drafted the XMPP onion tutorial

servers/anon.html

@@ -215,7 +215,7 @@
         <li><a href="torwebsite/index.html">✅ Hidden Service with custom .onion Vanity V3 address</a></li>
 		<li><a href="anon.html">❌ Basic Webserver setup (NGINX / PHP / MYSQL)</a></li>
 		<li><a href="anon.html">❌ Minimalistic MoneroSSO .onion setup</a></li>
-		<li><a href="anon.html">❌ XMPP prosody .onion setup (chat service)</a></li>
+		<li><a href="xmpp2024/index.html">🟠 XMPP prosody .onion setup (chat service)</a></li>
 		<li><a href="anon.html">❌ Gitea .onion setup (Code repositories)</a></li>
 		<li><a href="anon.html">❌ Nextcloud .onion setup (cloud storage)</a></li>
 		<li><a href="anon.html">❌ Mastodon .onion setup (Microblogging)</a></li>

servers/xmpp2024/index.html

@@ -0,0 +1,374 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="">
+    <meta name="author" content="">
+    <link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
+
+    <title>XMPP Server Setup Setup</title>
+
+    <!-- Bootstrap core CSS -->
+    <link href="../../assets/css/bootstrap.css" rel="stylesheet">
+	<link href="../../assets/css/xt256.css" rel="stylesheet">
+    
+    
+
+    <!-- Custom styles for this template -->
+    <link href="../../assets/css/main.css" rel="stylesheet">
+
+    
+
+    <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
+    <!--[if lt IE 9]>
+      <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
+      <script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
+    <![endif]-->
+  </head>
+
+  <body>
+
+    <!-- Static navbar -->
+    <div class="navbar navbar-inverse-anon navbar-static-top">
+      <div class="container">
+        <div class="navbar-header">
+          <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+          </button>
+          <a class="navbar-brand-anon" href="\index.html">nihilist`s Blog</a>
+        </div>
+        <div class="navbar-collapse collapse">
+          <ul class="nav navbar-nav navbar-right">
+
+            <li><a  href="/about.html">About</a></li>
+            <li><a  href="/blog.html">Categories</a></li>
+<li><a href="https://blog.nihilism.network/donate.html">Donate</a></li>
+            <li><a  href="/contact.html">Contact</a></li>
+          </ul>
+        </div><!--/.nav-collapse -->
+        
+      </div>
+    </div>
+
+	<!-- +++++ Posts Lists +++++ -->
+	<!-- +++++ First Post +++++ -->
+	<div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+  					<a href="../anon.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-08-05</ba></p>
+<h1>XMPP Server Setup Setup </h1>
+          
+<p>In this tutorial, we're going to check out how to setup a XMPP chat server, that is accessible over Tor, as a hidden service, using Prosody and Pidgin.</p>
+	       </div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /grey -->
+
+	<!-- +++++ Second Post +++++ -->
+	<div id="anon3">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>XMPP Server Setup </b></h2>
+<p>Before starting, check out <a href="../">this</a> tutorial on how to create your first hidden service.</p>
+<pre><code class="nim">
+root@ANON-home:~# apt install prosody prosody-modules -y
+	
+root@ANON-home:~# prosodyctl about 
+  /var/lib/prosody/custom_plugins - not a directory!
+  /usr/local/lib/prosody/modules - not a directory!
+  /var/lib/prosody/custom_plugins/share/lua/5.4/?.lua
+  /var/lib/prosody/custom_plugins/share/lua/5.4/?/init.lua
+
+
+root@ANON-home:~# mkdir /var/lib/prosody/custom_plugins
+root@ANON-home:~# mkdir /usr/local/lib/prosody/modules -p
+
+</code></pre>
+
+<p>Then, we make sure that the tor hidden service includes the XMPP ports:</p>
+<pre><code class="nim">
+root@ANON-home:# vim /etc/tor/torrc
+root@ANON-home:# cat /etc/tor/torrc
+HiddenServiceDir /var/lib/tor/onions/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion/
+
+[...]
