drafted the XMPP onion tutorial

This commit is contained in:
nihilist 2024-08-06 00:46:37 +02:00
parent 087396727c
commit 60042a85ee
13 changed files with 375 additions and 1 deletions

View File

@ -215,7 +215,7 @@
<li><a href="torwebsite/index.html">✅ Hidden Service with custom .onion Vanity V3 address</a></li>
<li><a href="anon.html">❌ Basic Webserver setup (NGINX / PHP / MYSQL)</a></li>
<li><a href="anon.html">❌ Minimalistic MoneroSSO .onion setup</a></li>
<li><a href="anon.html"> XMPP prosody .onion setup (chat service)</a></li>
<li><a href="xmpp2024/index.html">🟠 XMPP prosody .onion setup (chat service)</a></li>
<li><a href="anon.html">❌ Gitea .onion setup (Code repositories)</a></li>
<li><a href="anon.html">❌ Nextcloud .onion setup (cloud storage)</a></li>
<li><a href="anon.html">❌ Mastodon .onion setup (Microblogging)</a></li>

BIN
servers/xmpp2024/1.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 88 KiB

BIN
servers/xmpp2024/10.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 27 KiB

BIN
servers/xmpp2024/11.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 51 KiB

BIN
servers/xmpp2024/2.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 21 KiB

BIN
servers/xmpp2024/3.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 75 KiB

BIN
servers/xmpp2024/4.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 26 KiB

BIN
servers/xmpp2024/5.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 25 KiB

BIN
servers/xmpp2024/6.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 18 KiB

BIN
servers/xmpp2024/7.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 51 KiB

BIN
servers/xmpp2024/8.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 69 KiB

BIN
servers/xmpp2024/9.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 24 KiB

