forked from nihilist/blog-contributions
370 lines
12 KiB
HTML
370 lines
12 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<meta name="description" content="">
|
|
<meta name="author" content="">
|
|
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
|
|
|
|
<title>XMPP server (Gajim, OMEO encryption, ejabberd .onion setup)</title>
|
|
|
|
<!-- Bootstrap core CSS -->
|
|
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
|
|
<link href="../../assets/css/xt256.css" rel="stylesheet">
|
|
|
|
|
|
|
|
<!-- Custom styles for this template -->
|
|
<link href="../../assets/css/main.css" rel="stylesheet">
|
|
|
|
|
|
|
|
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
|
|
<!--[if lt IE 9]>
|
|
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
|
|
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
|
|
<![endif]-->
|
|
</head>
|
|
|
|
<body>
|
|
|
|
<!-- Static navbar -->
|
|
<div class="navbar navbar-inverse-anon navbar-static-top">
|
|
<div class="container">
|
|
<div class="navbar-header">
|
|
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
|
|
<span class="icon-bar"></span>
|
|
<span class="icon-bar"></span>
|
|
<span class="icon-bar"></span>
|
|
</button>
|
|
<a class="navbar-brand-anon" href="\index.html">nihilist`s Blog</a>
|
|
</div>
|
|
<div class="navbar-collapse collapse">
|
|
<ul class="nav navbar-nav navbar-right">
|
|
|
|
<li><a href="/about.html">About</a></li>
|
|
<li><a href="/blog.html">Categories</a></li>
|
|
<li><a href="https://blog.nihilism.network/donate.html">Donate</a></li>
|
|
<li><a href="/contact.html">Contact</a></li>
|
|
</ul>
|
|
</div><!--/.nav-collapse -->
|
|
|
|
</div>
|
|
</div>
|
|
|
|
<!-- +++++ Posts Lists +++++ -->
|
|
<!-- +++++ First Post +++++ -->
|
|
<div id="anon2">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-8 col-lg-offset-2">
|
|
<a href="../anon.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-05-29</ba></p>
|
|
<h1>XMPP server (Gajim, OMEO encryption, ejabberd .onion setup) </h1>
|
|
<p>In this tutorial we're going to cover how to setup an XMPP chatting service over Tor. </p>
|
|
<p><u>Disclaimer:</u> If you want this service to remain anonymous, make sure you at least keep <a href="../sensitiveremotevshome/index.html">TOR between you and the service</a> from the <a href="../anonymousremoteserver/index.html">VPS acquisition</a> to actual service usage. </p>
|
|
|
|
|
|
|
|
</div>
|
|
</div><!-- /row -->
|
|
</div> <!-- /container -->
|
|
</div><!-- /grey -->
|
|
|
|
<!-- +++++ Second Post +++++ -->
|
|
<div id="anon3">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-8 col-lg-offset-2">
|
|
<h2><b>Initial Setup </b></h2>
|
|
<p>First let's install the required packages, and then run the xmpp server using docker (you can check the documentation <a href="https://github.com/processone/docker-ejabberd/blob/master/ecs/README.md">here</a>), we'll follow <a href="https://landchad.net/ejabberd/">Lukesmith's tutorial</a> specifically:</p>
|
|
<pre><code class="nim">
|
|
apt install ejabberd -y
|
|
|
|
</code></pre>
|
|
<p>Now we need the following domain names to point to your server:</p>
|
|
<pre><code class="nim">
|
|
datura.network - Your XMPP hostname
|
|
xmpp.datura.network - For mod_muc, Multi User Chats (MUCs)
|
|
upload.datura.network - For mod_http_upload, file upload support
|
|
proxy.datura.network - For mod_proxy65, SOCKS5 proxy support
|
|
pubsub.datura.network - For mod_pubsub, publish-subscribe support (A fancier RSS)
|
|
|
|
</code></pre>
|
|
<p>Then we edit the ejabberd config file accordingly:</p>
|
|
<pre><code class="nim">
|
|
[ Datura ] [ /dev/pts/10 ] [/srv]
|
|
→ vim /etc/ejabberd/ejabberd.yml
|
|
|
|
[...]