+
+HiddenServicePort 5222 127.0.0.1:5222
+HiddenServicePort 5269 127.0.0.1:5269
+HiddenServicePort 5280 127.0.0.1:5280
+HiddenServicePort 5281 127.0.0.1:5281
+	
+root@ANON-home:# systemctl restart tor@default
+
+</code></pre>
+
+<p>Here, my hidden service is aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion, let's check that the mod_onions module is installed and configure the prosody.cfg.lua file:</p>
+<pre><code class="nim">
+root@ANON-home:~# ls /usr/lib/prosody/modules/mod_onions
+mod_onions.lua
+	
+root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
+root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
+
+[...]
+
+VirtualHost "localhost"
+-- Prosody requires at least one enabled VirtualHost to function. You can
+-- safely remove or disable 'localhost' once you have added another.
+
+VirtualHost "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion"
+        modules_enabled = {"onions"};
+        onions_only = true;
+        disco_items = {
+                {"conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion","Public Chatroom"},
+                {"upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion","Public Chatroom"}
+        }
+
+Component "conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "muc"
+        modules_enabled = { "onions" };
+        onions_only = true;
+
+Component "upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "http_file_share"
+        modules_enabled = { "onions" };
+        onions_only = true;
+
+[...]
+
+</code></pre>
+<p></p>
+<pre><code class="nim">
+root@ANON-home:~# prosodyctl cert generate aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
+Choose key size (2048):
+<b>Key written to /var/lib/prosody/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion.key</b>
+Please provide details to include in the certificate config file.
+Leave the field empty to use the default value or '.' to exclude the field.
+countryName (GB):
+localityName (The Internet):
+organizationName (Your Organisation):
+organizationalUnitName (XMPP Department):
+commonName (aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion):
+emailAddress (xmpp@aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion):
+
+<b>Config written to /var/lib/prosody/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion.cnf
+Certificate written to /var/lib/prosody/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion.crt</b>
+
+root@ANON-home:~# prosodyctl check
+
+[...]
+
+Checking certificates...
+Checking certificate for conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
+certmanager         info        No certificate present in SSL/TLS configuration for conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion. SNI will be required.
+  No 'certificate' found for conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
+Checking certificate for localhost
+certmanager         info        No certificate present in SSL/TLS configuration for localhost. SNI will be required.
+  No 'certificate' found for localhost
+Checking certificate for upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
+certmanager         info        No certificate present in SSL/TLS configuration for upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion. SNI will be required.
+  No 'certificate' found for upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
+Checking certificate for aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
+certmanager         info        No certificate present in SSL/TLS configuration for aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion. SNI will be required.
+  No 'certificate' found for aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
+
+For more information about certificates please see https://prosody.im/doc/certificates
+
+Problems found, see above.
+
+	
+root@ANON-home:# mv /var/lib/prosody/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion.* /etc/prosody/certs/
+
+</code></pre>
+<p></p>
+<pre><code class="nim">
+root@ANON-home:/etc/prosody/certs# prosodyctl adduser nihilist@aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
+Enter new password:
+Retype new password:
+
+root@ANON-home:/etc/prosody/certs# systemctl restart prosody
+root@ANON-home:/etc/prosody/certs# systemctl status prosody
+● prosody.service - Prosody XMPP Server
+     Loaded: loaded (/lib/systemd/system/prosody.service; enabled; preset: enabled)
+     Active: active (running) since Mon 2024-08-05 22:02:47 CEST; 4s ago
+       Docs: https://prosody.im/doc
+   Main PID: 3419 (lua5.4)
+      Tasks: 1 (limit: 4653)
+     Memory: 7.8M
+        CPU: 139ms
+     CGroup: /system.slice/prosody.service
+             └─3419 lua5.4 /usr/bin/prosody -F
+
+Aug 05 22:02:47 ANON-home systemd[1]: Started prosody.service - Prosody XMPP Server.
