This is a guide to set up a modern XMPP server focused on security and mobile messaging. The whole guide further assumes one is using Debian as a server and that you will end up hosting a few of your friends. It further assumes you have some basic skills working on a linux command line.
To make your server communicate make sure following ports are open in your firewall:
5222 (for client to server)
5269 (server to server)
5280 (default http port for prosody)
5281 (default https port for prosody)
Enabling HTTPS
First we acquire a signed HTTPS-certificate via Let's Encrypt1: This is among others required for Gajim plugins to work properly; self-generated certs will not work.
Install Certbot and get new certificates for your domain (replace myserver.org with your own):
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
certbot-auto certonly -d muc.placeholderdomain.org -d dump.placeholderdomain.org -d placeholderdomain.org-d placeholderdomain.org
Should you succeed, you will be able to read something like:
"Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/placeholderdomain.org/fullchain.pem. Your cert will expire on 2017 02-13. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew all of your certificates, run certbot-auto renew"
Take note of the path where the certificate is stored as we will use it later.
Installing and setting up MySQL as a storage back-end
First update your repositories and install MySQL:
apt-get update && apt-get install mysql-server
Run mysql as the root user:
mysql -u root -p
In mysql:
mysql> create database prosody; mysql> show databases;
Result should be something like:
Create a database account for prosody:
mysql> create user prosody;
Give the user prosody the rights to access the database, make sure to change the password and take note of it:
mysql> grant all on prosody.* to 'prosody'@'localhost' identified by 'userPassword';
Exit mysql:
exit;
Installing and configuring Prosody, the XMPP server
Install the newest version of Prosody and its dependencies from the official prosody repository:
echo "deb http://packages.prosody.im/debian wheezy main" >> /etc/apt/sources.list
wget https://prosody.im/files/prosody-debian-packages.key -O- | sudo apt-key add -
apt-get update && apt-get install prosody lua-dbi-mysql lua-zlib
Add the Let's Encrypt Certificates to Prosody and make sure Prosody can use them:
cp /etc/letsencrypt/live/myserver.org/*.pem /etc/prosody/certs/
Make sure the certificates are owned by prosody and legible only by root:
chown -R prosody:prosody /etc/prosody/ chmod -R 700 /etc/prosody/certs/
Install the newest prosody plugins:
apt-get install mercurial cd /usr/src hg clone https://hg.prosody.im/prosody-modules/ prosody-modules
Make a backup of the default prosody configuration and install the one by the homebrewserver.club2:
cd /etc/prosody
cp prosody.cfg.lua prosody.cfg.lua.original
wget http://homebrewserver.club/downloads/prosody.cfg.lua
Replace all instances of the placeholder domain name and passwords in the config file with your own:
sed -i 's/placeholderdomain.org/yourdomain.net/g' prosody.cfg.lua && sed -i 's/userPassword/yourownpassword/g' prosody.cfg.lua
Alternatively you can change them by hand. They are on line 61, 69, 72, 75 of prosody.cfg.lua
Finishing up
After you've set up all of the above it is time to start the server:
/etc/init.d/prosody restart
Users can be added from the command line, you will also be prompted for a password:
prosodyctl adduser me@placeholderdomain.org
Alternatively you can change "allow_registration = false;" to "allow_registration = true;" in the config (line 35) to allow users to register accounts on your server via their clients.
Now you can try connecting to your own server by using a client like Gajim or Conversations. Login with the above configured username and password.
If you have questions about Prosody, the project's documentation3 is quite good. If you can't find answers there, try contacting prosody developers and users directly via the Prosody XMPP chatroom4.
1: https://certbot.eff.org/
2: homebrewserver.club/downloads/prosody.cfg.lua
3: https://prosody.im/doc
4: xmpp://prosody.conference.prosody.im?join