Prosody XMPP 服务器 (开放消息协议)
用Lua写的 Prosody
- 来自 Arch Linux “ssl” 维基 https://wiki.archlinux.org/index.php/Prosody
安装
opkg update
opkg install prosody
让我看看它是否能尽快工作
更快的方法是允许自动注册到 @localhost.
允许注册
sed -i -e 's/\(allow_registration = \)false;/\1true;/' /etc/prosody/prosody.cfg.lua /etc/init.d/prosody restart
XMPP 客户端
使用XMPP客户端向192.168.1.1服务器添加帐户:
- 插件 适用于 Windows, Linux & Mac OS X
- Conversations 用于 Android
路径对吗?
批量添加具有相同密码的用户:
for f in almursi jow maddes nilfred orca thelexi do prosodyctl register $f localhost 123 done
不是那么容易
默认情况下,所有用户都会看到所有其他注册用户.
# A roster for everyone mkdir -p -m 775 /tmp/roster cd /tmp/roster # Make a list echo "acoul almursi glp hauke jow juhosg maddes nbd nilfred orca thelexi" > lista.txt for f in $(awk '{print $1}' lista.txt) # 注册 do prosodyctl register $f localhost 123 # Add to group "Familiares" all others, but not self. sed -e "/$f/ d" lista.txt | awk 'BEGIN {print "return {\n\t[false] = {\n\t\t[\"version\"] = 5;\n\t};\n\t[\"pending\"] = {};"} {print "\t[\"" $1 "@localhost\"] = {\n\t\t[\"groups\"] = {\n\t\t\t[\"Familiares\"] = true;\n\t\t};\n\t\t[\"subscription\"] = \"both\";\n\t\t[\"name\"] = \"" toupper(substr($1, 1, 1)) substr($1, 2) "\";\n\t};"} END {print "}"}' > $f.dat done chmod 666 *.dat # Move to flash at once mkdir -p -m 775 /etc/prosody/data/localhost/roster chown prosody:prosody *.dat . /etc/prosody/data/localhost/roster mv *.dat /etc/prosody/data/localhost/roster/
The sausage do:
- 从列表中删除自己的名字
- 打印头部
- 打印一个段落
- name@localhost
- groups: Familiares
- Nickname 首字母大写
- 将尾部打印到文件
续订SSL证书
如果没有安装SSL,则不需要.例如: 4 MiB installation.
相同的旧key用于简洁,一些RTFM完整性所需.
cd /tmp scp root@routerlogin.net:/etc/prosody/certs/localhost.[ck]e* . openssl req -new -x509 -days 365 -nodes -out "localhost.cert" -key "localhost.key" scp localhost.[ck]e* root@routerlogin.net:/etc/prosody/certs/
将看到为批使用添加 -subg 参数.
此代码不打算在路由器本身中运行,仍然需要一些测试.
创建新的SSL证书
上面写着 C=AR 意味着你的国家2个字母ISO ISO. CN= 必须匹配您的域名或prosody可能会问另一个问题.
# 自签名SSL证书创建 (new key) cd /tmp openssl req -new -x509 -days 365 -nodes -out "example.no-ip.biz.crt" -keyout "example.no-ip.biz.key" -subj /C=AR/ST=YourState/L=YourCity/O=YourOrganization/OU=YourOrganizationUnit/CN=example.no-ip.biz/emailAddress=your@mail.address scp example.no-ip.biz.[ck][re][ty] root@192.168.1.1:/etc/prosody/certs/ mkdir -p ~/build/files/ar71xx/etc/prosody/certs mv example.no-ip.biz.[ck][re][ty] ~/build/files/ar71xx/etc/prosody/certs
续订SSL证书
下一年你必须这么做:
# 自签名SSL证书续订 (same old key) cd ~/build/files/ar71xx/etc/prosody/certs openssl req -new -x509 -days 365 -nodes -out "example.no-ip.biz.crt" -key "example.no-ip.biz.key" -subj /C=AR/ST=YourState/L=YourCity/O=YourOrganization/OU=YourOrganizationUnit/CN=example.no-ip.biz/emailAddress=your@mail.address scp example.no-ip.biz.[ck][re][ty] root@192.168.1.1:/etc/prosody/certs/
这是因为密钥永远不会过期,只有证书过期. Prosody 可能会问.
上载存档的SSL证书
升级固件时, 您可能会丢失证书而客户端(prosody) 可能会要求提供证书. 最好出示相同的未过期证书,以避免询问.
