Prosody XMPP Server (open messaging protocol)

Prosody writen in Lua

Homepage https://prosody.im/

Documentation https://prosody.im/doc/configure

Wiki from Arch Linux “ssl” https://wiki.archlinux.org/index.php/Prosody

8 MiB Flash or more

opkg update
opkg install prosody

4 MiB Flash

opkg update
opkg --nodeps install luafilesystem libidn luaexpat libexpat lua liblua prosody

Faster way is allowing auto-registration to @localhost.

sed -i -e 's/\(allow_registration = \)false;/\1true;/' /etc/prosody/prosody.cfg.lua
chmod +r /etc/prosody/prosody.cfg.lua
chown -R prosody:prosody /etc/prosody/data
/etc/init.d/prosody start

Use a XMPP client to add an account to 192.168.1.1 server like:

Batch add users with the same password:

for f in almursi jow maddes nilfred orca thelexi
do prosodyctl register $f localhost 123
done

All users see all others registered users by default.

# A roster for everyone
mkdir -p -m 775 /tmp/roster
cd /tmp/roster
# Make a list
echo "acoul
almursi
glp
hauke
jow
juhosg
maddes
nbd
nilfred
orca
thelexi" > lista.txt
for f in $(awk '{print $1}' lista.txt)
# Register
do prosodyctl register $f localhost 123
# Add to group "Familiares" all others, but not self.
sed -e "/$f/ d" lista.txt | awk 'BEGIN {print "return {\n\t[false] = {\n\t\t[\"version\"] = 5;\n\t};\n\t[\"pending\"] = {};"} {print "\t[\"" $1 "@localhost\"] = {\n\t\t[\"groups\"] = {\n\t\t\t[\"Familiares\"] = true;\n\t\t};\n\t\t[\"subscription\"] = \"both\";\n\t\t[\"name\"] = \"" toupper(substr($1, 1, 1)) substr($1, 2) "\";\n\t};"} END {print "}"}' > $f.dat
done
chmod 666 *.dat
# Move to flash at once
mkdir -p -m 775 /etc/prosody/data/localhost/roster
chown prosody:prosody *.dat . /etc/prosody/data/localhost/roster
mv *.dat /etc/prosody/data/localhost/roster/

The sausage do:

  • Remove the self name from the list
  • Print a head
  • Print a paragraph to each other with
    • name@localhost
    • groups: Familiares
    • Nickname with first letter capitalized
  • Print a tail to a file

Not required if SSL stuff was not installed, Ex.: 4 MiB installation.

Same old key used for brevity, some RTFM required for completeness.

cd /tmp
scp root@routerlogin.net:/etc/prosody/certs/localhost.[ck]e* .
openssl req -new -x509 -days 365 -nodes -out "localhost.cert" -key "localhost.key"
scp localhost.[ck]e* root@routerlogin.net:/etc/prosody/certs/

Will see to add -subj parameter for batch usage.

This code is not intended to run in the router itself, some test still required.

Where it says C=AR means your country 2 letters ISO. CN= has to match your domain name or prosody may ask yet another question.

# Self-signed SSL certificate creation (new key)
cd /tmp
openssl req -new -x509 -days 365 -nodes -out "example.no-ip.biz.crt" -keyout "example.no-ip.biz.key" -subj /C=AR/ST=YourState/L=YourCity/O=YourOrganization/OU=YourOrganizationUnit/CN=example.no-ip.biz/emailAddress=your@mail.address
scp example.no-ip.biz.[ck][re][ty] root@192.168.1.1:/etc/prosody/certs/
mkdir -p ~/build/files/ar71xx/etc/prosody/certs
mv example.no-ip.biz.[ck][re][ty] ~/build/files/ar71xx/etc/prosody/certs

The next year you have to do this:

# Self-signed SSL certificate renew (same old key)
cd ~/build/files/ar71xx/etc/prosody/certs
openssl req -new -x509 -days 365 -nodes -out "example.no-ip.biz.crt" -key "example.no-ip.biz.key" -subj /C=AR/ST=YourState/L=YourCity/O=YourOrganization/OU=YourOrganizationUnit/CN=example.no-ip.biz/emailAddress=your@mail.address
scp example.no-ip.biz.[ck][re][ty] root@192.168.1.1:/etc/prosody/certs/

That's because the key never expires, just the certificate expires. Prosody may ask anyway.

When upgrade the firmware, you may lost your certificate and clients (prosody) may ask for it. Better present the same unexpired certificate to avoid asking.

