbox ~] # luac -p /etc/prosody/conf.d/chat.kusuka ku-linux.fan.cfg.lua
[impande @ linuxbox ~] #

Izitifiketi ze-SSL zokuxhumana okuphephile

Ukuxhuma kuseva ye-Prosody -kokubili kusuka kunethiwekhi yasendaweni naku-Intanethi- futhi siqinisekise ukuthi iziqinisekiso zihamba zibethelwe ngokuphepha, kufanele sikhiqize izitifiketi ze-SSL - Isendlalelo Sokhethi Yezokuphepha kumenyezelwe kufayela lokumiswa komgcini ophathekayo /etc/prosody/conf.d/chat.desdelinux.fan.cfg.lua:

[root @ linuxbox ~] # cd / njll / prosody / izitifiketi /

[izimpande @ linuxbox certs] # ​​openssl req -new -x509 -days 365 -nodes \
-out "chat.crt" -newkey rsa: 2048 -keyout "chat.key"
Idala ukhiye wangasese we-RSA ongu-2048 ..... +++ .......... +++ ukubhala ukhiye omusha oyimfihlo ku-'chat.key' ----- Usuzocelwa faka imininingwane ezofakwa esicelweni sakho sesitifiketi. Lokho osuzokufaka yilokho okubizwa ngegama elihlukanisiwe noma i-DN. Kunezinkambu ezimbalwa impela kepha ungashiya okunye kungenalutho Kwamanye amasimu kuzoba nenani elizenzakalelayo, Uma ufaka u '.', Inkambu izoshiywa ingenalutho. ----- Igama Lezwe (ikhodi yezinhlamvu ezi-2) [XX]: Igama lezwe le-CU noma igama lesifundazwe (igama eligcwele) []: Igama lendawo yaseCuba (isb. Idolobha) [Idolobha elizenzakalelayo]: Igama leNhlangano yeHabana (isib. Inkampani) [ I-Default Company Ltd]: I-FromLinux.Fan Igama Leyunithi Yenhlangano (isb., Isigaba) []: Abathandekayo Igama Elijwayelekile (isb. Igama lakho noma igama lomethuleli wesiphakeli sakho] []: chat.desdelinux.fan Ikheli Le-imeyili []: buzz@desdelinux.fan

Siguqula izinketho zokumiswa komhlaba jikelele

Kuphela sizohlela izinketho ezilandelayo kufayela /etc/prosody/prosody.cfg.lua:

[izimpande @ linuxbox certs] # ​​cp /etc/prosody/prosody.cfg.lua \ /etc/prosody/prosody.cfg.lua.original [root @ linuxbox ~] # nano /etc/prosody/prosody.cfg.lua
- Ifayela Lokumiswa Kwesibonelo seProsody - - Imininingwane yokwenza i-Prosody ingatholakala kwiwebhusayithi yethu - ku-http: //prosody.im/doc/configure - - Ithiphu: Ungahlola ukuthi i-syntax yaleli fayela iyiqiniso - uma usuqedile ngokusebenza: luac -p prosody.cfg.lua - Uma kukhona amaphutha, kuzokwazisa ukuthi yini nokuthi ikuphi - ikuphi, ngaphandle kwalokho izothula. - - Ukuphela kwento esele ukuyenza ukuqamba kabusha leli fayela ukususa isiphetho se-.dist, bese ugcwalisa - izikhala. Sikufisela inhlanhla, futhi Jabbering ujabule! ---------- Amasethingi abanzi weSeva ---------- - Amasethingi akulesi sigaba asebenza kuseva yonke futhi ayizilungiselelo ezizenzakalelayo - zanoma imuphi umphathi we-virtual - Lokhu (ngu okuzenzakalelayo, okungenalutho) uhlu lwama-akhawunti angama-admins - wesiphakeli. Qaphela ukuthi kufanele wenze ama-akhawunti ngokuhlukile - (bona http://prosody.im/doc/creating_accounts for info) - Isibonelo: admins = {"user1@example.com", "user2@example.net"}
abaphathi = {"buzz@chat.desdelinux.fan", "trancos@chat.desdelinux.fan"}

