In this tutorial we're going to cover how to setup an XMPP chatting service over Tor.
Disclaimer: If you want this service to remain anonymous, make sure you at least keep TOR between you and the service from the VPS acquisition to actual service usage.
First let's install the required packages, and then run the xmpp server using docker (you can check the documentation here), we'll follow Lukesmith's tutorial specifically:
apt install ejabberd -y
Now we need the following domain names to point to your server:
datura.network - Your XMPP hostname
xmpp.datura.network - For mod_muc, Multi User Chats (MUCs)
upload.datura.network - For mod_http_upload, file upload support
proxy.datura.network - For mod_proxy65, SOCKS5 proxy support
pubsub.datura.network - For mod_pubsub, publish-subscribe support (A fancier RSS)
Then we edit the ejabberd config file accordingly:
[ Datura ] [ /dev/pts/10 ] [/srv]
→ vim /etc/ejabberd/ejabberd.yml
[...]
hosts:
- datura.network
[...]
mod_muc:
host: xmpp.datura.network
[...]
Next we need to obtain the TLS certificate for the xmpp.datura.network domain, to do so we'll use acme.sh:
[ Datura ] [ /dev/pts/10 ] [~]
→ systemctl stop nginx ; acme.sh --issue --standalone -d xmpp.datura.network -k 4096 ; systemctl start nginx
[Sun Jun 9 07:12:21 PM CEST 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sun Jun 9 07:12:21 PM CEST 2024] Standalone mode.
[Sun Jun 9 07:12:21 PM CEST 2024] Creating domain key
[Sun Jun 9 07:12:23 PM CEST 2024] The domain key is here: /root/.acme.sh/xmpp.datura.network/xmpp.datura.network.key
[Sun Jun 9 07:12:23 PM CEST 2024] Single domain='xmpp.datura.network'
[Sun Jun 9 07:12:25 PM CEST 2024] Getting webroot for domain='xmpp.datura.network'
[Sun Jun 9 07:12:25 PM CEST 2024] Verifying: xmpp.datura.network
[Sun Jun 9 07:12:25 PM CEST 2024] Standalone mode server
[Sun Jun 9 07:12:26 PM CEST 2024] Pending, The CA is processing your order, please just wait. (1/30)
[Sun Jun 9 07:12:30 PM CEST 2024] Pending, The CA is processing your order, please just wait. (2/30)
[Sun Jun 9 07:12:33 PM CEST 2024] Pending, The CA is processing your order, please just wait. (3/30)
[Sun Jun 9 07:12:37 PM CEST 2024] Success
[Sun Jun 9 07:12:37 PM CEST 2024] Verify finished, start to sign.
[Sun Jun 9 07:12:37 PM CEST 2024] Lets finalize the order.
[Sun Jun 9 07:12:37 PM CEST 2024] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/1581078457/276884921497'
[Sun Jun 9 07:12:38 PM CEST 2024] Downloading cert.
[Sun Jun 9 07:12:38 PM CEST 2024] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/03a21dfde3a1a017ddaec55ef3c43a3cae0c'
[Sun Jun 9 07:12:39 PM CEST 2024] Cert success.
[...]
[Sun Jun 9 07:12:39 PM CEST 2024] Your cert is in: /root/.acme.sh/xmpp.datura.network/xmpp.datura.network.cer
[Sun Jun 9 07:12:39 PM CEST 2024] Your cert key is in: /root/.acme.sh/xmpp.datura.network/xmpp.datura.network.key
[Sun Jun 9 07:12:39 PM CEST 2024] The intermediate CA cert is in: /root/.acme.sh/xmpp.datura.network/ca.cer
[Sun Jun 9 07:12:39 PM CEST 2024] And the full chain certs is there: /root/.acme.sh/xmpp.datura.network/fullchain.cer
[ Datura ] [ /dev/pts/10 ] [~]
→ chown -R ejabberd:ejabberd /root/.acme.sh/xmpp.datura.network
[ Datura ] [ /dev/pts/10 ] [~]
→ cat /etc/ejabberd/ejabberd.yml
[...]
certfiles:
- "/root/.acme.sh/xmpp.datura.network/fullchain.cer"
[...]
Then we add the admin user in ejabberd.yml:
[ Datura ] [ /dev/pts/10 ] [~]
→ cat /etc/ejabberd/ejabberd.yml
[...]
acl:
admin:
user:
- "nihilist"
[...]
We also add the File Uploads:
[ Datura ] [ /dev/pts/10 ] [~]
→ cat /etc/ejabberd/ejabberd.yml
[...]
mod_http_upload:
put_url: https://@HOST@:5443/upload
docroot: /srv/xmpp/upload/
custom_headers:
"Access-Control-Allow-Origin": "https://@HOST@"
"Access-Control-Allow-Methods": "GET,HEAD,PUT,OPTIONS"
"Access-Control-Allow-Headers": "Content-Type"
[...]
[ Datura ] [ /dev/pts/10 ] [~]
→ mkdir /srv/xmpp/upload/ -p
[ Datura ] [ /dev/pts/10 ] [~]
→ chown -R ejabberd:ejabberd /srv/xmpp/upload/
We enable message archives too:
[ Datura ] [ /dev/pts/10 ] [~]
→ cat /etc/ejabberd/ejabberd.yml
[...]
mod_mam:
## Mnesia is limited to 2GB, better to use an SQL backend
## For small servers SQLite is a good fit and is very easy
## to configure. Uncomment this when you have SQL configured:
## db_type: sql
assume_mam_usage: true
default: always
[...]
Next, you setup a coturn service for the VOIP here, but in this case we'll use the same coturn service that we previously setup for the matrix server
[ Datura ] [ /dev/pts/10 ] [~]
→ cat /etc/ejabberd/ejabberd.yml
[...]
mod_stun_disco:
secret: "DAWDDWADWADAWDWAWDDWAADWADWDWADWADWAAWDDWAWAD"
services:
-
host: m.datura.network
type: stun
-
host: m.datura.network
type: turn
[...]
Then we restart the ejabberd service:
[ Datura ] [ /dev/pts/10 ] [~]
→ systemctl restart ejabberd
[ Datura ] [ /dev/pts/10 ] [~]
→ systemctl status ejabberd
● ejabberd.service - robust, scalable and extensible realtime platform (XMPP server + MQTT broker + SIP service)
Loaded: loaded (/lib/systemd/system/ejabberd.service; enabled; preset: enabled)
Active: active (running) since Sun 2024-06-09 21:21:41 CEST; 6s ago
Docs: https://www.process-one.net/en/ejabberd/docs/
Main PID: 3664214 (sh)
Tasks: 116 (limit: 77002)
Memory: 111.9M
CPU: 3.022s
CGroup: /system.slice/ejabberd.service
Now that the ejabberd service has restarted successfully, we can register the admin user:
[ Datura ] [ /dev/pts/10 ] [~]
→ ejabberdctl register nihilist datura.network P@SSW0RD
User nihilist@datura.network successfully registered
Now the xmpp server is active, along with your nihilist user, so let's connect to it from a XMPP client like gajim:
[ mainpc ] [ /dev/pts/8 ] [~]
→ sudo apt install gajim -y
Until there is Nothing left.
Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
Contact: nihilist@nihilism.network (PGP)