2024-08-06 00:46:37 +02:00
<!DOCTYPE html>
< html lang = "en" >
< head >
< meta charset = "utf-8" >
< meta http-equiv = "X-UA-Compatible" content = "IE=edge" >
< meta name = "viewport" content = "width=device-width, initial-scale=1.0" >
< meta name = "description" content = "" >
< meta name = "author" content = "" >
< link rel = "shortcut icon" href = "../../../../../../assets/img/favicon.png" >
< title > XMPP Server Setup Setup< / title >
<!-- Bootstrap core CSS -->
< link href = "../../assets/css/bootstrap.css" rel = "stylesheet" >
< link href = "../../assets/css/xt256.css" rel = "stylesheet" >
<!-- Custom styles for this template -->
< link href = "../../assets/css/main.css" rel = "stylesheet" >
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!-- [if lt IE 9]>
< script src = "https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js" > < / script >
< script src = "https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js" > < / script >
<![endif]-->
< / head >
< body >
<!-- Static navbar -->
< div class = "navbar navbar-inverse-anon navbar-static-top" >
< div class = "container" >
< div class = "navbar-header" >
< button type = "button" class = "navbar-toggle" data-toggle = "collapse" data-target = ".navbar-collapse" >
< span class = "icon-bar" > < / span >
< span class = "icon-bar" > < / span >
< span class = "icon-bar" > < / span >
< / button >
< a class = "navbar-brand-anon" href = "\index.html" > nihilist`s Blog< / a >
< / div >
< div class = "navbar-collapse collapse" >
< ul class = "nav navbar-nav navbar-right" >
< li > < a href = "/about.html" > About< / a > < / li >
< li > < a href = "/blog.html" > Categories< / a > < / li >
< li > < a href = "https://blog.nihilism.network/donate.html" > Donate< / a > < / li >
< li > < a href = "/contact.html" > Contact< / a > < / li >
< / ul >
< / div > <!-- /.nav - collapse -->
< / div >
< / div >
<!-- +++++ Posts Lists +++++ -->
<!-- +++++ First Post +++++ -->
< div id = "anon2" >
< div class = "container" >
< div class = "row" >
< div class = "col-lg-8 col-lg-offset-2" >
< a href = "../anon.html" > Previous Page< / a > < / br > < / br > < p > < img src = "../../assets/img/user.png" width = "50px" height = "50px" > < ba > nihilist@mainpc - 2024-08-05< / ba > < / p >
< h1 > XMPP Server Setup Setup < / h1 >
< p > In this tutorial, we're going to check out how to setup a XMPP chat server, that is accessible over Tor, as a hidden service, using Prosody and Pidgin.< / p >
< / div >
< / div > <!-- /row -->
< / div > <!-- /container -->
< / div > <!-- /grey -->
<!-- +++++ Second Post +++++ -->
< div id = "anon3" >
< div class = "container" >
< div class = "row" >
< div class = "col-lg-8 col-lg-offset-2" >
< h2 > < b > XMPP Server Setup < / b > < / h2 >
2024-08-06 20:47:43 +02:00
< p > Before starting, check out < a href = "../torwebsite/index.html" > this< / a > tutorial on how to create your first hidden service.< / p >
2024-08-06 00:46:37 +02:00
< pre > < code class = "nim" >
root@ANON-home:~# apt install prosody prosody-modules -y
root@ANON-home:~# prosodyctl about
/var/lib/prosody/custom_plugins - not a directory!
/usr/local/lib/prosody/modules - not a directory!
/var/lib/prosody/custom_plugins/share/lua/5.4/?.lua
/var/lib/prosody/custom_plugins/share/lua/5.4/?/init.lua
root@ANON-home:~# mkdir /var/lib/prosody/custom_plugins
root@ANON-home:~# mkdir /usr/local/lib/prosody/modules -p
< / code > < / pre >
< p > Then, we make sure that the tor hidden service includes the XMPP ports:< / p >
< pre > < code class = "nim" >
root@ANON-home:# vim /etc/tor/torrc
root@ANON-home:# cat /etc/tor/torrc
HiddenServiceDir /var/lib/tor/onions/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion/
[...]