- Nika amandla ukusetshenziswa kwe-libevent ukuze isebenze kangcono ngaphansi komthwalo omkhulu - Ngeminye imininingwane bheka: http://prosody.im/doc/libevent --use_libevent = true; - Lolu uhlu lwamamojula amaProsody azolayisha ekuqaleni. - Ifuna i-mod_modulename.lua kufolda yama-plugins, ngakho-ke qiniseka ukuthi nayo ikhona. - Imibhalo kumamojula ingatholakala ku: http://prosody.im/doc/modules modules_enabled = {- Ngokuvamile kudinga "uhlu"; - Vumela abasebenzisi ukuthi babe nohlu. Kunconyiwe;) "i-saslauth"; - Ukuqinisekiswa kwamakhasimende namaseva. Kunconywe uma ufuna ukungena ngemvume. "tls"; - Faka ukusekelwa kwe-TLS ephephile ekuxhumekeni kwe-c2s / s2s "ukuphinda ushaye"; - ukwesekwa kokuphindwa kwe-s2s "disk"; - Ukutholakala kwensizakalo - Akubalulekile, kepha kunconyiwe "okuyimfihlo"; - Isitoreji se-XML sangasese (samabhukhimakhi egumbi, njll.) "I-vcard"; - Vumela abasebenzisi ukusetha ama-vCards - Lawa aphawulwa ngokuzenzakalela njengoba anomthelela ekusebenzeni - "ubumfihlo"; - Uhlu lobumfihlo lokusekela - "ukuminyaniswa"; - Ukusakaza kokucindezelwa (Qaphela: Kudinga iphakheji ye-lua-zlib RPM efakiwe) - Kuhle ukuba ne- "version"; - Izimpendulo kuzicelo zenguqulo yeseva "isikhathi esengeziwe"; - Bika ukuthi iseva kade isebenza kanjani "isikhathi"; - Vumela abanye bazi isikhathi lapha kule "ping" yale seva; - Uphendula izimpiko ze-XMPP ezinama-pong "pep"; - Inika amandla abasebenzisi ukushicilela imizwa yabo, umsebenzi, ukudlala umculo nokuningi "ukubhalisa"; - Vumela abasebenzisi ukuthi babhalise kule seva besebenzisa iklayenti futhi bashintshe amaphasiwedi - Izindawo zokulawula ze- "admin_adhoc"; - Ivumela ukuphathwa ngeklayenti le-XMPP elisekela imiyalo ye-ad-hoc - "admin_telnet"; - Ivula isikhombimsebenzisi se-telnet console kumbobo we-localhost 5582 - amamojula we-HTTP
        "bosh"; - Nika amandla amaklayenti e-BOSH, aka "Jabber over HTTP"
        - "http_files"; - Khonza amafayela amile kusuka enkombeni ngaphezulu kwe-HTTP - Okunye ukusebenza okuthile "posix"; Ukusebenza kwe-POSIX, kuthumela iseva ngemuva, kunika amandla i-syslog, njll. - "amaqembu"; - Ukwesekwa kohlu okwabiwe - "memezela"; - Thumela isimemezelo kubo bonke abasebenzisi online - "wamukelekile"; - Abasebenzisi abamukelekile ababhalisa ama-akhawunti - "ukubhaliswa kokubuka"; - Abaphathi besaziso sokubhaliswa - "motd"; - Thumela umlayezo kubasebenzisi lapho bengena ngemvume - "legacyauth"; - Ukuqinisekiswa kwefa. Kusetshenziswa kuphela ngamanye amaklayenti amadala nama-bots. };

ama-bosh_ports = {{port = 5280; indlela = "http-bind"; isikhombimsebenzisi = "127.0.0.1"; }}

bosh_max_inactivity = 60
- Sebenzisa uma umelela i-HTTPS-> HTTP ohlangothini lweseva
cabangela_bosh_secure = iqiniso
- Vumela ukufinyelela kusuka kwizikripthi kunoma yiliphi isayithi ngaphandle kommeleli (kudinga isiphequluli sesimanje)
cross_domain_bosh = kuyiqiniso

