Integration/XMPP/Prosody: Difference between revisions
(Created page with " Here you will find all you need to install and setup a Prosody XMPP server integrated with Diaspora users database.") |
SuperTux88 (talk | contribs) m (Remove hint to diaspora.yml) |
||
(43 intermediate revisions by 12 users not shown) | |||
Line 1: | Line 1: | ||
{{Out of date}} | |||
{{Note|1=The chat integration as been removed.}} | |||
Here you will find all you need to install and | = Integrating Prosody with Diaspora = | ||
Here you will find all you need to install and set up a Prosody XMPP server integrated with your Diaspora user database. | |||
This guide was tested using Debian 7 and Archlinux, but it will probably work well for all GNU distributions. | |||
There are several steps and configurations you will need to perform, so read the instructions carefully. | |||
'''See debian specific instructions at https://wiki.debian.org/Diaspora/XMPP''' | |||
= Understanding = | |||
The main goal is to set up Prosody to be capable of comparing the password received by the XMPP client with the hashed password stored on your pod's Diaspora database. | |||
Diasporas password hash is done using <tt>bcrypt</tt>, so we need to extend Prosody to do the same with the received password. To do so, we need to install a modified version of the [https://code.google.com/p/prosody-modules/wiki/mod_auth_sql - <tt>mod_auth_sql</tt>] module, available below. | |||
Since authentication methods can be set per host, you can use an existing Prosody instance with access to Diasporas database. | |||
You can also pull in Diaspora contacts into the roster. They will only be updated on signing into the XMPP account and all modifications to them from the XMPP side will be lost. | |||
= Prosody = | |||
If you haven't yet, install Prosody. This setup was tested against 0.9.8 and is known to be incompatible with the 0.8 series. | |||
Follow the instructions described on their [http://prosody.im/download/start official site]. | |||
Once Prosody is installed, you can proceed. | |||
== Install bcrypt Lua library == | |||
Lua or Prosody don't ship with the bcrypt library. If it isn't in your repositories, you can install it with the following command: | |||
<syntaxhighlight lang="bash"> | |||
luarocks install bcrypt | |||
</syntaxhighlight> | |||
Prosody still depends on Lua 5.1, if your distribution is already on Lua 5.2 you may need to change the command to <tt>luarocks-5.1</tt> or something similar. | |||
== Changes in <tt>prosody.cfg.lua</tt> == | |||
There are a couple of required changes to your <tt>prosody.cfg.lua</tt>. | |||
=== Plugin path === | |||
Since we're going to install a new module, you should pick a location where you want to store it, for example <tt>/etc/prosody/modules</tt>. | |||
Then tell Prosody to look for modules there: | |||
<syntaxhighlight lang="lua"> | |||
plugin_paths = { "/etc/prosody/modules" } | |||
</syntaxhighlight> | |||
Don't worry, Prosody will continue looking for modules in the standard location. | |||
Now download the module to your machine: | |||
<syntaxhighlight lang="bash"> | |||
curl https://gist.githubusercontent.com/jhass/948e8e8d87b9143f97ad/raw/mod_auth_diaspora.lua > /etc/prosody/modules/mod_auth_diaspora.lua | |||
curl https://gist.githubusercontent.com/jhass/948e8e8d87b9143f97ad/raw/mod_diaspora_contacts.lua > /etc/prosody/modules/mod_diaspora_contacts.lua | |||
</syntaxhighlight> | |||
=== Add a virtual host for your pod === | |||
<syntaxhighlight lang="lua"> | |||
VirtualHost "yourpod.example.org" | |||
authentication = "diaspora" | |||
-- Uncomment and adjust username and password for MySQL/MariaDB | |||
--auth_diaspora = { driver = "MySQL", database = "diaspora_production", username = "diaspora", password = "pass", host = "localhost" } | |||
-- Uncomment and adjust username and password for PostgreSQL | |||
--auth_diaspora = { driver = "PostgreSQL", database = "diaspora_production", username = "diaspora", password = "pass", host = "localhost" } | |||
modules_enabled = { | |||
"diaspora_contacts"; | |||
}; | |||
</syntaxhighlight> | |||
Replace <tt>yourpod.example.org</tt> with your pod's domain and adjust the username and password for the database connection. This is very important! | |||
Read in [http://prosody.im/doc/dns Prosodys official documentation] on how to correctly update your nameserver records afterwards. | |||
Also read about setting up the right [http://prosody.im/doc/certificates certificates] for your host. | |||
=== Enable BOSH support === | |||
Uncomment following line inside '''modules_enabled''' to enable BOSH support: | |||
<syntaxhighlight lang="lua"> | |||
"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" | |||
</syntaxhighlight> | |||
=== Other recommendations === | |||
* Since we have to transmit the password in plaintext to the server, we strongly recommend to require encryption: | |||
:<syntaxhighlight lang="lua"> | |||
c2s_require_encryption = true | |||
</syntaxhighlight> | |||
* You may also require server to server connections to be encrypted and validate server certificates (diaspora does this already), but your pod won't be able to talk to some xmpp servers which use self signed certificates. | |||
:<syntaxhighlight lang="lua"> | |||
s2s_require_encryption = true | |||
s2s_secure_auth = true | |||
</syntaxhighlight> | |||
* Adding a reverse proxy to Prosody's BOSH endpoint under your pods domain on the path <tt>/http-bind</tt> is a good idea too (check the [https://wiki.diasporafoundation.org/Vines#Browser_blocks_mixed-content examples on Vines page]). If you have done so, add <tt>consider_bosh_secure = true</tt> to your Prosody configuration. | |||
* If you want to improve the experience of your users when connecting from mobile devices, install [https://wiki.debian.org/InstallingProsody#Useful_Modules_.28Mobile_support.29 modules listed on Debian's Prosody Installation guide]. | |||
* If you want to allow users to connect via HTTPS port (443) to bypass restrictive firewalls, follow [https://wiki.debian.org/InstallingProsody#XMPP_over_HTTPS steps documented at Debian's Prosody Installation guide]. | |||
== Restart Prosody == | |||
To complete the setup, just restart Prosody. | |||
= Testing = | |||
Just use your favorite XMPP client to connect to your pod using your regular Diaspora account and password. | |||
[[Category:Podmin]] |
Latest revision as of 23:36, 9 June 2024
Integrating Prosody with Diaspora
Here you will find all you need to install and set up a Prosody XMPP server integrated with your Diaspora user database. This guide was tested using Debian 7 and Archlinux, but it will probably work well for all GNU distributions. There are several steps and configurations you will need to perform, so read the instructions carefully.
