finished the XMPP tutorial
@ -227,7 +227,7 @@
|
|||||||
<li><a href="torwebsite/index.html">✅ Hidden Service with custom .onion Vanity V3 address</a></li>
|
<li><a href="torwebsite/index.html">✅ Hidden Service with custom .onion Vanity V3 address</a></li>
|
||||||
<li><a href="index.html">❌ Basic Webserver setup (NGINX / PHP / MYSQL)</a></li>
|
<li><a href="index.html">❌ Basic Webserver setup (NGINX / PHP / MYSQL)</a></li>
|
||||||
<li><a href="index.html">❌ Minimalistic MoneroSSO .onion setup</a></li>
|
<li><a href="index.html">❌ Minimalistic MoneroSSO .onion setup</a></li>
|
||||||
<li><a href="xmpp2024/index.html">🟠 XMPP prosody .onion setup (chat service)</a></li>
|
<li><a href="xmpp2024/index.html">✅ XMPP Chat Server Setup (Clearnet + Onion + OMEO E2EE)</a></li>
|
||||||
<li><a href="index.html">❌ Gitea .onion setup (Code repositories)</a></li>
|
<li><a href="index.html">❌ Gitea .onion setup (Code repositories)</a></li>
|
||||||
<li><a href="index.html">❌ Nextcloud .onion setup (cloud storage)</a></li>
|
<li><a href="index.html">❌ Nextcloud .onion setup (cloud storage)</a></li>
|
||||||
<li><a href="index.html">❌ Mastodon .onion setup (Microblogging)</a></li>
|
<li><a href="index.html">❌ Mastodon .onion setup (Microblogging)</a></li>
|
||||||
|
BIN
opsec/xmpp2024/12.png
Normal file
After Width: | Height: | Size: 52 KiB |
BIN
opsec/xmpp2024/13.png
Normal file
After Width: | Height: | Size: 64 KiB |
BIN
opsec/xmpp2024/14.png
Normal file
After Width: | Height: | Size: 79 KiB |
BIN
opsec/xmpp2024/15.png
Normal file
After Width: | Height: | Size: 553 KiB |
BIN
opsec/xmpp2024/16.png
Normal file
After Width: | Height: | Size: 79 KiB |
BIN
opsec/xmpp2024/17.png
Normal file
After Width: | Height: | Size: 12 KiB |
BIN
opsec/xmpp2024/18.png
Normal file
After Width: | Height: | Size: 202 KiB |
BIN
opsec/xmpp2024/19.png
Normal file
After Width: | Height: | Size: 20 KiB |
BIN
opsec/xmpp2024/20.png
Normal file
After Width: | Height: | Size: 364 KiB |
BIN
opsec/xmpp2024/21.png
Normal file
After Width: | Height: | Size: 69 KiB |
BIN
opsec/xmpp2024/22.png
Normal file
After Width: | Height: | Size: 150 KiB |
BIN
opsec/xmpp2024/23.png
Normal file
After Width: | Height: | Size: 60 KiB |
BIN
opsec/xmpp2024/24.png
Normal file
After Width: | Height: | Size: 287 KiB |
BIN
opsec/xmpp2024/25.png
Normal file
After Width: | Height: | Size: 282 KiB |
BIN
opsec/xmpp2024/26.png
Normal file
After Width: | Height: | Size: 27 KiB |
BIN
opsec/xmpp2024/27.png
Normal file
After Width: | Height: | Size: 26 KiB |
BIN
opsec/xmpp2024/28.png
Normal file
After Width: | Height: | Size: 270 KiB |
BIN
opsec/xmpp2024/29.png
Normal file
After Width: | Height: | Size: 63 KiB |
BIN
opsec/xmpp2024/30.png
Normal file
After Width: | Height: | Size: 58 KiB |
@ -8,7 +8,7 @@
|
|||||||
<meta name="author" content="">
|
<meta name="author" content="">
|
||||||
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
|
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
|
||||||
|
|
||||||
<title>XMPP Server Setup Setup</title>
|
<title>XMPP Chat Server Setup (Clearnet + Onion + OMEO E2EE)</title>
|
||||||
|
|
||||||
<!-- Bootstrap core CSS -->
|
<!-- Bootstrap core CSS -->
|
||||||
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
|
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
|
||||||
@ -61,9 +61,9 @@
|
|||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-lg-8 col-lg-offset-2">
|
<div class="col-lg-8 col-lg-offset-2">
|
||||||
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-08-05</ba></p>
|
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-08-05</ba></p>
|
||||||
<h1>XMPP Server Setup Setup </h1>
