blog-contributions/opsec/xmpp/index.html

370 lines
12 KiB
HTML

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
<title>XMPP server (Gajim, OMEO encryption, ejabberd .onion setup)</title>
<!-- Bootstrap core CSS -->
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
<link href="../../assets/css/xt256.css" rel="stylesheet">
<!-- Custom styles for this template -->
<link href="../../assets/css/main.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
<![endif]-->
</head>
<body>
<!-- Static navbar -->
<div class="navbar navbar-inverse-anon navbar-static-top">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand-anon" href="\index.html">nihilist`s Blog</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav navbar-right">
<li><a href="/about.html">About</a></li>
<li><a href="/blog.html">Categories</a></li>
<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
<li><a href="/contact.html">Contact</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>
</div>
<!-- +++++ Posts Lists +++++ -->
<!-- +++++ First Post +++++ -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-05-29</ba></p>
<h1>XMPP server (Gajim, OMEO encryption, ejabberd .onion setup) </h1>
<p>In this tutorial we're going to cover how to setup an XMPP chatting service over Tor. </p>
<p><u>Disclaimer:</u> If you want this service to remain anonymous, make sure you at least keep <a href="../sensitiveremotevshome/index.html">TOR between you and the service</a> from the <a href="../anonymousremoteserver/index.html">VPS acquisition</a> to actual service usage. </p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /grey -->
<!-- +++++ Second Post +++++ -->
<div id="anon3">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Initial Setup </b></h2>
<p>First let's install the required packages, and then run the xmpp server using docker (you can check the documentation <a href="https://github.com/processone/docker-ejabberd/blob/master/ecs/README.md">here</a>), we'll follow <a href="https://landchad.net/ejabberd/">Lukesmith's tutorial</a> specifically:</p>
<pre><code class="nim">
apt install ejabberd -y
</code></pre>
<p>Now we need the following domain names to point to your server:</p>
<pre><code class="nim">
nowhere.moe - Your XMPP hostname
xmpp.nowhere.moe - For mod_muc, Multi User Chats (MUCs)
upload.nowhere.moe - For mod_http_upload, file upload support
proxy.nowhere.moe - For mod_proxy65, SOCKS5 proxy support
pubsub.nowhere.moe - For mod_pubsub, publish-subscribe support (A fancier RSS)
</code></pre>
<p>Then we edit the ejabberd config file accordingly:</p>
<pre><code class="nim">
[ Datura ] [ /dev/pts/10 ] [/srv]
→ vim /etc/ejabberd/ejabberd.yml
[...]
hosts:
- nowhere.moe
[...]
mod_muc:
host: xmpp.nowhere.moe
[...]
</code></pre>
<p>Next we need to obtain the TLS certificate for the xmpp.nowhere.moe domain, to do so we'll use acme.sh: </p>
<pre><code class="nim">
[ Datura ] [ /dev/pts/10 ] [~]
→ systemctl stop nginx ; acme.sh --issue --standalone -d xmpp.nowhere.moe -k 4096 ; systemctl start nginx
[Sun Jun 9 07:12:21 PM CEST 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sun Jun 9 07:12:21 PM CEST 2024] Standalone mode.
[Sun Jun 9 07:12:21 PM CEST 2024] Creating domain key
[Sun Jun 9 07:12:23 PM CEST 2024] The domain key is here: /root/.acme.sh/xmpp.nowhere.moe/xmpp.nowhere.moe.key
[Sun Jun 9 07:12:23 PM CEST 2024] Single domain='xmpp.nowhere.moe'
[Sun Jun 9 07:12:25 PM CEST 2024] Getting webroot for domain='xmpp.nowhere.moe'
[Sun Jun 9 07:12:25 PM CEST 2024] Verifying: xmpp.nowhere.moe
[Sun Jun 9 07:12:25 PM CEST 2024] Standalone mode server
[Sun Jun 9 07:12:26 PM CEST 2024] Pending, The CA is processing your order, please just wait. (1/30)
[Sun Jun 9 07:12:30 PM CEST 2024] Pending, The CA is processing your order, please just wait. (2/30)
[Sun Jun 9 07:12:33 PM CEST 2024] Pending, The CA is processing your order, please just wait. (3/30)
[Sun Jun 9 07:12:37 PM CEST 2024] Success
[Sun Jun 9 07:12:37 PM CEST 2024] Verify finished, start to sign.
[Sun Jun 9 07:12:37 PM CEST 2024] Lets finalize the order.
[Sun Jun 9 07:12:37 PM CEST 2024] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/1581078457/276884921497'
[Sun Jun 9 07:12:38 PM CEST 2024] Downloading cert.
[Sun Jun 9 07:12:38 PM CEST 2024] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/03a21dfde3a1a017ddaec55ef3c43a3cae0c'
[Sun Jun 9 07:12:39 PM CEST 2024] Cert success.
[...]
[Sun Jun 9 07:12:39 PM CEST 2024] Your cert is in: /root/.acme.sh/xmpp.nowhere.moe/xmpp.nowhere.moe.cer
[Sun Jun 9 07:12:39 PM CEST 2024] Your cert key is in: /root/.acme.sh/xmpp.nowhere.moe/xmpp.nowhere.moe.key
[Sun Jun 9 07:12:39 PM CEST 2024] The intermediate CA cert is in: /root/.acme.sh/xmpp.nowhere.moe/ca.cer
[Sun Jun 9 07:12:39 PM CEST 2024] And the full chain certs is there: /root/.acme.sh/xmpp.nowhere.moe/fullchain.cer
[ Datura ] [ /dev/pts/10 ] [~]
→ chown -R ejabberd:ejabberd /root/.acme.sh/xmpp.nowhere.moe
[ Datura ] [ /dev/pts/10 ] [~]
→ cat /etc/ejabberd/ejabberd.yml
[...]
certfiles:
- "/root/.acme.sh/xmpp.nowhere.moe/fullchain.cer"
[...]