# 上载之前已创建的相同证书 cd ~/build/files/ar71xx/etc/prosody/certs scp example.no-ip.biz.[ck][re][ty] root@192.168.1.1:/etc/prosody/certs/://
使用DDNS域
此示例要求您获取 example.no-ip.biz 域名并安装 luci-app-ddns. 则与@localhost完全相同:
# 允许注册? sed -i -e 's/\(allow_registration = \)false;/\1true;/' /etc/prosody/prosody.cfg.lua chmod +r /etc/prosody/prosody.cfg.lua # Start once to create the prosody:prosody account /etc/init.d/prosody start /etc/init.d/prosody stop chown -R prosody:prosody /etc/prosody/data sed -i -e 's/example.com/example.no-ip.biz/;/enabled = false/ d' /etc/prosody/prosody.cfg.lua # A roster for everyone mkdir -p -m 775 /tmp/roster cd /tmp/roster # Make a list echo "acoul almursi glp hauke jow juhosg maddes nbd nilfred orca thelexi" > lista.txt mkdir -p -m 775 /etc/prosody/data/example.no-ip.biz/roster chown -R prosody:prosody /etc/prosody/data for f in $(awk '{print $1}' lista.txt) do prosodyctl register $f example.no-ip.biz 123 sed -e "/$f/ d" lista.txt | awk 'BEGIN {print "return {\n\t[false] = {\n\t\t[\"version\"] = 1;\n\t};\n\t[\"pending\"] = {};"} {print "\t[\"" $1 "@example.no-ip.biz\"] = {\n\t\t[\"groups\"] = {\n\t\t\t[\"Familiares\"] = true;\n\t\t};\n\t\t[\"subscription\"] = \"both\";\n\t\t[\"name\"] = \"" toupper(substr($1, 1, 1)) substr($1, 2) "\";\n\t};"} END {print "}"}' > $f.dat done chmod 666 *.dat chown prosody:prosody *.dat . mv *.dat /etc/prosody/data/example.no-ip.biz/roster/ /etc/init.d/prosody start # All OK? cat /var/log/prosody/prosody.err cat /var/log/prosody/prosody.log
为路由器设置DDNS名称
在阅读了如何设置DDNS 客户端之后, 您应该以如下工作配置结束:
uci batch <<'EOF'
set ddns.myddns.domain=example.no-ip.biz
set ddns.myddns.enabled=0
set ddns.myddns.force_interval=22
set ddns.myddns.ip_interface=pppoe-wan
set ddns.myddns.ip_source=interface
delete ddns.myddns.ip_url
set ddns.myddns.password=password
set ddns.myddns.service_name=no-ip.com
set ddns.myddns.username=username
commit ddns
EOF
将路由器设置为与WAN相同的LAN名称
如果您的路由器对LAN客户端有相同的名称,那么它将是明智的,因此必须不出去和重定向回来.
uci batch <<'EOF'
add dhcp domain
set dhcp.@domain[-1].ip=192.168.1.1
set dhcp.@domain[-1].name=tplinklogin.net
add dhcp domain
set dhcp.@domain[-1].ip=192.168.1.1
set dhcp.@domain[-1].name=routerlogin.net
add dhcp domain
set dhcp.@domain[-1].ip=192.168.1.1
set dhcp.@domain[-1].name=example.no-ip.biz
commit dhcp
EOF
现在这些命令在您的局域网中具有相同的效果:
ssh root@192.168.1.1 ssh root@routerlogin.net ssh root@tplinklogin.net ssh root@example.no-ip.biz
你的路由器现在有了名字!
设置自己的域名SRV记录
很好!所以,对于你自己的域名可能需要设置SRV记录,如果xmpp服务器运行在另一子域名像这样:
_xmpp-client._tcp.example.com. 18000 IN SRV 0 5 5222 xmpp.example.com. _xmpp-server._tcp.example.com. 18000 IN SRV 0 5 5269 xmpp.example.com.
转换成uci的结果如下所示:
uci batch <<'EOF'
add dhcp srvhost
set dhcp.@srvhost[-1].srv=_xmpp-client._tcp.example.com
set dhcp.@srvhost[-1].target=xmpp.example.com
set dhcp.@srvhost[-1].port=5222
set dhcp.@srvhost[-1].class=0
set dhcp.@srvhost[-1].weight=5
add dhcp srvhost
set dhcp.@srvhost[-1].srv=_xmpp-server._tcp.example.com
set dhcp.@srvhost[-1].target=xmpp.example.com
set dhcp.@srvhost[-1].port=5269
set dhcp.@srvhost[-1].class=0
set dhcp.@srvhost[-1].weight=5
commit dhcp
EOF
这个DNS技巧是为了使someone@xmpp.example.com看起来像someone@example.com,但也用于像下图这样的花哨名称:
# A record your-server.EXAMPLE.COM IN A 1.2.3.4 # this *must* be an A record and not a CNAME # CNAME records anon.EXAMPLE.COM IN CNAME your-server.EXAMPLE.COM. # this is what the anonymous binding (non-logged in web users) will connect to topics.EXAMPLE.COM IN CNAME your-server.EXAMPLE.COM. # to enable channels like food@topics.EXAMPLE.COM # SRV records _xmpp-client._tcp.EXAMPLE.COM. IN SRV 5 0 5222 your-server.EXAMPLE.COM. _xmpp-server._tcp.EXAMPLE.COM. IN SRV 5 0 5269 your-server.EXAMPLE.COM. _xmpp-server._tcp.anon.EXAMPLE.COM IN SRV 5 0 5269 your-server.EXAMPLE.COM. _xmpp-server._tcp.topics.EXAMPLE.COM IN SRV 5 0 5269 your-server.EXAMPLE.COM.