finished the XMPP tutorial

This commit is contained in:
nihilist 2024-09-21 21:11:07 +02:00
parent a33b6740f7
commit 0ad296a702
21 changed files with 112 additions and 7 deletions

View File

@ -227,7 +227,7 @@
<li><a href="torwebsite/index.html">✅ Hidden Service with custom .onion Vanity V3 address</a></li> <li><a href="torwebsite/index.html">✅ Hidden Service with custom .onion Vanity V3 address</a></li>
<li><a href="index.html">❌ Basic Webserver setup (NGINX / PHP / MYSQL)</a></li> <li><a href="index.html">❌ Basic Webserver setup (NGINX / PHP / MYSQL)</a></li>
<li><a href="index.html">❌ Minimalistic MoneroSSO .onion setup</a></li> <li><a href="index.html">❌ Minimalistic MoneroSSO .onion setup</a></li>
<li><a href="xmpp2024/index.html">🟠 XMPP prosody .onion setup (chat service)</a></li> <li><a href="xmpp2024/index.html">✅ XMPP Chat Server Setup (Clearnet + Onion + OMEO E2EE)</a></li>
<li><a href="index.html">❌ Gitea .onion setup (Code repositories)</a></li> <li><a href="index.html">❌ Gitea .onion setup (Code repositories)</a></li>
<li><a href="index.html">❌ Nextcloud .onion setup (cloud storage)</a></li> <li><a href="index.html">❌ Nextcloud .onion setup (cloud storage)</a></li>
<li><a href="index.html">❌ Mastodon .onion setup (Microblogging)</a></li> <li><a href="index.html">❌ Mastodon .onion setup (Microblogging)</a></li>

BIN
opsec/xmpp2024/12.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 52 KiB

BIN
opsec/xmpp2024/13.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 64 KiB

BIN
opsec/xmpp2024/14.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 79 KiB

BIN
opsec/xmpp2024/15.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 553 KiB

BIN
opsec/xmpp2024/16.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 79 KiB

BIN
opsec/xmpp2024/17.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 12 KiB

BIN
opsec/xmpp2024/18.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 202 KiB

BIN
opsec/xmpp2024/19.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 20 KiB

BIN
opsec/xmpp2024/20.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 364 KiB

BIN
opsec/xmpp2024/21.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 69 KiB

BIN
opsec/xmpp2024/22.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 150 KiB

BIN
opsec/xmpp2024/23.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 60 KiB

BIN
opsec/xmpp2024/24.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 287 KiB

BIN
opsec/xmpp2024/25.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 282 KiB

BIN
opsec/xmpp2024/26.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 27 KiB

BIN
opsec/xmpp2024/27.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 26 KiB

BIN
opsec/xmpp2024/28.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 270 KiB

BIN
opsec/xmpp2024/29.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 63 KiB

BIN
opsec/xmpp2024/30.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 58 KiB