|
|
|
|
hosts:
|
|
- datura.network
|
|
|
|
[...]
|
|
|
|
mod_muc:
|
|
host: xmpp.datura.network
|
|
|
|
[...]
|
|
|
|
</code></pre>
|
|
<p>Next we need to obtain the TLS certificate for the xmpp.datura.network domain, to do so we'll use acme.sh: </p>
|
|
<pre><code class="nim">
|
|
[ Datura ] [ /dev/pts/10 ] [~]
|
|
→ systemctl stop nginx ; acme.sh --issue --standalone -d xmpp.datura.network -k 4096 ; systemctl start nginx
|
|
|
|
[Sun Jun 9 07:12:21 PM CEST 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
|
|
[Sun Jun 9 07:12:21 PM CEST 2024] Standalone mode.
|
|
[Sun Jun 9 07:12:21 PM CEST 2024] Creating domain key
|
|
[Sun Jun 9 07:12:23 PM CEST 2024] The domain key is here: /root/.acme.sh/xmpp.datura.network/xmpp.datura.network.key
|
|
[Sun Jun 9 07:12:23 PM CEST 2024] Single domain='xmpp.datura.network'
|
|
[Sun Jun 9 07:12:25 PM CEST 2024] Getting webroot for domain='xmpp.datura.network'
|
|
[Sun Jun 9 07:12:25 PM CEST 2024] Verifying: xmpp.datura.network
|
|
[Sun Jun 9 07:12:25 PM CEST 2024] Standalone mode server
|
|
[Sun Jun 9 07:12:26 PM CEST 2024] Pending, The CA is processing your order, please just wait. (1/30)
|
|
[Sun Jun 9 07:12:30 PM CEST 2024] Pending, The CA is processing your order, please just wait. (2/30)
|
|
[Sun Jun 9 07:12:33 PM CEST 2024] Pending, The CA is processing your order, please just wait. (3/30)
|
|
[Sun Jun 9 07:12:37 PM CEST 2024] Success
|
|
[Sun Jun 9 07:12:37 PM CEST 2024] Verify finished, start to sign.
|
|
[Sun Jun 9 07:12:37 PM CEST 2024] Lets finalize the order.
|
|
[Sun Jun 9 07:12:37 PM CEST 2024] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/1581078457/276884921497'
|
|
[Sun Jun 9 07:12:38 PM CEST 2024] Downloading cert.
|
|
[Sun Jun 9 07:12:38 PM CEST 2024] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/03a21dfde3a1a017ddaec55ef3c43a3cae0c'
|
|
[Sun Jun 9 07:12:39 PM CEST 2024] Cert success.
|
|
|
|
[...]
|
|
|
|
[Sun Jun 9 07:12:39 PM CEST 2024] Your cert is in: /root/.acme.sh/xmpp.datura.network/xmpp.datura.network.cer
|
|
[Sun Jun 9 07:12:39 PM CEST 2024] Your cert key is in: /root/.acme.sh/xmpp.datura.network/xmpp.datura.network.key
|
|
[Sun Jun 9 07:12:39 PM CEST 2024] The intermediate CA cert is in: /root/.acme.sh/xmpp.datura.network/ca.cer
|
|
[Sun Jun 9 07:12:39 PM CEST 2024] And the full chain certs is there: /root/.acme.sh/xmpp.datura.network/fullchain.cer
|
|
|
|
[ Datura ] [ /dev/pts/10 ] [~]
|
|
→ chown -R ejabberd:ejabberd /root/.acme.sh/xmpp.datura.network
|
|
|
|
[ Datura ] [ /dev/pts/10 ] [~]
|
|
→ cat /etc/ejabberd/ejabberd.yml
|
|
|
|
[...]