|
<h1>XMPP Chat Server Setup (Clearnet + Onion + OMEO E2EE)</h1>
|
||||||
|
|
||||||
<p>In this tutorial, we're going to check out how to setup a XMPP chat server, that is accessible over Tor, as a hidden service, using Prosody and Pidgin.</p>
|
<p>In this tutorial, we're going to check out how to setup a XMPP chat server, that is accessible over Tor, as a hidden service, using Prosody. We'll also cover how to have a Clearnet XMPP server, and how to have OMEO End to End encryption using the Gajim XMPP client.</p>
|
||||||
</div>
|
</div>
|
||||||
</div><!-- /row -->
|
</div><!-- /row -->
|
||||||
</div> <!-- /container -->
|
</div> <!-- /container -->
|
||||||
@ -74,7 +74,7 @@
|
|||||||
<div class="container">
|
<div class="container">
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-lg-8 col-lg-offset-2">
|
<div class="col-lg-8 col-lg-offset-2">
|
||||||
<h2><b>XMPP Server Setup </b></h2>
|
<h2><b>XMPP Onion Server Setup </b></h2>
|
||||||
<p>Before starting, check out <a href="../torwebsite/index.html">this</a> tutorial on how to create your first hidden service.</p>
|
<p>Before starting, check out <a href="../torwebsite/index.html">this</a> tutorial on how to create your first hidden service.</p>
|
||||||
<pre><code class="nim">
|
<pre><code class="nim">
|
||||||
root@ANON-home:~# apt install prosody prosody-modules lua-unbound -y
|
root@ANON-home:~# apt install prosody prosody-modules lua-unbound -y
|
||||||
@ -328,9 +328,114 @@ Component "conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.o
|
|||||||
muc_log_expires_after = "1w"
|
muc_log_expires_after = "1w"
|
||||||
|
|
||||||
</code></pre>
|
</code></pre>
|
||||||
|
</div>
|
||||||
|
</div><!-- /row -->
|
||||||
|
</div> <!-- /container -->
|
||||||
|
</div><!-- /white -->
|
||||||
|
|
||||||
|
|
||||||
|
<div id="anon1">
|
||||||
|
<div class="container">
|
||||||
|
<div class="row">
|
||||||
|
<div class="col-lg-8 col-lg-offset-2">
|
||||||
|
<h2><b>XMPP Clearnet Server Setup</b></h2> </br> </br>
|
||||||
|
<p>First edit prosody.cfg.lua like so :</p>
|
||||||
|
<pre><code class="nim">
|
||||||
|
[ Datura ] [ /dev/pts/3 ] [~]
|
||||||
|
→ vim /etc/prosody/prosody.cfg.lua
|
||||||
|
|
||||||
|
[...]
|
||||||
|
|
||||||
|
VirtualHost "nowhere.moe"
|
||||||
|
ssl = {
|
||||||
|
certificate = "/etc/ssl/nowhere.moe/fullchain.cer";
|
||||||
|
key = "/etc/ssl/nowhere.moe/nowhere.moe.key";
|
||||||
|
}
|
||||||
|
|
||||||
|
VirtualHost "nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion"
|
||||||
|
|
||||||
|
[...]
|
||||||
|
|
||||||
|
</code></pre>
|
||||||
|
<p>Then copy the existing acme.sh certificates for nowhere.moe into another non-root directory, otherwise prosody wont be able to read them:</p>
|
||||||
|
<pre><code class="nim">
|
||||||
|
[ Datura ] [ /dev/pts/4 ] [/etc/ssl/nowhere.moe]
|
||||||
|
→ mkdir -p /etc/ssl/nowhere.moe/
|
||||||
|
|
||||||
|
[ Datura ] [ /dev/pts/4 ] [/etc/ssl/nowhere.moe]
|
||||||
|
→ cp -r /root/.acme.sh/nowhere.moe/* /etc/ssl/nowhere.moe
|
||||||
|
|
||||||
|
[ Datura ] [ /dev/pts/4 ] [/etc/ssl/nowhere.moe]
|
||||||
|
→ sudo setfacl -R -m u:prosody:rx /etc/ssl/nowhere.moe/
|
||||||
|
|
||||||
|
[ Datura ] [ /dev/pts/4 ] [/etc/ssl/nowhere.moe]
|
||||||
|
→ sudo -u prosody cat /etc/ssl/nowhere.moe/nowhere.moe.cer
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIF5zCCBM+gAwIBAgISBCVaPZeC38+C4bWEm3yPX1LMMA0GCSqGSIb3DQEBCwUA
|
||||||
|
MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
|
||||||
|
EwNSMTAwHhcNMjQwODExMjAyMjI5WhcNMjQxMTA5MjAyMjI4WjAWMRQwEgYDVQQD
|
||||||
|
Ewtub3doZXJlLm1vZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJPO
|
||||||
|
[...]