</code></pre>
<p>Then we add the admin user in ejabberd.yml:</p>
<pre><code class="nim">
[ Datura ] [ /dev/pts/10 ] [~]
→ cat /etc/ejabberd/ejabberd.yml
[...]
acl:
admin:
user:
- "nihilist"
[...]
</code></pre>
<p>We also add the File Uploads:</p>
<pre><code class="nim">
[ Datura ] [ /dev/pts/10 ] [~]
→ cat /etc/ejabberd/ejabberd.yml
[...]
mod_http_upload:
put_url: https://@HOST@:5443/upload
docroot: /srv/xmpp/upload/
custom_headers:
"Access-Control-Allow-Origin": "https://@HOST@"
"Access-Control-Allow-Methods": "GET,HEAD,PUT,OPTIONS"
"Access-Control-Allow-Headers": "Content-Type"
[...]
[ Datura ] [ /dev/pts/10 ] [~]
→ mkdir /srv/xmpp/upload/ -p
[ Datura ] [ /dev/pts/10 ] [~]
→ chown -R ejabberd:ejabberd /srv/xmpp/upload/
</code></pre>
<p>We enable message archives too:</p>
<pre><code class="nim">
[ Datura ] [ /dev/pts/10 ] [~]
→ cat /etc/ejabberd/ejabberd.yml
[...]
mod_mam:
## Mnesia is limited to 2GB, better to use an SQL backend
## For small servers SQLite is a good fit and is very easy
## to configure. Uncomment this when you have SQL configured:
## db_type: sql
assume_mam_usage: true
default: always
[...]
</code></pre>
<p>Next, you setup a coturn service for the VOIP <a href="https://landchad.net/coturn/">here</a>, but in this case we'll use the same coturn service that we previously setup for the <a href="../matrixnew/index.html">matrix server</a></p>
<pre><code class="nim">
[ Datura ] [ /dev/pts/10 ] [~]
→ cat /etc/ejabberd/ejabberd.yml
[...]
mod_stun_disco:
secret: "DAWDDWADWADAWDWAWDDWAADWADWDWADWADWAAWDDWAWAD"
services:
-
host: m.nowhere.moe
type: stun
-
host: m.nowhere.moe
type: turn
[...]
</code></pre>
<p>Then we restart the ejabberd service:</p>
<pre><code class="nim">
[ Datura ] [ /dev/pts/10 ] [~]
→ systemctl restart ejabberd
[ Datura ] [ /dev/pts/10 ] [~]
→ systemctl status ejabberd
● ejabberd.service - robust, scalable and extensible realtime platform (XMPP server + MQTT broker + SIP service)
Loaded: loaded (/lib/systemd/system/ejabberd.service; enabled; preset: enabled)
Active: active (running) since Sun 2024-06-09 21:21:41 CEST; 6s ago
Docs: https://www.process-one.net/en/ejabberd/docs/
Main PID: 3664214 (sh)
Tasks: 116 (limit: 77002)
Memory: 111.9M
CPU: 3.022s
CGroup: /system.slice/ejabberd.service
</code></pre>
<p>Now that the ejabberd service has restarted successfully, we can register the admin user:</p>
<pre><code class="nim">
[ Datura ] [ /dev/pts/10 ] [~]
→ ejabberdctl register nihilist nowhere.moe P@SSW0RD
User nihilist@contact.nowhere.moe successfully registered
</code></pre>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Setup</b></h2> </br> </br>
<p>Now the xmpp server is active, along with your nihilist user, so let's connect to it from a XMPP client like gajim:</p>
<pre><code class="nim">
[ mainpc ] [ /dev/pts/8 ] [~]
→ sudo apt install gajim -y
</code></pre>
<img src="1.png" class="imgRz">
<p></p>
<img src="" class="imgRz">
<pre><code class="nim">
</code></pre>
<p></p>
<img src="" class="imgRz">
<pre><code class="nim">
</code></pre>
<p></p>
<img src="" class="imgRz">
<pre><code class="nim">
</code></pre>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- +++++ Second Post +++++ -->
<div id="anon1">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Setup</b></h2> </br> </br>
<p></p>
<pre><code class="nim">
</code></pre>
<p></p>
<pre><code class="nim">
</code></pre>
<p></p>
<pre><code class="nim">
</code></pre>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- +++++ Footer Section +++++ -->
<div id="anonb">
<div class="container">
<div class="row">
<div class="col-lg-4">
<h4>Nihilism</h4>
<p>
Until there is Nothing left.</p></br></br><p>Creative Commons Zero: No Rights Reserved</br><img src="\CC0.png">
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>My Links</h4>
<p>
<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FL5jrGV2L_Bb20Oj0aE4Gn-m5AHet9XdpYDotiqpcpGc%3D%40nowhere.moe%2FH4g7zPbitSLV5tDQ51Yz-R6RgOkMEeCc%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEAkts5T5AMxHGrZCCg12aeKxWcpXaxbB_XqjrXmcFYlDQ%253D&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%22c3Y-iDaoDCFm6RhptSDOaw%3D%3D%22%7D">SimpleX Chat</a><br/>
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>About nihilist</h4>
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@contact.nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
</div><!-- /col-lg-4 -->
</div>
</div>
</div>
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
</body>
</html>