|
|
|
|
certfiles:
|
|
- "/root/.acme.sh/xmpp.datura.network/fullchain.cer"
|
|
|
|
[...]
|
|
|
|
</code></pre>
|
|
<p>Then we add the admin user in ejabberd.yml:</p>
|
|
<pre><code class="nim">
|
|
[ Datura ] [ /dev/pts/10 ] [~]
|
|
→ cat /etc/ejabberd/ejabberd.yml
|
|
|
|
[...]
|
|
|
|
acl:
|
|
admin:
|
|
user:
|
|
- "nihilist"
|
|
|
|
[...]
|
|
|
|
</code></pre>
|
|
<p>We also add the File Uploads:</p>
|
|
<pre><code class="nim">
|
|
[ Datura ] [ /dev/pts/10 ] [~]
|
|
→ cat /etc/ejabberd/ejabberd.yml
|
|
|
|
[...]
|
|
|
|
mod_http_upload:
|
|
put_url: https://@HOST@:5443/upload
|
|
docroot: /srv/xmpp/upload/
|
|
custom_headers:
|
|
"Access-Control-Allow-Origin": "https://@HOST@"
|
|
"Access-Control-Allow-Methods": "GET,HEAD,PUT,OPTIONS"
|
|
"Access-Control-Allow-Headers": "Content-Type"
|
|
|
|
[...]
|
|
|
|
[ Datura ] [ /dev/pts/10 ] [~]
|
|
→ mkdir /srv/xmpp/upload/ -p
|
|
|
|
[ Datura ] [ /dev/pts/10 ] [~]
|
|
→ chown -R ejabberd:ejabberd /srv/xmpp/upload/
|
|
|
|
</code></pre>
|
|
<p>We enable message archives too:</p>
|
|
<pre><code class="nim">
|
|
[ Datura ] [ /dev/pts/10 ] [~]
|
|
→ cat /etc/ejabberd/ejabberd.yml
|
|
|
|
[...]
|
|
|
|
mod_mam:
|
|
## Mnesia is limited to 2GB, better to use an SQL backend
|
|
## For small servers SQLite is a good fit and is very easy
|
|
## to configure. Uncomment this when you have SQL configured:
|
|
## db_type: sql
|
|
assume_mam_usage: true
|
|
default: always
|
|
|
|
[...]
|
|
|
|
</code></pre>
|
|
<p>Next, you setup a coturn service for the VOIP <a href="https://landchad.net/coturn/">here</a>, but in this case we'll use the same coturn service that we previously setup for the <a href="../matrixnew/index.html">matrix server</a></p>
|
|
<pre><code class="nim">
|
|
[ Datura ] [ /dev/pts/10 ] [~]
|
|
→ cat /etc/ejabberd/ejabberd.yml
|
|
|
|
[...]
|
|
|
|
mod_stun_disco:
|
|
secret: "DAWDDWADWADAWDWAWDDWAADWADWDWADWADWAAWDDWAWAD"
|
|
services:
|
|
-
|
|
host: m.datura.network
|
|
type: stun
|
|
-
|
|
host: m.datura.network
|
|
type: turn
|
|
|
|
[...]
