Rob's web

XMPP server

Extensible Messaging and Presence Protocol (abbreviation XMPP, originally named Jabber) is an open communication protocol designed for instant messaging (IM), presence information, and contact list maintenance. Based on XML (Extensible Markup Language), it enables the near-real-time exchange of structured data between two or more network entities.[3] Designed to be extensible, the protocol offers a multitude of applications beyond traditional IM in the broader realm of message-oriented middleware, including signalling for VoIP, video, file transfer, gaming and other uses.

Unlike most commercial instant messaging protocols, XMPP is defined in an open standard in the application layer. The architecture of the XMPP network is similar to email; anyone can run their own XMPP server and there is no central master server. This federated open system approach allows users to interoperate with others on any server using a 'JID' user account, similar to an email address. XMPP implementations can be developed using any software license and many server, client, and library implementations are distributed as free and open-source software. Numerous freeware and commercial software implementations also exist.

Decentralization

A simple XMPP network with the servers jabber.org and draugr.de. Green clients are online, yellow clients are writing each other and small green subclients are the resources of one user. The brown network is not connected to the internet. The server draugr.de is connected to other IM services (ICQ, AIM and other) via XMPP transports.

The XMPP network architecture is reminiscent of the Simple Mail Transfer Protocol (SMTP), a client-server model; clients do not talk directly to one another as it is decentralized - anyone can run a server. By design, there is no central authoritative server as there is with messaging services such as AIM, WLM, WhatsApp or Telegram. Some confusion often arises on this point as there is a public XMPP server being run at jabber.org, to which many users subscribe. However, anyone may run their own XMPP server on their own domain.

Installation

# dnf install prosody lua-dbi luarocks

Setting up SQL database

# mariadb -u root -p
MariaDB [(none)]> create database prosody;
MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| performance_schema |
| prosody            |
+--------------------+
MariaDB [(none)]> create user 'prosody'@'localhost' identified by 'YourPasswordHere';
MariaDB [(none)]> grant all privileges on prosody.* to 'prosody'@'localhost';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> quit
Bye
# 

Prosody will create the tables.

Configuration

The modules are stored in: /usr/lib64/prosody/modules/.

We use virtual hosts. That means you can run multiple domains on a server.

# cd /etc/prosody
# vi prosody.cfg.lua
.....
-- Select the authentication backend to use. The 'internal' providers
-- use Prosody's configured data storage to store the authentication data.

authentication = "internal_hashed"

-- Select the storage backend to use. By default Prosody uses flat files
-- in its configured data directory, but it also supports more backends
-- through modules. An "sql" backend is included by default, but requires
-- additional dependencies. See https://prosody.im/doc/storage for more info.

storage = "sql" -- Default is "internal" (Note: "sql" requires installed
-- lua-dbi RPM package)

-- For the "sql" backend, you can uncomment *one* of the below to configure:
--sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename.
sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "YourPasswordHere", host = "localhost" }
--sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }

sql_manage_tables = true
.....

Change the end of the file to look like this one.

----------- Virtual hosts -----------
-- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
-- Settings under each VirtualHost entry apply *only* to that host.

------ Additional config files ------
-- For organizational purposes you may prefer to add VirtualHost and
-- Component definitions in their own config files. This line includes
-- all config files in /etc/prosody/conf.d/

Include "conf.d/*.cfg.lua"

Copy example.cfg.lua to your domain.

# cd conf.d/
# cp example.com.cfg.lua <your-domain>.cfg.lua
# vi <your-domain>.cfg.lua

Change it to your needs.

-- Section for VirtualHost <your-domain>

VirtualHost "<your-domain>"
        enabled = true

        -- Prosody will automatically search for a certificate and key
        -- in /etc/prosody/certs/ unless a path is manually specified
        -- in the config file, see https://prosody.im/doc/certificates
        ssl = {
                key = "/etc/pki/tls/private/<your-domain>.key";
                certificate = "/etc/pki/tls/certs/<your-domain>_fc.pem";
        }

------ Components ------
-- You can specify components to add hosts that provide special services,
-- like multi-user conferences, and transports.
-- For more information on components, see https://prosody.im/doc/components

---Set up a MUC (multi-user chat) room server on conference.<your-domain>:
Component "conference.<your-domain>" "muc"

--- Store MUC messages in an archive and allow users to access it
modules_enabled = { "muc_mam" }

restrict_room_creation = "local"
name = "The <your-domain> chatrooms server"


-- Set up a SOCKS5 bytestream proxy for server-proxied file transfers:
--Component "proxy.<your-domain>" "proxy65"


---Set up an external component (default component port is 5347)
--
-- External components allow adding various services, such as gateways/
-- transports to other networks like ICQ, MSN and Yahoo. For more info
-- see: https://prosody.im/doc/components#adding_an_external_component
--
--Component "gateway.<your-domain>"
--      component_secret = "password"
# mv example.com.cfg.lua example.com.cfg.l
# mv localhost.cfg.lua localhost.cfg.l
# cd /etc/
# chown -R root:prosody prosody/
# chmod 644 /etc/pki/tls/private/<your-domain>.key

Checking configuration

# prosodyctl check config
# prosodyctl check

Starting

# systemctl start prosody
# systemctl enable prosody

Adding users

# prosodyctl adduser user@<your-domain>

Deleting users

# prosodyctl deluser user@<your-domain>

DNS settings

# cd /var/named/dynamic/
# vi <your-domain>

Add to the file:

$ORIGIN _tcp.<your-domain>.
$TTL 18000      ; 5 hours
_xmpp-client            SRV     0 5 5222 server1.<your-domain>.
_xmpp-server            SRV     0 5 5269 server1.<your-domain>.
# systemctl restart named

Firewall

# firewall-cmd --permanent --zone=public --add-port=5222/tcp
# firewall-cmd --permanent --zone=public --add-port=5269/tcp
# firewall-cmd --reload

Optional add:

# firewall-cmd --permanent --zone=public --add-port=5280/tcp	// (default http port for prosody)
# firewall-cmd --permanent --zone=public --add-port=5281/tcp	// (default https port for prosody)

Forward in the router ports 5222 and 5269 to your servers IP adresses.

Logs

# cd /var/log/prosody
# ll
-rw-r-----. 1 prosody prosody   6348 Oct 25 02:46 prosody.err
-rw-r-----. 1 prosody prosody 131678 Oct 25 17:46 prosody.log

Clients

OSName
WindowsGajim
Thunderbird
LinuxGajim see package manager for your distro
Thunderbird
MacOsMonal
Thunderbird
AndroidSee Google playstore
iOSMonal, see Apple app store

Links