HiddenServicePort 5222 127.0.0.1:5222
HiddenServicePort 5269 127.0.0.1:5269
HiddenServicePort 5280 127.0.0.1:5280
HiddenServicePort 5281 127.0.0.1:5281
root@ANON-home:# systemctl restart tor@default
< / code > < / pre >
< p > Here, my hidden service is aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion, let's check that the mod_onions module is installed and configure the prosody.cfg.lua file:< / p >
< pre > < code class = "nim" >
root@ANON-home:~# ls /usr/lib/prosody/modules/mod_onions
mod_onions.lua
root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
[...]
VirtualHost "localhost"
-- Prosody requires at least one enabled VirtualHost to function. You can
-- safely remove or disable 'localhost' once you have added another.
VirtualHost "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion"
modules_enabled = {"onions"};
onions_only = true;
disco_items = {
{"conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion","Public Chatroom"},
{"upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion","Public Chatroom"}
}
Component "conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "muc"
modules_enabled = { "onions" };
onions_only = true;
Component "upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "http_file_share"
modules_enabled = { "onions" };
onions_only = true;
[...]
< / code > < / pre >
< p > < / p >
< pre > < code class = "nim" >
root@ANON-home:~# prosodyctl cert generate aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
Choose key size (2048):
< b > Key written to /var/lib/prosody/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion.key< / b >
Please provide details to include in the certificate config file.
Leave the field empty to use the default value or '.' to exclude the field.
countryName (GB):
localityName (The Internet):
organizationName (Your Organisation):
organizationalUnitName (XMPP Department):
commonName (aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion):
emailAddress (xmpp@aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion):
< b > Config written to /var/lib/prosody/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion.cnf
Certificate written to /var/lib/prosody/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion.crt< / b >
root@ANON-home:~# prosodyctl check
[...]
Checking certificates...
Checking certificate for conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
certmanager info No certificate present in SSL/TLS configuration for conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion. SNI will be required.
No 'certificate' found for conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
Checking certificate for localhost
certmanager info No certificate present in SSL/TLS configuration for localhost. SNI will be required.
No 'certificate' found for localhost
Checking certificate for upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
certmanager info No certificate present in SSL/TLS configuration for upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion. SNI will be required.
No 'certificate' found for upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
Checking certificate for aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
certmanager info No certificate present in SSL/TLS configuration for aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion. SNI will be required.
No 'certificate' found for aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
For more information about certificates please see https://prosody.im/doc/certificates
Problems found, see above.
root@ANON-home:# mv /var/lib/prosody/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion.* /etc/prosody/certs/
< / code > < / pre >
< p > < / p >
< pre > < code class = "nim" >
root@ANON-home:/etc/prosody/certs# prosodyctl adduser nihilist@aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
Enter new password:
Retype new password:
root@ANON-home:/etc/prosody/certs# systemctl restart prosody
root@ANON-home:/etc/prosody/certs# systemctl status prosody
● prosody.service - Prosody XMPP Server
Loaded: loaded (/lib/systemd/system/prosody.service; enabled; preset: enabled)
Active: active (running) since Mon 2024-08-05 22:02:47 CEST; 4s ago
Docs: https://prosody.im/doc
Main PID: 3419 (lua5.4)
Tasks: 1 (limit: 4653)
Memory: 7.8M
CPU: 139ms
CGroup: /system.slice/prosody.service
└─3419 lua5.4 /usr/bin/prosody -F
Aug 05 22:02:47 ANON-home systemd[1]: Started prosody.service - Prosody XMPP Server.