|
|
|
|
</code></pre>
|
|
<p>Then we restart the ejabberd service:</p>
|
|
<pre><code class="nim">
|
|
[ Datura ] [ /dev/pts/10 ] [~]
|
|
→ systemctl restart ejabberd
|
|
|
|
[ Datura ] [ /dev/pts/10 ] [~]
|
|
→ systemctl status ejabberd
|
|
● ejabberd.service - robust, scalable and extensible realtime platform (XMPP server + MQTT broker + SIP service)
|
|
Loaded: loaded (/lib/systemd/system/ejabberd.service; enabled; preset: enabled)
|
|
Active: active (running) since Sun 2024-06-09 21:21:41 CEST; 6s ago
|
|
Docs: https://www.process-one.net/en/ejabberd/docs/
|
|
Main PID: 3664214 (sh)
|
|
Tasks: 116 (limit: 77002)
|
|
Memory: 111.9M
|
|
CPU: 3.022s
|
|
CGroup: /system.slice/ejabberd.service
|
|
|
|
</code></pre>
|
|
<p>Now that the ejabberd service has restarted successfully, we can register the admin user:</p>
|
|
<pre><code class="nim">
|
|
[ Datura ] [ /dev/pts/10 ] [~]
|
|
→ ejabberdctl register nihilist datura.network P@SSW0RD
|
|
|
|
User nihilist@datura.network successfully registered
|
|
|
|
|
|
</code></pre>
|
|
</div>
|
|
</div><!-- /row -->
|
|
</div> <!-- /container -->
|
|
</div><!-- /white -->
|
|
|
|
<div id="anon2">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-8 col-lg-offset-2">
|
|
<h2><b>Setup</b></h2> </br> </br>
|
|
|
|
<p>Now the xmpp server is active, along with your nihilist user, so let's connect to it from a XMPP client like gajim:</p>
|
|
<pre><code class="nim">
|
|
[ mainpc ] [ /dev/pts/8 ] [~]
|
|
→ sudo apt install gajim -y
|
|
|
|
</code></pre>
|
|
<img src="1.png" class="imgRz">
|
|
|
|
<p></p>
|
|
<img src="" class="imgRz">
|
|
<pre><code class="nim">
|
|
|
|
</code></pre>
|
|
|
|
<p></p>
|
|
<img src="" class="imgRz">
|
|
<pre><code class="nim">
|
|
|
|
</code></pre>
|
|
|
|
<p></p>
|
|
<img src="" class="imgRz">
|
|
<pre><code class="nim">
|
|
|
|
</code></pre>
|
|
|
|
</div>
|
|
</div><!-- /row -->
|
|
</div> <!-- /container -->
|
|
</div><!-- /white -->
|
|
|
|
|
|
<!-- +++++ Second Post +++++ -->
|
|
<div id="anon1">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-8 col-lg-offset-2">
|
|
<h2><b>Setup</b></h2> </br> </br>
|
|
<p></p>
|
|
<pre><code class="nim">
|
|
|
|
</code></pre>
|
|
|
|
<p></p>
|
|
<pre><code class="nim">
|
|
|
|
</code></pre>
|
|
|
|
<p></p>
|
|
<pre><code class="nim">
|
|
|
|
</code></pre>
|
|
|
|
</div>
|
|
</div><!-- /row -->
|
|
</div> <!-- /container -->
|
|
</div><!-- /white -->
|
|
|
|
<!-- +++++ Footer Section +++++ -->
|
|
|
|
<div id="anonb">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-4">
|
|
<h4>Nihilism</h4>
|
|
<p>
|
|
Until there is Nothing left.
|
|
|
|
</p>
|
|
</div><!-- /col-lg-4 -->
|
|
|
|
<div class="col-lg-4">
|
|
<h4>My Links</h4>
|
|
<p>
|
|
|
|
<a target="_blank" rel="noopener noreferrer" href="http://blog.nihilism.network/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://matrix.to/#/#nihilism:m.datura.network">Matrix Chat</a><br/>
|
|
|
|
</p>
|
|
</div><!-- /col-lg-4 -->
|
|
|
|
<div class="col-lg-4">
|
|
<h4>About nihilist</h4>
|
|
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@nihilism.network (<a href="https://nihilism.network/nihilist.pubkey">PGP</a>)</p>
|
|
</div><!-- /col-lg-4 -->
|
|
|
|
</div>
|
|
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<!-- Bootstrap core JavaScript
|
|
================================================== -->
|
|
<!-- Placed at the end of the document so the pages load faster -->
|
|
|
|
</body>
|
|
</html>
|