In this tutorial, we're going to check out how to setup a XMPP chat server, that is accessible over Tor, as a hidden service, using Prosody and Pidgin.
+Before starting, check out this tutorial on how to create your first hidden service.
+
+root@ANON-home:~# apt install prosody prosody-modules -y
+
+root@ANON-home:~# prosodyctl about
+ /var/lib/prosody/custom_plugins - not a directory!
+ /usr/local/lib/prosody/modules - not a directory!
+ /var/lib/prosody/custom_plugins/share/lua/5.4/?.lua
+ /var/lib/prosody/custom_plugins/share/lua/5.4/?/init.lua
+
+
+root@ANON-home:~# mkdir /var/lib/prosody/custom_plugins
+root@ANON-home:~# mkdir /usr/local/lib/prosody/modules -p
+
+Then, we make sure that the tor hidden service includes the XMPP ports:
+
+root@ANON-home:# vim /etc/tor/torrc
+root@ANON-home:# cat /etc/tor/torrc
+HiddenServiceDir /var/lib/tor/onions/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion/
+
+[...]
+
+HiddenServicePort 5222 127.0.0.1:5222
+HiddenServicePort 5269 127.0.0.1:5269
+HiddenServicePort 5280 127.0.0.1:5280
+HiddenServicePort 5281 127.0.0.1:5281
+
+root@ANON-home:# systemctl restart tor@default
+
+Here, my hidden service is aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion, let's check that the mod_onions module is installed and configure the prosody.cfg.lua file:
+
+root@ANON-home:~# ls /usr/lib/prosody/modules/mod_onions
+mod_onions.lua
+
+root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
+root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
+
+[...]
+
+VirtualHost "localhost"
+-- Prosody requires at least one enabled VirtualHost to function. You can
+-- safely remove or disable 'localhost' once you have added another.
+
+VirtualHost "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion"
+ modules_enabled = {"onions"};
+ onions_only = true;
+ disco_items = {
+ {"conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion","Public Chatroom"},
+ {"upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion","Public Chatroom"}
+ }
+
+Component "conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "muc"
+ modules_enabled = { "onions" };
+ onions_only = true;
+
+Component "upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "http_file_share"
+ modules_enabled = { "onions" };
+ onions_only = true;
+
+[...]
+
+
+root@ANON-home:~# prosodyctl cert generate aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
+Choose key size (2048):
+Key written to /var/lib/prosody/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion.key
+Please provide details to include in the certificate config file.
+Leave the field empty to use the default value or '.' to exclude the field.
+countryName (GB):
+localityName (The Internet):
+organizationName (Your Organisation):
+organizationalUnitName (XMPP Department):
+commonName (aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion):
+emailAddress (xmpp@aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion):
+
+Config written to /var/lib/prosody/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion.cnf
+Certificate written to /var/lib/prosody/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion.crt
+
+root@ANON-home:~# prosodyctl check
+
+[...]
+
+Checking certificates...
+Checking certificate for conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
+certmanager info No certificate present in SSL/TLS configuration for conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion. SNI will be required.
+ No 'certificate' found for conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
+Checking certificate for localhost
+certmanager info No certificate present in SSL/TLS configuration for localhost. SNI will be required.
+ No 'certificate' found for localhost
+Checking certificate for upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
+certmanager info No certificate present in SSL/TLS configuration for upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion. SNI will be required.
+ No 'certificate' found for upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
+Checking certificate for aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
+certmanager info No certificate present in SSL/TLS configuration for aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion. SNI will be required.
+ No 'certificate' found for aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
+
+For more information about certificates please see https://prosody.im/doc/certificates
+
+Problems found, see above.
+
+
+root@ANON-home:# mv /var/lib/prosody/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion.* /etc/prosody/certs/
+
+
+root@ANON-home:/etc/prosody/certs# prosodyctl adduser nihilist@aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
+Enter new password:
+Retype new password:
+
+root@ANON-home:/etc/prosody/certs# systemctl restart prosody
+root@ANON-home:/etc/prosody/certs# systemctl status prosody
+● prosody.service - Prosody XMPP Server
+ Loaded: loaded (/lib/systemd/system/prosody.service; enabled; preset: enabled)
+ Active: active (running) since Mon 2024-08-05 22:02:47 CEST; 4s ago
+ Docs: https://prosody.im/doc
+ Main PID: 3419 (lua5.4)
+ Tasks: 1 (limit: 4653)
+ Memory: 7.8M
+ CPU: 139ms
+ CGroup: /system.slice/prosody.service
+ └─3419 lua5.4 /usr/bin/prosody -F
+
+Aug 05 22:02:47 ANON-home systemd[1]: Started prosody.service - Prosody XMPP Server.
+
+
+all good now, now let's connect to it using pidgin:
+
+[ mainpc ] [ /dev/pts/9 ] [~/Nextcloud/blog]
+→ apt install pidgin -y
+
+[ mainpc ] [ /dev/pts/9 ] [~/Nextcloud/blog]
+→ pidgin
+
+Then, create your account on the XMPP server:
+
+
+
+
+
+
+Next, we can start chatting with Alice, who is another user on that XMPP server like so:
+
+Then from Alice's XMPP client, we accept nihilist's buddy request:
+
+
+
+
+
+ if you want to enable message archiving, enable the "mam" module by uncommenting it:
+
+root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
+root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
+
+[...]
+
+modules_enabled = {
+ "mam"; -- Store recent messages to allow multi-device synchronization
+}
+
+[...]
+
+and then you can mention the expiration time of messages like so:
+
+root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
+root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
+
+archive_expires_after = "1w" -- remove archived messages after 1 week
+
+you can choose to limit the bandwidth usage of your server too, using the mod_limits module:
+
+root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
+root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
+
+limits = {
+ c2s = {
+ rate = "10kb/s";
+ }
+ s2sin = {
+ rate = "30kb/s";
+ }
+
+}
+You can also enable archiving on the multi-user chats like so :
+
+root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
+root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
+
+Component "conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "muc"
+ modules_enabled = { "onions", "muc_mam" };
+ onions_only = true;
+
+And just like in mod_mam, you can set the expiration time of the messages in MUCs:
+
+root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
+root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
+
+Component "conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "muc"
+ modules_enabled = { "onions", "muc_mam" };
+ onions_only = true;
+ muc_log_expires_after = "1w"
+
+Then, you can also enable file archiving using mod_http_file_share:
+
+root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
+root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
+
+Component "upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "http_file_share"
+ modules_enabled = { "onions" };
+ onions_only = true;
+ http_file_share_daily_quota = 100*1024*1024; -- 100 MiB
+ http_file_share_after = 7*86400; -- One week in seconds
+ http_file_share_size_limit = 10*1024*1024 -- 10 Mib
+
+Then, as you're going to have a multi user chat, you'll most likely need the mod_muc_moderation module:
+
+root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
+root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
+
+Component "conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "muc"
+ modules_enabled = { "onions", "muc_mam", "muc_moderation" };
+ onions_only = true;
+ muc_log_expires_after = "1w"
+
+TODO: showcase a multi-user chat with 3 users
+TODO: showcase XMPP onion federation between server A <-> and B
++ Until there is Nothing left. + +
+
+
+ RSS Feed
Matrix Chat
+
+
Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
Contact: nihilist@nihilism.network (PGP)
+