Configure Prosody XMPP server

(see another newsletter)

                March 16, 2024

            Configure Prosody XMPP server 

            We will set up a test XMPP server with 2 users (user1 and user2), the ability to create groups for users, and the ability for both users to exchange files.
For testing purposes, we will generate a self-signed SSL certificate (but it's easy to specify a real certificate and domain).
The server has the IP address 192.168.95.31 for our test.

┌ Open a terminal and switch to root
su -
┌ Install pkgsrc repository
(see another newsletter)

┌ Installing Prosody...
... and nano if don't like vi
pkgin -y in prosody
pkg install nano
┌ Configuring Prosody
Make a backup of the configuration file:
cp /opt/local/etc/prosody/prosody.cfg.lua /opt/local/etc/prosody/prosody.cfg.lua.BAK
Now edit the prosody configuration file:
nano /opt/local/etc/prosody/prosody.cfg.lua
Scroll to the end of the file and add the following block:
-- CONFIGURATION:
VirtualHost "192.168.95.31"
    enabled = true
    ssl = {
        key = "/opt/local/etc/prosody/certs/192.168.95.31.key";
        certificate = "/opt/local/etc/prosody/certs/192.168.95.31.crt";
    }

Component "conference.192.168.95.31" "muc"
Component "share.192.168.95.31" "http_file_share"
Generate the self-signed SSL certificate:
We've already specified it in the configuration but not created it yet!
prosodyctl cert generate 192.168.95.31
By default, the created certificates will be placed in /var/db/prosody/certs.
We need to move them:
mv /var/db/prosody/* /opt/local/etc/prosody/certs/
┌ Create users
prosodyctl register "user1" "192.168.95.31" "password-user1"
prosodyctl register "user2" "192.168.95.31" "password-user2"
┌ Start Prosody
svcadm enable svc:/pkgsrc/prosody:default
Check if Prosody is running:
svcs prosody
For the XMPP client software Spark, modifications are needed to connect when using a self-signed certificate on the server (as in this tutorial). (But you can use Conversations (android), Psi, Psi+ (windows), Pidgin etc..)
Launch the software. An authentication prompt appears.
Enter the username: user1
Enter the domain: 192.168.95.31
Enter the password "password-user1"
Check "Save Password"
Do not click "Connect" now!
Click on Advanced:
Security tab: check "Disable certificate hostname verification"
Certificates tab: check "Accept self-signed"
Click OK at the bottom to return to the login page.
Click Connect and accept everything.
(off course, it's just for testing purposes)

Don't miss what's next. Subscribe to Illumadmin: