Prosody: Difference between revisions

(4 intermediate revisions by the same user not shown)

Line 5:

This page describes how to setup a walled-off Prosody instance for your organisation or family, with STUN/TURN support and http upload. This setup has server-to-server communication disabled.

= Set up DNS records for Prosody =

See official Prosody documentation here [https://prosody.im/doc/dns].

* Domain of the xmpp address is the bare top level domain example.org. The bare top level domain has SRV records pointing to XMPP server xmpp.example.org.

* XMPP server is hosted on xmpp.example.org.

* XMPP services, such as STUN/TURN server, Multi-User Chat and HTTP upload are hosted at *.xmpp.example.org. As *.xmpp.example.org is not a direct subdomain of example.org, we need to set mod_disco to let XMPP client to discover the services.

services.prosody.disco_items = [

{

description = "http upload";

url = "upload.xmpp.${domainName}";

}

];

</syntaxhighlight>

* STUN/TURN server is hosted on turn.xmpp.example.org.

* Multi-User Chat is hosted on muc.xmpp.example.org.

* HTTP upload server is hosted on upload.xmpp.example.org.

= SSL Certificate with ACME =

Line 74:

Line 94:

{

domain = "muc.xmpp.${domainName}";

~~# only admin can create public channels~~

restrictRoomCreation = false;

~~# everyone can create private chat rooms~~

restrictRoomCreation = ~~true~~;

}

];

}

</syntaxhighlight>

Line 93:

Line 111:

# xmpp server for "@example.org" is hosted on "xmpp.example.org"

# use SRV records.

"~~xmpp.${domainName}~~" = {

"myvhost0" = {

domain = "${domainName}";

enabled = true;

Line 172:

Line 190:

== Connect to prosody ==

services.prosody.virtualHosts."~~xmpp.${domainName}~~".extraConfig = ''

services.prosody.virtualHosts."myvhost0".extraConfig = ''

turn_external_host = "turn.xmpp.${domainName}"

turn_external_secret = "unfortunately this is a inline password"

Line 255:

Line 273:

http_upload_external_file_size_limit = 52428800

'';

services.prosody.~~virtualHosts."xmpp.${domainName}".extraConfig~~ = ''

services.prosody.disco_items = [

~~disco_items~~ = {

{

{ "upload.${domainName}"~~, "http upload" }~~;

description = "http upload";

url = "upload.xmpp.${domainName}";

}

'';

];

# mod_http_upload_external is a community module

@@ Line 5: / Line 5: @@
 This page describes how to setup a walled-off Prosody instance for your organisation or family, with STUN/TURN support and http upload.  This setup has server-to-server communication disabled.
+= Set up DNS records for Prosody =
+See official Prosody documentation here [https://prosody.im/doc/dns].
+* Domain of the xmpp address is the bare top level domain example.org. The bare top level domain has SRV records pointing to XMPP server xmpp.example.org.
+* XMPP server is hosted on xmpp.example.org.
+* XMPP services, such as STUN/TURN server, Multi-User Chat and HTTP upload are hosted at *.xmpp.example.org.  As *.xmpp.example.org is not a direct subdomain of example.org, we need to set mod_disco to let XMPP client to discover the services.
+<syntaxhighlight lang="nix">
+  services.prosody.disco_items = [
+    {
+      description = "http upload";
+      url = "upload.xmpp.${domainName}";
+    }
+  ];
+</syntaxhighlight>
+* STUN/TURN server is hosted on turn.xmpp.example.org.
+* Multi-User Chat is hosted on muc.xmpp.example.org.
+* HTTP upload server is hosted on upload.xmpp.example.org.
 = SSL Certificate with ACME =
@@ Line 74: / Line 94: @@
        {
          domain = "muc.xmpp.${domainName}";
-        # only admin can create public channels
+         restrictRoomCreation = false;
-        # everyone can create private chat rooms
-         restrictRoomCreation = true;
        }
      ];
-}
+  }
 </syntaxhighlight>
@@ Line 93: / Line 111: @@
        # xmpp server for "@example.org" is hosted on "xmpp.example.org"
        # use SRV records.
-       "xmpp.${domainName}" = {
+       "myvhost0" = {
          domain = "${domainName}";
          enabled = true;
@@ Line 172: / Line 190: @@
 == Connect to prosody ==
 <syntaxhighlight lang="nix">
-   services.prosody.virtualHosts."xmpp.${domainName}".extraConfig = ''
+   services.prosody.virtualHosts."myvhost0".extraConfig = ''
      turn_external_host = "turn.xmpp.${domainName}"
      turn_external_secret = "unfortunately this is a inline password"
@@ Line 255: / Line 273: @@
      http_upload_external_file_size_limit = 52428800
    '';
-   services.prosody.virtualHosts."xmpp.${domainName}".extraConfig = ''
+   services.prosody.disco_items = [
-     disco_items = {
+     {
-       { "upload.${domainName}", "http upload" };
+      description = "http upload";
+       url = "upload.xmpp.${domainName}";
      }
-   '';
+   ];
    # mod_http_upload_external is a community module