View File

@ -8,7 +8,7 @@
<meta name="author" content=""> <meta name="author" content="">
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png"> <link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
<title>XMPP Server Setup Setup</title> <title>XMPP Chat Server Setup (Clearnet + Onion + OMEO E2EE)</title>
<!-- Bootstrap core CSS --> <!-- Bootstrap core CSS -->
<link href="../../assets/css/bootstrap.css" rel="stylesheet"> <link href="../../assets/css/bootstrap.css" rel="stylesheet">
@ -61,9 +61,9 @@
<div class="row"> <div class="row">
<div class="col-lg-8 col-lg-offset-2"> <div class="col-lg-8 col-lg-offset-2">
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-08-05</ba></p> <a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-08-05</ba></p>
<h1>XMPP Server Setup Setup </h1> <h1>XMPP Chat Server Setup (Clearnet + Onion + OMEO E2EE)</h1>
<p>In this tutorial, we're going to check out how to setup a XMPP chat server, that is accessible over Tor, as a hidden service, using Prosody and Pidgin.</p> <p>In this tutorial, we're going to check out how to setup a XMPP chat server, that is accessible over Tor, as a hidden service, using Prosody. We'll also cover how to have a Clearnet XMPP server, and how to have OMEO End to End encryption using the Gajim XMPP client.</p>
</div> </div>
</div><!-- /row --> </div><!-- /row -->
</div> <!-- /container --> </div> <!-- /container -->
@ -74,7 +74,7 @@
<div class="container"> <div class="container">
<div class="row"> <div class="row">
<div class="col-lg-8 col-lg-offset-2"> <div class="col-lg-8 col-lg-offset-2">
<h2><b>XMPP Server Setup </b></h2> <h2><b>XMPP Onion Server Setup </b></h2>
<p>Before starting, check out <a href="../torwebsite/index.html">this</a> tutorial on how to create your first hidden service.</p> <p>Before starting, check out <a href="../torwebsite/index.html">this</a> tutorial on how to create your first hidden service.</p>
<pre><code class="nim"> <pre><code class="nim">
root@ANON-home:~# apt install prosody prosody-modules lua-unbound -y root@ANON-home:~# apt install prosody prosody-modules lua-unbound -y
@ -328,9 +328,114 @@ Component "conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.o
muc_log_expires_after = "1w" muc_log_expires_after = "1w"
</code></pre> </code></pre>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<div id="anon1">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>XMPP Clearnet Server Setup</b></h2> </br> </br>
<p>First edit prosody.cfg.lua like so :</p>
<pre><code class="nim">
[ Datura ] [ /dev/pts/3 ] [~]
→ vim /etc/prosody/prosody.cfg.lua
[...]
VirtualHost "nowhere.moe"
ssl = {
certificate = "/etc/ssl/nowhere.moe/fullchain.cer";
key = "/etc/ssl/nowhere.moe/nowhere.moe.key";
}
VirtualHost "nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion"
[...]
</code></pre>
<p>Then copy the existing acme.sh certificates for nowhere.moe into another non-root directory, otherwise prosody wont be able to read them:</p>
<pre><code class="nim">
[ Datura ] [ /dev/pts/4 ] [/etc/ssl/nowhere.moe]
→ mkdir -p /etc/ssl/nowhere.moe/
[ Datura ] [ /dev/pts/4 ] [/etc/ssl/nowhere.moe]
→ cp -r /root/.acme.sh/nowhere.moe/* /etc/ssl/nowhere.moe
[ Datura ] [ /dev/pts/4 ] [/etc/ssl/nowhere.moe]
→ sudo setfacl -R -m u:prosody:rx /etc/ssl/nowhere.moe/
[ Datura ] [ /dev/pts/4 ] [/etc/ssl/nowhere.moe]
→ sudo -u prosody cat /etc/ssl/nowhere.moe/nowhere.moe.cer
-----BEGIN CERTIFICATE-----
MIIF5zCCBM+gAwIBAgISBCVaPZeC38+C4bWEm3yPX1LMMA0GCSqGSIb3DQEBCwUA
MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
EwNSMTAwHhcNMjQwODExMjAyMjI5WhcNMjQxMTA5MjAyMjI4WjAWMRQwEgYDVQQD
Ewtub3doZXJlLm1vZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJPO
[...]
-----END CERTIFICATE-----
</code></pre>
<p>to copy it once a day to the correct folder, you can do it via cronjob:</p>
<pre><code class="nim">
[ Datura ] [ /dev/pts/7 ] [~]
→ crontab -e
0 0 * * * cp -r /root/.acme.sh/nowhere.moe/* /etc/ssl/nowhere.moe ; setfacl -R -m u:prosody:rx /root/.acme.sh/nowhere.moe ; systemctl restart prosody
</code></pre>
<p>Then, don't forget to create the clearnet user:</p>
<pre><code class="nim">
[ Datura ] [ /dev/pts/7 ] [~]
→ prosodyctl adduser usertest usertestpwd
[ Datura ] [ /dev/pts/7 ] [~]
→ prosodyctl passwd usertest@nowhere.moe
</code></pre>
<p>Then you can just connect to the XMPP server over clearnet aswell, but one thing to note is that pidgin is limited when it comes to encrypting chats, so let's use Gajim instead as it comes with OMEO encryption out of the box:</p>
<pre><code class="nim">
user@laptop: apt install gajim -y
</pre></code>
<img src="12.png" class="imgRz">
<img src="13.png" class="imgRz">
<img src="14.png" class="imgRz">
<img src="15.png" class="imgRz">
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>XMPP OMEO End to End Encryption (E2EE)</b></h2> </br> </br>
<img src="16.png" class="imgRz">
<img src="17.png" class="imgRz">
<img src="18.png" class="imgRz">
<img src="19.png" class="imgRz">
<img src="20.png" class="imgRz">
<img src="21.png" class="imgRz">
<img src="22.png" class="imgRz">
<p>Now here, you need to tell the other peer (if they don't have OMEO enabled) to install a XMPP client like gajim, just like you, to use OMEO encryption just like you, to have end to end encryption.</p>
<img src="23.png" class="imgRz">
<img src="24.png" class="imgRz">
<img src="25.png" class="imgRz">
<img src="26.png" class="imgRz">
<img src="27.png" class="imgRz">
<img src="28.png" class="imgRz">
<img src="29.png" class="imgRz">
<img src="30.png" class="imgRz">
<p>And that's it! you now have a XMPP server working over both Clearnet, and Tor, with end to end encryption.</p>
<p>TODO: showcase a multi-user chat with 3 users</p>
<p>TODO: showcase XMPP onion federation between server A <-> and B</p>
</div> </div>
</div><!-- /row --> </div><!-- /row -->
</div> <!-- /container --> </div> <!-- /container -->