374
servers/xmpp2024/index.html Normal file
View File

@ -0,0 +1,374 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
<title>XMPP Server Setup Setup</title>
<!-- Bootstrap core CSS -->
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
<link href="../../assets/css/xt256.css" rel="stylesheet">
<!-- Custom styles for this template -->
<link href="../../assets/css/main.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
<![endif]-->
</head>
<body>
<!-- Static navbar -->
<div class="navbar navbar-inverse-anon navbar-static-top">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand-anon" href="\index.html">nihilist`s Blog</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav navbar-right">
<li><a href="/about.html">About</a></li>
<li><a href="/blog.html">Categories</a></li>
<li><a href="https://blog.nihilism.network/donate.html">Donate</a></li>
<li><a href="/contact.html">Contact</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>
</div>
<!-- +++++ Posts Lists +++++ -->
<!-- +++++ First Post +++++ -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<a href="../anon.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-08-05</ba></p>
<h1>XMPP Server Setup Setup </h1>
<p>In this tutorial, we're going to check out how to setup a XMPP chat server, that is accessible over Tor, as a hidden service, using Prosody and Pidgin.</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /grey -->
<!-- +++++ Second Post +++++ -->
<div id="anon3">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>XMPP Server Setup </b></h2>
<p>Before starting, check out <a href="../">this</a> tutorial on how to create your first hidden service.</p>
<pre><code class="nim">
root@ANON-home:~# apt install prosody prosody-modules -y
root@ANON-home:~# prosodyctl about
/var/lib/prosody/custom_plugins - not a directory!
/usr/local/lib/prosody/modules - not a directory!
/var/lib/prosody/custom_plugins/share/lua/5.4/?.lua
/var/lib/prosody/custom_plugins/share/lua/5.4/?/init.lua
root@ANON-home:~# mkdir /var/lib/prosody/custom_plugins
root@ANON-home:~# mkdir /usr/local/lib/prosody/modules -p
</code></pre>
<p>Then, we make sure that the tor hidden service includes the XMPP ports:</p>
<pre><code class="nim">
root@ANON-home:# vim /etc/tor/torrc
root@ANON-home:# cat /etc/tor/torrc
HiddenServiceDir /var/lib/tor/onions/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion/
[...]
HiddenServicePort 5222 127.0.0.1:5222
HiddenServicePort 5269 127.0.0.1:5269
HiddenServicePort 5280 127.0.0.1:5280
HiddenServicePort 5281 127.0.0.1:5281
root@ANON-home:# systemctl restart tor@default
</code></pre>
<p>Here, my hidden service is aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion, let's check that the mod_onions module is installed and configure the prosody.cfg.lua file:</p>
<pre><code class="nim">
root@ANON-home:~# ls /usr/lib/prosody/modules/mod_onions
mod_onions.lua
root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
[...]
VirtualHost "localhost"
-- Prosody requires at least one enabled VirtualHost to function. You can
-- safely remove or disable 'localhost' once you have added another.
VirtualHost "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion"
modules_enabled = {"onions"};
onions_only = true;
disco_items = {
{"conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion","Public Chatroom"},
{"upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion","Public Chatroom"}
}
Component "conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "muc"
modules_enabled = { "onions" };
onions_only = true;
Component "upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "http_file_share"
modules_enabled = { "onions" };
onions_only = true;
[...]
</code></pre>
<p></p>
<pre><code class="nim">
root@ANON-home:~# prosodyctl cert generate aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
Choose key size (2048):
<b>Key written to /var/lib/prosody/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion.key</b>
Please provide details to include in the certificate config file.
Leave the field empty to use the default value or '.' to exclude the field.
countryName (GB):
localityName (The Internet):
organizationName (Your Organisation):
organizationalUnitName (XMPP Department):
commonName (aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion):
emailAddress (xmpp@aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion):
<b>Config written to /var/lib/prosody/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion.cnf
Certificate written to /var/lib/prosody/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion.crt</b>
root@ANON-home:~# prosodyctl check
[...]
Checking certificates...
Checking certificate for conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
certmanager info No certificate present in SSL/TLS configuration for conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion. SNI will be required.
No 'certificate' found for conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
Checking certificate for localhost
certmanager info No certificate present in SSL/TLS configuration for localhost. SNI will be required.
No 'certificate' found for localhost
Checking certificate for upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
certmanager info No certificate present in SSL/TLS configuration for upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion. SNI will be required.
No 'certificate' found for upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
Checking certificate for aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
certmanager info No certificate present in SSL/TLS configuration for aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion. SNI will be required.
No 'certificate' found for aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
For more information about certificates please see https://prosody.im/doc/certificates
Problems found, see above.
root@ANON-home:# mv /var/lib/prosody/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion.* /etc/prosody/certs/
</code></pre>
<p></p>
<pre><code class="nim">
root@ANON-home:/etc/prosody/certs# prosodyctl adduser nihilist@aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
Enter new password:
Retype new password:
root@ANON-home:/etc/prosody/certs# systemctl restart prosody
root@ANON-home:/etc/prosody/certs# systemctl status prosody
● prosody.service - Prosody XMPP Server
Loaded: loaded (/lib/systemd/system/prosody.service; enabled; preset: enabled)
Active: active (running) since Mon 2024-08-05 22:02:47 CEST; 4s ago
Docs: https://prosody.im/doc
Main PID: 3419 (lua5.4)
Tasks: 1 (limit: 4653)
Memory: 7.8M
CPU: 139ms
CGroup: /system.slice/prosody.service
└─3419 lua5.4 /usr/bin/prosody -F
Aug 05 22:02:47 ANON-home systemd[1]: Started prosody.service - Prosody XMPP Server.
</code></pre>
<p>all good now, now let's connect to it using pidgin:</p>
<pre><code class="nim">
[ mainpc ] [ /dev/pts/9 ] [~/Nextcloud/blog]
→ apt install pidgin -y
[ mainpc ] [ /dev/pts/9 ] [~/Nextcloud/blog]
→ pidgin
</code></pre>
<p>Then, create your account on the XMPP server:</p>
<img src="1.png" class="imgRz">
<img src="2.png" class="imgRz">
<img src="3.png" class="imgRz">
<img src="4.png" class="imgRz">
<img src="6.png" class="imgRz">
<img src="5.png" class="imgRz">
<p>Next, we can start chatting with Alice, who is another user on that XMPP server like so:</p>
<img src="7.png" class="imgRz">
<p>Then from Alice's XMPP client, we accept nihilist's buddy request:</p>
<img src="8.png" class="imgRz">
<img src="9.png" class="imgRz">
<img src="10.png" class="imgRz">
<img src="11.png" class="imgRz">
<p></p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Optional XMPP server options:</b></h2> </br> </br>
<p>if you want to enable message archiving, enable the "mam" module by uncommenting it:</p>
<pre><code class="nim">
root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
[...]
modules_enabled = {
"mam"; -- Store recent messages to allow multi-device synchronization
}
[...]
</code></pre>
<p>and then you can mention the expiration time of messages like so:</p>
<pre><code class="nim">
root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
archive_expires_after = "1w" -- remove archived messages after 1 week
</code></pre>
<p>you can choose to limit the bandwidth usage of your server too, using the mod_limits module:</p>
<pre><code class="nim">
root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
limits = {
c2s = {
rate = "10kb/s";
}
s2sin = {
rate = "30kb/s";
}
}
</code></pre>
<p>You can also enable archiving on the multi-user chats like so :</p>
<pre><code class="nim">
root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
Component "conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "muc"
modules_enabled = { "onions", "muc_mam" };
onions_only = true;
</code></pre>
<p>And just like in mod_mam, you can set the expiration time of the messages in MUCs:</p>
<pre><code class="nim">
root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
Component "conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "muc"
modules_enabled = { "onions", "muc_mam" };
onions_only = true;
muc_log_expires_after = "1w"
</code></pre>
<p>Then, you can also enable file archiving using mod_http_file_share:</p>
<pre><code class="nim">
root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
Component "upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "http_file_share"
modules_enabled = { "onions" };
onions_only = true;
http_file_share_daily_quota = 100*1024*1024; -- 100 MiB
http_file_share_after = 7*86400; -- One week in seconds
http_file_share_size_limit = 10*1024*1024 -- 10 Mib
</code></pre>
<p>Then, as you're going to have a multi user chat, you'll most likely need the mod_muc_moderation module:</p>
<pre><code class="nim">
root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
Component "conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "muc"
modules_enabled = { "onions", "muc_mam", "muc_moderation" };
onions_only = true;
muc_log_expires_after = "1w"
</code></pre>
<p>TODO: showcase a multi-user chat with 3 users</p>
<p>TODO: showcase XMPP onion federation between server A <-> and B</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- +++++ Footer Section +++++ -->
<div id="anonb">
<div class="container">
<div class="row">
<div class="col-lg-4">
<h4>Nihilism</h4>
<p>
Until there is Nothing left.
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>My Links</h4>
<p>
<a target="_blank" rel="noopener noreferrer" href="http://blog.nihilism.network/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://matrix.to/#/#nihilism:m.datura.network">Matrix Chat</a><br/>
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>About nihilist</h4>
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@nihilism.network (<a href="https://nihilism.network/nihilist.pubkey">PGP</a>)</p>
</div><!-- /col-lg-4 -->
</div>
</div>
</div>
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
</body>
</html>