- Lawa amamojula alayishwa ngokuzenzakalela, kepha uma ufuna - ukuwakhubaza bese uwahlakaza lapha: modules_disabled = {- "offline"; - Gcina imilayezo engaxhunyiwe ku-inthanethi - "c2s"; - Handle ukuxhumana kwamakhasimende - "s2s"; - Bamba ukuxhumana kweseva neseva}; - Khubaza ukwenziwa kwe-akhawunti ngokuzenzakalela, ukuphepha - Ukuthola eminye imininingwane bheka http://prosody.im/doc/creating_accounts allow_registration = false; - Lezi izilungiselelo ezihlobene ne-SSL / TLS. Uma ungafuni - ukusebenzisa i-SSL / TLS, ungabeka amazwana noma ususe le ssl = {key = "/etc/pki/prosody/localhost.key"; isitifiketi = "/etc/pki/prosody/localhost.crt"; } - Phoqelela amaklayenti ukuthi asebenzise ukuxhumana okubethelwe? Le nketho izovimbela amaklayenti ekuqinisekiseni ngaphandle uma esebenzisa ukubethela.

c2s_require_encryption = iqiniso

- Phoqelela ukufakazela ubuqiniso besitifiketi sokuxhuma kweseva neseva? - Lokhu kunikeza ukuphepha okuhle, kepha kudinga amaseva oxhumana nawo - ukusekela ukubethela KANYE nokwethula izitifiketi ezivumelekile nezethembekile. - QAPHELA: Uhlobo lwakho lweLuaSec kumele lusekele ukuqinisekiswa kwesitifiketi! - Ngemininingwane engaphezulu bheka i-http: //prosody.im/doc/s2s#security s2s_secure_auth = false - Amaseva amaningi awasekeli ukubethela noma anezitifiketi ezingavumelekile noma ezizisayinele. Ungabhala izizinda lapha ezingazodingeka ukuthi - uqinisekise usebenzisa izitifiketi. Zizofakazelwa ubuqiniso besebenzisa i-DNS. --s2s_insecure_domains = {"gmail.com"} - Noma ungashiya i-s2s_secure_auth ikhutshaziwe, usengadinga izitifiketi ezivumelekile zezinye izizinda ngokuchaza uhlu lapha. --s2s_secure_domains = {"jabber.org"} - Khetha i-backend yokufakazela ubuqiniso ongayisebenzisa. Abahlinzeki 'bangaphakathi' - sebenzisa isitoreji sedatha esilungisiwe seProsody ukugcina idatha yokufakazela ubuqiniso. - Ukuvumela iProsody ukuthi inikeze izindlela zokuqinisekisa eziphephile kumakhasimende, umhlinzeki ozenzakalelayo ugcina amaphasiwedi ngokusobala. Uma ungathembi i-server yakho - sicela ubheke ku-http: //prosody.im/doc/modules/mod_auth_internal_hashed - ukuthola ulwazi ngokusebenzisa i-backhed hashed.

- ubuqiniso = "okwangaphakathi_okucacayo"
ubuqiniso = "cyrus"
cyrus_service_name = "xmpp"
cyrus_require_provisioning = amanga

