https://www.youtube.com/watch?v=-0M0NeZ_cU4
sudo apt-get install prosody mercurial -ycheck that prosody is running after install
sudo systemctl status prosodyFind out what tcp ports you need to open
netstat -utlpnIn the tcp section I get back
tcp 0 0 0.0.0.0:5269 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:5222 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -and in ufw my current open ports are:
sudo ufw status
22/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW AnywhereSo I will need to open 5269, 5222
sudo ufw allow 5222
sudo ufw allow 5269hg clone https://hg.prosody.im/prosody-modules/ prosody-modulesLet's stop the server until we finish configuring it since it's not yet configured or secure.
sudo systemctl stop prosodyLet's open up the configuration file, I'm going to use ratom. If you are using atom too, installing the language-lua plugin will add syntax highlighting.
sudo ratom /etc/prosody/prosody.cfg.luaNote: Lua comments are denoted by -- two hyphens
look for the following lines in the file:
VirtualHost "example.com"
enabled = false -- Remove this line to enable this hostand replace it with the following:
VirtualHost "<yourdomain.com>"
enabled = true -- Remove this line to enable this hostNow let's edit the SSL/TLS path. Right below the virtual host you should see this block.
ssl = {
key = "/etc/prosody/certs/example.com.key";
certificate = "/etc/prosody/certs/example.com.crt";
}Replace it with the following:
ssl = {
key = "/var/lib/prosody/chat.<yourdomain.com>.key";
certificate = "/var/lib/prosody/chat.<yourdomain.com>.crt";
}Search for the string (line 23 for me)
admins = { }and add in a user
admins = { "<your-user>@<yourdomain.com>" }find
Component "conference.example.com" "muc"and replace with:
Component "mu.chat.<yourdomain.com>" "muc"
restrict_room_creation = "admin"
-- modules_enabled = {}In case our users have connection problems we want to enable BOSH. It's also very useful for sharing files by creating an HTTP server for XMPP.
--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"uncomment this line so it looks like this
"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"find the following line
"register"; -- Allow users to register on this server using a client and change passwords...And comment it out:
-- "register"; -- Allow users to register on this server using a client and change passwordsAt this point we should be done with the configuration file. Go ahead and save and close it.
Back on the command line...
sudo prosodyctl cert generate <yourdomain.com>Fill in each of the values that it requests.
Create the admin user first that you specified in the config file.
sudo prosodyctl adduser <username>@<yourdomain.com>sudo systemctl start prosodysudo systemctl status prosody- Add an
Arecord forchat.<yourdomain.com> - Add a
SRVrecord for client- service and protocol:
_xmpp-client._tcp - Target:
xmpp.<yourdomain.com> - Weight:
5 - Priority:
20 - TTL:
43200 - Port:
5222
- service and protocol:
- Add a
SRVrecord for server- host:
_xmpp-server._tcp - Target:
xmpp.<yourdomain.com> - Weight:
5 - Priority:
20 - TTL:
43200 - Port:
5269
- host:
- Add a
TXTrecord- host:
_xmppconnect - value:
_xmpp-client-xbosh=http://chat.<yourdomain.com>:5280/http-bind
- host:
I recommend starting with pidgin or adium depending on OS to test this out really quick.
Log in with both of the users you made (creating two different accounts in the client) and make sure that you can connect and chat. Try enabling OTR to see if it's working correctly.
If everything is looking good, our xmpp server is configured!
in this guide you learned how to:
- Configure an XMPP server using prosody
- Set up TLS (SSL) encryption
- add new users
- connect to the server with a client