# Upload the same certificate already created before
cd ~/build/files/ar71xx/etc/prosody/certs
scp example.no-ip.biz.[ck][re][ty] root@192.168.1.1:/etc/prosody/certs/

This example requires you to get a example.no-ip.biz domain and install luci-app-ddns. Then is exactly the same as @localhost:

# Allow registration?
sed -i -e 's/\(allow_registration = \)false;/\1true;/' /etc/prosody/prosody.cfg.lua
chmod +r /etc/prosody/prosody.cfg.lua
# Start once to create the prosody:prosody account
/etc/init.d/prosody start
/etc/init.d/prosody stop
chown -R prosody:prosody /etc/prosody/data
sed -i -e 's/example.com/example.no-ip.biz/;/enabled = false/ d' /etc/prosody/prosody.cfg.lua
# A roster for everyone
mkdir -p -m 775 /tmp/roster
cd /tmp/roster
# Make a list
echo "acoul
almursi
glp
hauke
jow
juhosg
maddes
nbd
nilfred
orca
thelexi" > lista.txt
mkdir -p -m 775 /etc/prosody/data/example.no-ip.biz/roster
chown -R prosody:prosody /etc/prosody/data
for f in $(awk '{print $1}' lista.txt)
do prosodyctl register $f example.no-ip.biz 123
sed -e "/$f/ d" lista.txt | awk 'BEGIN {print "return {\n\t[false] = {\n\t\t[\"version\"] = 1;\n\t};\n\t[\"pending\"] = {};"} {print "\t[\"" $1 "@example.no-ip.biz\"] = {\n\t\t[\"groups\"] = {\n\t\t\t[\"Familiares\"] = true;\n\t\t};\n\t\t[\"subscription\"] = \"both\";\n\t\t[\"name\"] = \"" toupper(substr($1, 1, 1)) substr($1, 2) "\";\n\t};"} END {print "}"}' > $f.dat
done
chmod 666 *.dat
chown prosody:prosody *.dat .
mv *.dat /etc/prosody/data/example.no-ip.biz/roster/
/etc/init.d/prosody start
# All OK?
cat /var/log/prosody/prosody.err
cat /var/log/prosody/prosody.log

After reading how to setup DDNS client, you should end with something like this working configuration:

uci batch <<'EOF'
set ddns.myddns.domain=example.no-ip.biz
set ddns.myddns.enabled=0
set ddns.myddns.force_interval=22
set ddns.myddns.ip_interface=pppoe-wan
set ddns.myddns.ip_source=interface
delete ddns.myddns.ip_url
set ddns.myddns.password=password
set ddns.myddns.service_name=no-ip.com
set ddns.myddns.username=username
commit ddns
EOF

It would be wise if your router has the same name for LAN clients, so has to not go out and redirected back.

uci batch <<'EOF'
add dhcp domain
set dhcp.@domain[-1].ip=192.168.1.1
set dhcp.@domain[-1].name=tplinklogin.net
add dhcp domain
set dhcp.@domain[-1].ip=192.168.1.1
set dhcp.@domain[-1].name=routerlogin.net
add dhcp domain
set dhcp.@domain[-1].ip=192.168.1.1
set dhcp.@domain[-1].name=example.no-ip.biz
commit dhcp
EOF

Now these commands have the same effect in your LAN:

ssh root@192.168.1.1
ssh root@routerlogin.net
ssh root@tplinklogin.net
ssh root@example.no-ip.biz

Your router now has a name!

Very well! So, for your own domain name may need to setup SRV records if the xmpp server run in another subdomain like this:

_xmpp-client._tcp.example.com. 18000 IN SRV 0 5 5222 xmpp.example.com.
_xmpp-server._tcp.example.com. 18000 IN SRV 0 5 5269 xmpp.example.com. 

Translated to uci will look like this:

uci batch <<'EOF'
add dhcp srvhost
set dhcp.@srvhost[-1].srv=_xmpp-client._tcp.example.com
set dhcp.@srvhost[-1].target=xmpp.example.com
set dhcp.@srvhost[-1].port=5222
set dhcp.@srvhost[-1].class=0
set dhcp.@srvhost[-1].weight=5
add dhcp srvhost
set dhcp.@srvhost[-1].srv=_xmpp-server._tcp.example.com
set dhcp.@srvhost[-1].target=xmpp.example.com
set dhcp.@srvhost[-1].port=5269
set dhcp.@srvhost[-1].class=0
set dhcp.@srvhost[-1].weight=5
commit dhcp
EOF

This DNS trick is for someone@xmpp.example.com looks like someone@example.com, but also for fancy names like this full picture:

# A record
your-server.EXAMPLE.COM                     IN A            1.2.3.4        # this *must* be an A record and not a CNAME
 
# CNAME records
anon.EXAMPLE.COM                          IN CNAME        your-server.EXAMPLE.COM. # this is what the anonymous binding (non-logged in web users) will connect to
topics.EXAMPLE.COM                        IN CNAME        your-server.EXAMPLE.COM. # to enable channels like food@topics.EXAMPLE.COM
 
# SRV records
_xmpp-client._tcp.EXAMPLE.COM.            IN SRV 5 0 5222 your-server.EXAMPLE.COM.
_xmpp-server._tcp.EXAMPLE.COM.            IN SRV 5 0 5269 your-server.EXAMPLE.COM.
_xmpp-server._tcp.anon.EXAMPLE.COM        IN SRV 5 0 5269 your-server.EXAMPLE.COM.
_xmpp-server._tcp.topics.EXAMPLE.COM      IN SRV 5 0 5269 your-server.EXAMPLE.COM. 
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2024/08/15 13:54
  • by stokito