- Khetha i-backend yokugcina ozoyisebenzisa. Ngokuzenzakalelayo i-Prosody isebenzisa amafayili ayisicaba - enkombeni yayo yedatha emisiwe, kepha futhi isekela ukubuyela emuva okuningi - ngamamojula. I-backend ye- "sql" ifakiwe ngokwakhona, kepha idinga - ukuncika okungeziwe. Bona http://prosody.im/doc/storage ukuthola eminye imininingwane. --storage = "sql" - Okuzenzakalelayo kungaphakathi "(Qaphela:" sql "idinga ukufakwa - iphakheji ye-lua-dbi RPM) - Okwe-backend ye-" sql ", unganqamula * okukodwa kokungezansi ukulungisa : --sql = {driver = "SQLite3", database = "prosody.sqlite"} - Okuzenzakalelayo. 'i-database' igama lefayela. --sql = {driver = "MySQL", database = "prosody", igama lomsebenzisi = "prosody", iphasiwedi = "imfihlo", host = "localhost"} --sql = {driver = "PostgreSQL", database = "prosody ", username =" prosody ", password =" secret ", host =" localhost "} - Ukumiswa kokungena ngemvume - Ngokungena okuthuthukile bheka i-http: //prosody.im/doc/logging log = {- Ngena konke okusezingeni "info" nangaphezulu (okungukuthi, yonke ngaphandle kwemiyalezo "yokulungisa iphutha") - kuya /var/log/prosody/prosody.log namaphutha futhi ku- /var/log/prosody/prosody.err
    ukulungisa iphutha = "/var/log/prosody/prosody.log"; - Shintsha 'imininingwane' ukuze 'isuse iphutha' ngokungena ngemvume kwe-verbose
    iphutha = "/var/log/prosody/prosody.err"; - Amaphutha we-Log nawo ukufaka - iphutha = "* syslog"; - Amaphutha we-Log nawo ku-syslog - log = "* console"; - Ngena kukhonsoli, ulusizo ukulungisa iphutha nge-daemonize = false} - Ukumiswa kwe-POSIX, bona futhi i-http: //prosody.im/doc/modules/mod_posix pidfile = "/run/prosody/prosody.pid"; --daemonize = false - Okuzenzakalelayo "kuyiqiniso" ------ Amafayela wokumiswa angeziwe ------ - Ngezinhloso zenhlangano ungakhetha ukwengeza i-VirtualHost kanye - Nezincazelo zezinto kumafayili azo wokumisa. Lo mugqa uhlanganisa - wonke amafayela wokumisa ku /etc/prosody/conf.d/ Faka phakathi "conf.d / *. Cfg.lua"

Ukulungiswa kokucushwa kwe-Dnsmasq ku-linuxbox

/ Etc/dnsmasq.conf ifayela

Vele ungeze inani cname = chat.fromlinux.fan, linuxbox.fromlinux.fan:

[izimpande @ linuxbox ~] # nano /etc/dnsmasq.conf
----- # ------------------------------------------------ ----------------------- # UKUBHALISWA KWAMANQAKU # # ------------------------ ----------------------------------------------- # Lolu hlobo lokubhalisa ludinga okufakwayo # kufayela le- / etc / hosts # ex: 192.168.10.5 linuxbox.fromlinux.fan linuxbox # cname = ALIAS, REAL_NAME cname = mail.fromlinux.fan, linuxbox.fromlinux.fan
cname = chat.fromlinux.fan, linuxbox.fromlinux.fan
----

[root @ linuxbox ~] # service dnsmasq restart
[root @ linuxbox ~] # service dnsmasq status [root @ linuxbox ~] # ingxoxo yokusingathwa
chat.desdelinux.fan iyi-alias ye linuxbox.desdelinux.fan. linuxbox.desdelinux.fan inekheli le-192.168.10.5 linuxbox.desdelinux.fan imeyili liphathwa nge-1 mail.desdelinux.fan.

/ Etc/resolv.conf ifayela

[izimpande @ linuxbox ~] # nano /etc/resolv.conf 
sesha i-desdelinux.fan nameserver 127.0.0.1 # Ngemibuzo ye-DNS engaphandle noma engeyona eyesizinda # desdelinux.fan # local = / desdelinux.fan / nameserver 172.16.10.30

Ukulungiswa ku-DNS yangaphandle ku-ISP

Sinikezela yonke indatshana «I-NSD Authoritarian DNS Server + Shorewall - Amanethiwekhi we-SME»Mayelana nodaba lokuthi ungawaveza kanjani amarekhodi e-SRV ahlobene ne-XMPP ukuze insizakalo Yemiyalezo Esheshayo ikwazi ukuphuma iye kwi-Inthanethi, futhi ukuze iseva ye-Prosody ikwazi ukuhlangana namanye amaseva we-XMPP ahambisanayo akhona kwiWebhu.