< / code > < / pre >
< p > all good now, now let's connect to it using pidgin:< / p >
< pre > < code class = "nim" >
[ mainpc ] [ /dev/pts/9 ] [~/Nextcloud/blog]
→ apt install pidgin -y
[ mainpc ] [ /dev/pts/9 ] [~/Nextcloud/blog]
→ pidgin
< / code > < / pre >
< p > Then, create your account on the XMPP server:< / p >
< img src = "1.png" class = "imgRz" >
< img src = "2.png" class = "imgRz" >
< img src = "3.png" class = "imgRz" >
< img src = "4.png" class = "imgRz" >
< img src = "6.png" class = "imgRz" >
< img src = "5.png" class = "imgRz" >
< p > Next, we can start chatting with Alice, who is another user on that XMPP server like so:< / p >
< img src = "7.png" class = "imgRz" >
< p > Then from Alice's XMPP client, we accept nihilist's buddy request:< / p >
< img src = "8.png" class = "imgRz" >
< img src = "9.png" class = "imgRz" >
< img src = "10.png" class = "imgRz" >
< img src = "11.png" class = "imgRz" >
< p > < / p >
< / div >
< / div > <!-- /row -->
< / div > <!-- /container -->
< / div > <!-- /white -->
< div id = "anon2" >
< div class = "container" >
< div class = "row" >
< div class = "col-lg-8 col-lg-offset-2" >
< h2 > < b > Optional XMPP server options:< / b > < / h2 > < / br > < / br >
< p > if you want to enable message archiving, enable the "mam" module by uncommenting it:< / p >
< pre > < code class = "nim" >
root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
[...]
modules_enabled = {
"mam"; -- Store recent messages to allow multi-device synchronization
}
[...]
< / code > < / pre >
< p > and then you can mention the expiration time of messages like so:< / p >
< pre > < code class = "nim" >
root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
archive_expires_after = "1w" -- remove archived messages after 1 week
< / code > < / pre >
< p > you can choose to limit the bandwidth usage of your server too, using the mod_limits module:< / p >
< pre > < code class = "nim" >
root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
limits = {
c2s = {
rate = "10kb/s";
}
s2sin = {
rate = "30kb/s";
}
}
< / code > < / pre >
< p > You can also enable archiving on the multi-user chats like so :< / p >
< pre > < code class = "nim" >
root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
Component "conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "muc"
modules_enabled = { "onions", "muc_mam" };
onions_only = true;
< / code > < / pre >
< p > And just like in mod_mam, you can set the expiration time of the messages in MUCs:< / p >
< pre > < code class = "nim" >
root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
Component "conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "muc"
modules_enabled = { "onions", "muc_mam" };
onions_only = true;
muc_log_expires_after = "1w"
< / code > < / pre >
< p > Then, you can also enable file archiving using mod_http_file_share:< / p >
< pre > < code class = "nim" >
root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
Component "upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "http_file_share"
modules_enabled = { "onions" };
onions_only = true;
http_file_share_daily_quota = 100*1024*1024; -- 100 MiB
http_file_share_after = 7*86400; -- One week in seconds
http_file_share_size_limit = 10*1024*1024 -- 10 Mib
< / code > < / pre >
< p > Then, as you're going to have a multi user chat, you'll most likely need the mod_muc_moderation module:< / p >
< pre > < code class = "nim" >
root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
Component "conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "muc"
modules_enabled = { "onions", "muc_mam", "muc_moderation" };
onions_only = true;
muc_log_expires_after = "1w"
< / code > < / pre >
< p > TODO: showcase a multi-user chat with 3 users< / p >
< p > TODO: showcase XMPP onion federation between server A < - > and B< / p >
< / div >
< / div > <!-- /row -->
< / div > <!-- /container -->
< / div > <!-- /white -->
<!-- +++++ Footer Section +++++ -->
< div id = "anonb" >
< div class = "container" >
< div class = "row" >
< div class = "col-lg-4" >
< h4 > Nihilism< / h4 >
< p >
Until there is Nothing left.
< / p >
< / div > <!-- /col - lg - 4 -->
< div class = "col-lg-4" >
< h4 > My Links< / h4 >
< p >
< a target = "_blank" rel = "noopener noreferrer" href = "http://blog.nihilism.network/rss/feed.xml" > RSS Feed< / a > < br / > < a target = "_blank" rel = "noopener noreferrer" href = "https://matrix.to/#/#nihilism:m.datura.network" > Matrix Chat< / a > < br / >
< / p >
< / div > <!-- /col - lg - 4 -->
< div class = "col-lg-4" >
< h4 > About nihilist< / h4 >
< p style = "word-wrap: break-word;" > < u > Donate XMR:< / u > 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8< / p > < / br > < p > < u > Contact:< / u > nihilist@nihilism.network (< a href = "https://nihilism.network/nihilist.pubkey" > PGP< / a > )< / p >
< / div > <!-- /col - lg - 4 -->
< / div >
< / div >
< / div >
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
< / body >
< / html >