+
+	
+</code></pre>
+<p>all good now, now let's connect to it using pidgin:</p>
+<pre><code class="nim">
+[ mainpc ] [ /dev/pts/9 ] [~/Nextcloud/blog]
+→ apt install pidgin -y
+
+[ mainpc ] [ /dev/pts/9 ] [~/Nextcloud/blog]
+→ pidgin
+	
+</code></pre>
+<p>Then, create your account on the XMPP server:</p>
+<img src="1.png" class="imgRz">
+<img src="2.png" class="imgRz">
+<img src="3.png" class="imgRz">
+<img src="4.png" class="imgRz">
+<img src="6.png" class="imgRz">
+<img src="5.png" class="imgRz">
+<p>Next, we can start chatting with Alice, who is another user on that XMPP server like so:</p>
+<img src="7.png" class="imgRz">
+<p>Then from Alice's XMPP client, we accept nihilist's buddy request:</p>
+<img src="8.png" class="imgRz">
+<img src="9.png" class="imgRz">
+<img src="10.png" class="imgRz">
+<img src="11.png" class="imgRz">
+<p></p>
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+  <div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Optional XMPP server options:</b></h2> </br> </br>
+<p>if you want to enable message archiving, enable the "mam" module by uncommenting it:</p>
+<pre><code class="nim">
+root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
+root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
+
+[...]
+
+modules_enabled = {
+                "mam"; -- Store recent messages to allow multi-device synchronization
+}
+
+[...]
+
+</code></pre>
+
+<p>and then you can mention the expiration time of messages like so:</p>
+<pre><code class="nim">
+root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
+root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
+
+archive_expires_after = "1w" -- remove archived messages after 1 week
+
+</code></pre>
+<p>you can choose to limit the bandwidth usage of your server too, using the mod_limits module:</p>
+<pre><code class="nim">
+root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
+root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
+
+limits = {
+	c2s = {
+		rate = "10kb/s";
+	}
+	s2sin = {
+		rate = "30kb/s";
+	}
+
+}
+</code></pre>
+<p>You can also enable archiving on the multi-user chats like so :</p>
+<pre><code class="nim">
+root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
+root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
+
+Component "conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "muc"
+        modules_enabled = { "onions", "muc_mam" };
+        onions_only = true;
+
+</code></pre>
+<p>And just like in mod_mam, you can set the expiration time of the messages in MUCs:</p>
+<pre><code class="nim">
+root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
+root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
+
+Component "conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "muc"
+        modules_enabled = { "onions", "muc_mam" };
+        onions_only = true;
+		muc_log_expires_after = "1w"
+	
+</code></pre>
+
+<p>Then, you can also enable file archiving using mod_http_file_share:</p>
+<pre><code class="nim">
+root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
+root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
+
+Component "upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "http_file_share"
+        modules_enabled = { "onions" };
+        onions_only = true;
+		http_file_share_daily_quota = 100*1024*1024;	-- 100 MiB
+		http_file_share_after = 7*86400;				-- One week in seconds
+		http_file_share_size_limit = 10*1024*1024		-- 10 Mib
+	
+</code></pre>
+<p>Then,  as you're going to have a multi user chat, you'll most likely need the mod_muc_moderation module:</p>
+<pre><code class="nim">
+root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
+root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
+
+Component "conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "muc"
+        modules_enabled = { "onions", "muc_mam", "muc_moderation" };
+        onions_only = true;
+        muc_log_expires_after = "1w"
+	
+</code></pre>
+
+<p>TODO: showcase a multi-user chat with 3 users</p>
+<p>TODO: showcase XMPP onion federation between server A <-> and B</p>
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+	<!-- +++++ Footer Section +++++ -->
+
+	<div id="anonb">
+		<div class="container">
+			<div class="row">
+				<div class="col-lg-4">
+					<h4>Nihilism</h4>
+          <p>
+						Until there is Nothing left.
+						
+					</p>
+				</div><!-- /col-lg-4 -->
+
+				<div class="col-lg-4">
+					<h4>My Links</h4>
+					<p>
+
+						<a target="_blank" rel="noopener noreferrer" href="http://blog.nihilism.network/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://matrix.to/#/#nihilism:m.datura.network">Matrix Chat</a><br/>
+
+					</p>
+				</div><!-- /col-lg-4 -->
+
+				<div class="col-lg-4">
+					<h4>About nihilist</h4>
+					<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@nihilism.network (<a href="https://nihilism.network/nihilist.pubkey">PGP</a>)</p>
+				</div><!-- /col-lg-4 -->
+
+			</div>
+
+		</div>
+	</div>
+
+
+    <!-- Bootstrap core JavaScript
+    ================================================== -->
+    <!-- Placed at the end of the document so the pages load faster -->
+    
+  </body>
+</html>