Siqala kabusha iProsody

[root @ linuxbox ~] # service prosody restart
Iqondisa kabusha ku- / bin / systemctl restart prosody.service
[root @ linuxbox ~] # service prosody status
Iqondisa kabusha ku- / bin / systemctl status prosody.service ● prosody.service - Iseva ye-Prosody XMPP (Jabber) Elayishiwe: ilayishiwe (/usr/lib/systemd/system/prosody.service; inikwe amandla; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: iyasebenza (iyasebenza) kusukela ngeLanga 2017-05-07 12:07:54 EDT; Inqubo engu-8s eyedlule: 1388 ExecStop = / usr / bin / prosodyctl stop (code = exited, status = 0 / SUCCESS) Inqubo: 1390 ExecStart = / usr / bin / prosodyctl start (code = exited, status = 0 / SUCCESS) Main PID : 1393 (lua) CGroup: /system.slice/prosody.service └─1393 lua /usr/lib64/prosody/../../bin/prosody

[impande @ linuxbox ~] # umsila -f /var/log/prosody/prosody.log
  • Kuphilile kakhulu ukuvula ikhonsoli entsha ngomyalo wangaphambilini osebenzayo, futhi ubuke umphumela we-Prosody debug ngenkathi insiza iqala kabusha.

Silungiselela uCyrus SASL

[izimpande @ linuxbox ~] # nano /etc/sasl2/prosody.conf
pwcheck_method: saslauthd mech_list: PLAIN

[root @ linuxbox ~] # service saslauthd restart
Iqondisa kabusha ku- / bin / systemctl restart saslauthd.service
[root @ linuxbox ~] # service saslauthd isimo

- Uma ...
[root @ linuxbox ~] # service prosody restart

Ukumiswa kwe-PAM

[izimpande @ linuxbox ~] # nano /etc/pam.d/xmpp
i-auth ifaka i-akhawunti ye-password-auth ifaka i-password-auth

Ukuhlolwa kokuqinisekiswa kwe-PAM

  • Ukuhlola, kufanele sisebenzise umyalo olandelayo NGOKUKHOMBILE njengoba kukhonjisiwe ngezansi, ngoba kumayelana nokwenza umyalo njengomsebenzisi we- "prosody" hhayi njengomsebenzisi "wezimpande":
[root @ linuxbox ~] # sudo -u prosody testaslauthd -s xmpp -u strides -p amagxathu
0: KULUNGILE "Impumelelo."

[impande @ linuxbox ~] # sudo -u prosody testaslauthd -s xmpp -u legolas -p legolas
0: KULUNGILE "Impumelelo."

[izimpande @ linuxbox ~] # i-sudo -u ukuhlolwa kwe-prosodyaslauthd -s xmpp -u legolas -p Lengolas
0: AKUKHO "ukufakazela ubuqiniso kwehlulekile"

Inqubo yokuqinisekisa ngokumelene nabasebenzisi bendawo isebenza kahle.

Siguqula i-FirewallD

Kusetshenziswa okusetshenziswayo kokuqhafaza «Isicishamlilo«, Okwindawo«umphakathi»Sisebenzisa izinsizakalo:

  • amasikuma
  • xmpp-iklayenti
  • xmpp-iseva
  • xmpp-yendawo

Ngokufanayo endaweni «zangaphandle»Sisebenzisa izinsizakalo:

  • xmpp-iklayenti
  • xmpp-iseva

Futhi sivula amachweba tcp 5222 no-5269.

Ekugcineni, senza izinguquko ku Isikhathi sokwenza a unomphela y layisha kabusha i-FirewallD.

Iklayenti le-XMPP Psi

Ukuxhuma kwiseva esanda kufakwa ye-Prosody Messaging Messaging, singakhetha phakathi kwamakhasimende ahlukahlukene akhona:

  • Uzwela
  • IGajim
  • UKadu
  • I-Psi
  • I-Psi Plus
  • I-Pidgin
  • Ukuthayipha
  • I-Weechat

Uhlu luyaqhubeka. Sikhethe ifayela le- Psi +. Ukuyifaka kufakwa sisebenzisa umyalo oyithandayo noma sikwenza ngamathuluzi wokuqhafaza atholakalayo walowo msebenzi. Uma sesifakiwe, siyayisebenzisa, futhi ekugcineni kwendatshana sinikeza uchungechunge lwezithombe esethemba ukuthi zizoba wusizo kuwe.

