We install an XMPP server, it will serve in game, also in term. Then we install Prosody, because it was Link Mauve who recommended it : D (and it seems to do the job, and that is what counts).

The packages under “Debian Jessie” are a bit old. It is therefore necessary to use the source packages.

Prosody's doc is fine. I translated the main one for Debian. All in root:

• Add sources: echo deb http://packages.prosody.im/debian $ (lsb_release -sc) main | Tee -a /etc/apt/sources.list.d/prosody.list
• Add the key: wget https://prosody.im/files/prosody-debian-packages.key -O- | Apt-key add -
• Apt-get update
• Download the correct version: apt-get install prosody-0.10
• Add optional dependencies that should be practical: apt-get install lua-sec lua-event lua-zlib

Then let's set up Prosody. As the doc says on https://wiki.jabberfr.org/Configuration_of_the_base_of_server_prosody_Jabber_fr, it is necessary to quietly read /etc/prosody/prosody.cfg.lua.

Once the server is launched(and a user created), add the user name to the value admins = {} .

I un-commented the module blocklist because it seems(to me) being essential. We will see if it takes up resources…

The rest will show itself when it all runs!

I edit the server name to VirtualHost and comment the line below -enabled=false

Then … (and this is the fun part): the certificates! we use the let's encrypt, so we will have to point to the right certificates… except that prosody can not read the files in /etc/letsencrypt/live/*(even with a symbolic link). So the easiest way is to copy the certificate into the prosody folder and give it reading rights.

cp /etc/letsencrypt/live/khaganat.net/privkey.pem /etc/prosody/certs/khaganat.net.key
cp /etc/letsencrypt/live/khaganat.net/fullchaim.pem /etc/prosody/certs/khaganat.net.crt
chown -R prosody:prosody /etc/prosody/certs/
chmod -R 700 /etc/prosody/certs/

And that's what it looks like in /etc/prosody/prosody.cfg.lua(without comments):

VirtualHost "khaganat.net"
        ssl = {
                key = "/etc/prosody/certs/khaganat.net.key";
                certificate = "/etc/prosody/certs/khaganat.net.crt";
        }

Then we restart prosody to take the changes into account and we verify that it works:

 
 Service prosody restart
 Service prosody status

We also look in /var/log/prosody/prosody.* if all did go well.

We then create a user “directly” on the command line(since we have not yet opened the registrations!):

 Prosodyctl adduser me@example.com

Then we have to open the right ports. This needs to be checked, it probably depends on some configuration…

iptables -t filter -A INPUT -p tcp --dport 5222 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 5269 -j ACCEPT

nmap serveur.com

See also https://prosody.im/doc/components.

The basic server is fine, but a great strength of XMPP is that you can add functionality to it via modules, or “components”. The components are full flegded services, which will be launched on a server(not necessarily the one where prosody is installed). Prosody will then query the requested services by connecting to an ip address(and port) and then exchange a secret(or password) with the component. In the case of internal components, an password is not required.

If the component is already integrated in Prosody, simply activate it in it's configuration, for ex: by adding this in the configuration file which then will add the possibility to create Chat rooms:

Component "conference.example.org" "muc"

If the component does not already exist in Prosody, it must use the XEP-0114 protocol(standard for XMPP extensions). To add an external component, Prosody must know the correct address and port(by default 5347, used by most applications) and also the password(or “secret”) that the component uses.

If the component needs a subdomain to work, like “conference.example.org”, you must set this subdomain on the DNS side… and ensure that it is covered by an “ssl certificate”.

Here is a non-exhaustive list of the interesting modules, recommended by Link Mauve on this Linuxfr dispatch:

• Https://candy-chat.github.io/candy/: web interface to connect to a show(like webcat irc!);
• Https://xmpp.org/extensions/xep-0175.html and https://modules.prosody.im/mod_muc_ban_ip.html to manage anonymous connections and tie trouble shares as needed;
• Https://biboumi.louiz.org/ to make a gateway with IRC;
• Stream Management(XEP-0198)]), which makes it possible to know whether all messages have been received from the server and vice versa. Than restoring a session that ended unexpectedly(for network problems, for example); * [[Https://xmpp.org/extensions/xep-0280.html|Message Carbons(XEP-0280), which causes the server to duplicate messages sent or received to different connected clients, extension, ensuring a seamless transition from one device to another;
• Message Archive Management(XEP-0313), which is the reference specification for server-side XMPP message archives, Logs of what was said;
• Client State Indication(XEP-0352), which allows a client to report its idle state to the server, in which case the server will Permission to filter a number of non-essential items when the client is idle, thereby decreasing the bandwidth used and thereby improving autonomy;
• XMPP Sub protocol for WebSocket(RFC 7395), which comes to Join XMPP over BOSH(XEP-0206) to provide Web clients with a way to connect directly to the server, this time sticking better To the operation by conventional TCP, while allowing to bypass the blocking set up on certain networks;
• Blocking Command(XEP-0191) for filtering unwanted communications, in a simple way to implement for clients and effective on the server side;
• HTTP Upload(XEP-0363), to allow users to send small files to the server, some clients like Conversations or Gajim 'Use to send images inside messages;
• Push Notifications(XEP-0357), for mobile clients running on a restricted operating system for connections that remain open (iOS, Windows Phone, Android 6+), notifies the manufacturer's server that the client has received a message, which will transfer the message to the client for wake-up. It should be noted that at no time have the application developers, Apple, Google or Microsoft servers accessed either the content or the sender of the message: only “such phone has received a message” .

Server