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
||||||
|
|
||||||
|
</code></pre>
|
||||||
|
<p>to copy it once a day to the correct folder, you can do it via cronjob:</p>
|
||||||
|
<pre><code class="nim">
|
||||||
|
[ Datura ] [ /dev/pts/7 ] [~]
|
||||||
|
→ crontab -e
|
||||||
|
|
||||||
|
0 0 * * * cp -r /root/.acme.sh/nowhere.moe/* /etc/ssl/nowhere.moe ; setfacl -R -m u:prosody:rx /root/.acme.sh/nowhere.moe ; systemctl restart prosody
|
||||||
|
|
||||||
|
</code></pre>
|
||||||
|
<p>Then, don't forget to create the clearnet user:</p>
|
||||||
|
<pre><code class="nim">
|
||||||
|
[ Datura ] [ /dev/pts/7 ] [~]
|
||||||
|
→ prosodyctl adduser usertest usertestpwd
|
||||||
|
|
||||||
|
[ Datura ] [ /dev/pts/7 ] [~]
|
||||||
|
→ prosodyctl passwd usertest@nowhere.moe
|
||||||
|
|
||||||
|
</code></pre>
|
||||||
|
<p>Then you can just connect to the XMPP server over clearnet aswell, but one thing to note is that pidgin is limited when it comes to encrypting chats, so let's use Gajim instead as it comes with OMEO encryption out of the box:</p>
|
||||||
|
<pre><code class="nim">
|
||||||
|
user@laptop: apt install gajim -y
|
||||||
|
|
||||||
|
</pre></code>
|
||||||
|
<img src="12.png" class="imgRz">
|
||||||
|
<img src="13.png" class="imgRz">
|
||||||
|
<img src="14.png" class="imgRz">
|
||||||
|
<img src="15.png" class="imgRz">
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</div><!-- /row -->
|
||||||
|
</div> <!-- /container -->
|
||||||
|
</div><!-- /white -->
|
||||||
|
|
||||||
|
|
||||||
|
<div id="anon2">
|
||||||
|
<div class="container">
|
||||||
|
<div class="row">
|
||||||
|
<div class="col-lg-8 col-lg-offset-2">
|
||||||
|
<h2><b>XMPP OMEO End to End Encryption (E2EE)</b></h2> </br> </br>
|
||||||
|
<img src="16.png" class="imgRz">
|
||||||
|
<img src="17.png" class="imgRz">
|
||||||
|
<img src="18.png" class="imgRz">
|
||||||
|
<img src="19.png" class="imgRz">
|
||||||
|
<img src="20.png" class="imgRz">
|
||||||
|
<img src="21.png" class="imgRz">
|
||||||
|
<img src="22.png" class="imgRz">
|
||||||
|
<p>Now here, you need to tell the other peer (if they don't have OMEO enabled) to install a XMPP client like gajim, just like you, to use OMEO encryption just like you, to have end to end encryption.</p>
|
||||||
|
<img src="23.png" class="imgRz">
|
||||||
|
<img src="24.png" class="imgRz">
|
||||||
|
<img src="25.png" class="imgRz">
|
||||||
|
<img src="26.png" class="imgRz">
|
||||||
|
<img src="27.png" class="imgRz">
|
||||||
|
<img src="28.png" class="imgRz">
|
||||||
|
<img src="29.png" class="imgRz">
|
||||||
|
<img src="30.png" class="imgRz">
|
||||||
|
<p>And that's it! you now have a XMPP server working over both Clearnet, and Tor, with end to end encryption.</p>
|
||||||
|
|
||||||
<p>TODO: showcase a multi-user chat with 3 users</p>
|
|
||||||
<p>TODO: showcase XMPP onion federation between server A <-> and B</p>
|
|
||||||
</div>
|
</div>
|
||||||
</div><!-- /row -->
|
</div><!-- /row -->
|
||||||
</div> <!-- /container -->
|
</div> <!-- /container -->
|
||||||
|