Isifingqo

  • Singafaka insiza Yemilayezo Esheshayo esuselwa ku-Prosody yabasebenzisi bendawo besistimu, bese sihambisa ngokwakhiwa kwabasebenzisi be-Prosody bangaphakathi noma ezinye izinhlobo zokuqinisekisa okuqinisekisiwe.
  • Ukuqinisekiswa kokufakazela ubuqiniso kuzohamba kubethelwe kusuka kwiklayenti kuye kuseva, kanye nezimpendulo zamanje nakwiklayenti.
  • Singafaka insiza engaphezu kweyodwa ngokususelwa ekuqinisekisweni kwasendaweni nge-PAM kuseva eyodwa.
  • Kuze kube manje, iseva linuxbox.fromlinux.fan ihlinzeka ngezinsizakalo ezilandelayo kwi-SME Network:
    • Ukulungiswa Kwamagama Esizinda noma i-DNS.
    • Ukwabiwa okunamandla kwamakheli e-IP noma e-DCHP
    • Isevisi Yesikhathi Senethiwekhi noma i-NTP
    • Izipele ngeSSH kusuka kumakhasimende we-UNIX / Linux, noma ngeWinSCP yamakhasimende we-Microsoft Windows.
    • Isevisi Yemiyalezo Esheshayo - Ingxoxo. Futhi kuyatholakala kwi-Intanethi.
    • Insizakalo yokwabelana ngefayela ngeNgxoxo uqobo. Futhi kuyatholakala kwi-Intanethi
    • Insizakalo ye-Teleconferencing ongayilungiselela ku-Prosody.

Futhi zonke izinsizakalo zangaphambilini ezinamathuluzi ambalwa wokuqhafaza wokucushwa kwe-Firewall - i-FirewallD, kanye ne-User and Group Management yohlelo okulula kakhulu ukuyisebenzisa uma sinolwazi oluyisisekelo ngalokho esifuna ukukwenza.

Kubalulekile

Qiniseka ukuthi uvakashela i-URL elandelayo ukuze ube nolwazi oluphelele mayelana Pi-rosody: http: //prosody.im.

Kuze isitolimende esilandelayo!


Okuqukethwe yi-athikili kunamathela ezimisweni zethu ze izimiso zokuhlelela. Ukubika iphutha chofoza lapha.

Amazwana ayi-10, shiya okwakho

Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   Guillermo kusho

    Yeka ukuthi ithakazelisa kanjani yonke iminikelo yakho, ngiyabonga kakhulu ngayo yonke.

  2.   IWO kusho

    Ukuhalalisela okuyinkulungwane uFederico ngenye indatshana enhle.
    Lapha umbhali usinikeza ("unikeza") i- "howto know" yokuthi ungayisebenzisa kanjani i-Chat service nge-Prosody esebenzisa umthetho olandelwayo we-XMPP kunethiwekhi ukushintshanisa imiyalezo esheshayo, ukudlulisa amafayela, ukwenza izingqungquthela ngezwi nevidiyo, ukuqinisekisa ubuqiniso abasebenzisi bendawo ngokuxhumeka okuphephile.
    Ngaphezu kwalokho, njengenjwayelo kulo lonke uchungechunge lwe-PYMES, umbhali wenza kube lula ukuhlanganiswa kwensizakalo okuzolungiswa nazo zonke ezinye izinsiza kanye / noma amapharamitha asevele esebenza kwinethiwekhi:
    1- Ukulungiswa okufanele sikwenze kwinsizakalo ye-DNS ukufaka insizakalo yengxoxo nakho konke kusebenza kahle.
    2- Ukucushwa (nokuhlolwa) kwe-PAM ukuqinisekisa insiza yengxoxo endaweni yakini.
    3- Okufanele sikwenze ku-Firewall yenethiwekhi yendawo kanye ne- "Network of Networks" ukuvumela insizakalo ye-Chat, futhi lokhu kube nezinga elifanele lokuphepha.
    4- Futhi ekugcineni ukuqinisekiswa kweNgxoxo kusuka kuklayenti le-XMPP.
    Akukho okuzogcina okuthunyelwe kumkhombandlela we-TIPS wokuthi le nsizakalo kufanele isetshenziswe nini.

  3.   frederico kusho

    Ngithemba ukuthi ziwusizo kuwe ngandlela thile. Siyabonga ngokuphawula

  4.   frederico kusho

    Mngani IWO, uwutholile umqondo oyiqiniso walendatshana. Vele ungeze ukuthi sisebenzisa izinsizakalo zenethiwekhi ye-UNIX / Linux, noma ngabe wonke amaklayenti ayo eyiMicrosoft Windows. Abafundi abaningi kungenzeka abakaze babone leyo mininingwane emincane okwamanje. 😉

  5.   I-Zodiac Carburus kusho

    Igalelo elihle kakhulu umngani uFico. Uyazi ukuthi ngilandele zonke izindatshana zakho futhi kulezi ezi-4 ezedlule ngifunde imibuzo eminingi ebengingayazi ngenxa yokuthi iveli le-Active Directory ne-Domain Controller liyibeke ebusweni bami. Ngazalwa ngine-NT 4 nama-PDC ayo nama-BDC. Bengingazi ukuthi ngingenza lula ukuqinisekiswa kunethiwekhi kumshini owodwa osebenzisa amaCentos noma enye iLinux. Manje sengifunda ifilosofi entsha engiyibona indala njengomsuka womlando wamanethiwekhi. Yize ungangitsheli okuncane ngalokho ozokushicilela 😉 Ngicabanga ukuthi uzoqhubeka ne-LDAP bese usebenzisa i-Active Directory esekwe kuSamba 4?. Siyabonga ngokuzinikela kwakho enjongweni yesoftware yamahhala. Ngizolinda izindatshana zakho ezilandelayo, Fico.

  6.   U-Eduardo Noel kusho

    Ingwe, i-athikili enkulu !!!!!

    Uzakwethu, kunemininingwane emincane, engxenyeni ye-DNS, ukhomba isizinda sonke kusuka ku-desdelinux.fan kuya ku-IP 172.16.10.10, unayo le seva oyisebenzisile ku-Debian (i-DNS eyodwa), manje, le ngxoxo, iku-CentOS , ngakho-ke inekheli elihlukile le-IP, okushodile bekuqondisa kabusha wonke amathrafikhi ku-firewall aya kule IP lapho isevisi yokuthumela imiyalezo izobe ikhona, ngoba okwamanje ikhomba kuseva efanayo ye-DNS nalokhu ayinayo insizakalo yeposi.

    Ngaphandle kwalokho konke kukhazimula, ukwangana okukhulu.

  7.   frederico kusho

    Ngiyabonga u-Eduardo ngokuphawula. Usifunde kahle isigaba:

    Ngokufanayo endaweni "yangaphandle" senza izinsizakalo zisebenze:

    xmpp-client
    xmpp-server

    Futhi sivula amachweba we-tcp 5222 no-5269.

    Ngivumela ukukhishwa kwephrothokholi ye-XMPP ngokusebenzisa isikhombimsebenzisi se-ens34. Khumbula okuthunyelwe ngezansi, ngisho naku-squid athikili. 😉

  8.   frederico kusho

    Umngani we-Zodiac: ungenza ngimemezele izimanga zami kusengaphambili. Cha, i-LDAP ayihambi manje. Kukhona ingqikithi yeseva yeposi esekwe ku-Postfix, Dovecot, Squirrelmail, nangokuqinisekiswa kwe-PAM, okungaba okokugcina kulolu chungechunge lwe-mini. Okuningi na. ;-). Lapho-ke uma konke kufika kuze kufike eSamba 4 AD-DC. Bye !.

  9.   U-Eduardo Noel kusho

    Yebo mngani wami, uma ngiyifundile, kepha angiboni ndawo lapho kuhamba khona ngakwenye iseva, bheka.

  10.   frederico kusho

    U-Eduardo: Faka. Xhuma iLaptop nge-subnet IP 172.16.10.0/24. Faka iklayenti le-Chat kuyo bese uxhuma ku-Prosody. Ngakho ngiyenzile futhi kwasebenza kanjalo. 😉
    I-FirewallD iyona ye-CentOS ezokwenza i-PRREOUTING ngendlela yayo.