See debian specific instructions at https://wiki.debian.org/Diaspora/XMPP
Understanding
The main goal is to set up Prosody to be capable of comparing the password received by the XMPP client with the hashed password stored on your pod's Diaspora database. Diasporas password hash is done using bcrypt, so we need to extend Prosody to do the same with the received password. To do so, we need to install a modified version of the - mod_auth_sql module, available below.
Since authentication methods can be set per host, you can use an existing Prosody instance with access to Diasporas database.
You can also pull in Diaspora contacts into the roster. They will only be updated on signing into the XMPP account and all modifications to them from the XMPP side will be lost.
Prosody
If you haven't yet, install Prosody. This setup was tested against 0.9.8 and is known to be incompatible with the 0.8 series. Follow the instructions described on their official site.
Once Prosody is installed, you can proceed.
Install bcrypt Lua library
Lua or Prosody don't ship with the bcrypt library. If it isn't in your repositories, you can install it with the following command:
luarocks install bcrypt
Prosody still depends on Lua 5.1, if your distribution is already on Lua 5.2 you may need to change the command to luarocks-5.1 or something similar.
Changes in prosody.cfg.lua
There are a couple of required changes to your prosody.cfg.lua.
Plugin path
Since we're going to install a new module, you should pick a location where you want to store it, for example /etc/prosody/modules. Then tell Prosody to look for modules there:
plugin_paths = { "/etc/prosody/modules" }
Don't worry, Prosody will continue looking for modules in the standard location.
Now download the module to your machine:
curl https://gist.githubusercontent.com/jhass/948e8e8d87b9143f97ad/raw/mod_auth_diaspora.lua > /etc/prosody/modules/mod_auth_diaspora.lua
curl https://gist.githubusercontent.com/jhass/948e8e8d87b9143f97ad/raw/mod_diaspora_contacts.lua > /etc/prosody/modules/mod_diaspora_contacts.lua
Add a virtual host for your pod
VirtualHost "yourpod.example.org"
authentication = "diaspora"
-- Uncomment and adjust username and password for MySQL/MariaDB
--auth_diaspora = { driver = "MySQL", database = "diaspora_production", username = "diaspora", password = "pass", host = "localhost" }
-- Uncomment and adjust username and password for PostgreSQL
--auth_diaspora = { driver = "PostgreSQL", database = "diaspora_production", username = "diaspora", password = "pass", host = "localhost" }
modules_enabled = {
"diaspora_contacts";
};
Replace yourpod.example.org with your pod's domain and adjust the username and password for the database connection. This is very important!
Read in Prosodys official documentation on how to correctly update your nameserver records afterwards. Also read about setting up the right certificates for your host.
Enable BOSH support
Uncomment following line inside modules_enabled to enable BOSH support:
"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
Other recommendations
- Since we have to transmit the password in plaintext to the server, we strongly recommend to require encryption:
c2s_require_encryption = true
- You may also require server to server connections to be encrypted and validate server certificates (diaspora does this already), but your pod won't be able to talk to some xmpp servers which use self signed certificates.
s2s_require_encryption = true s2s_secure_auth = true
- Adding a reverse proxy to Prosody's BOSH endpoint under your pods domain on the path /http-bind is a good idea too (check the examples on Vines page). If you have done so, add consider_bosh_secure = true to your Prosody configuration.
- If you want to improve the experience of your users when connecting from mobile devices, install modules listed on Debian's Prosody Installation guide.
- If you want to allow users to connect via HTTPS port (443) to bypass restrictive firewalls, follow steps documented at Debian's Prosody Installation guide.
Restart Prosody
To complete the setup, just restart Prosody.
Testing
Just use your favorite XMPP client to connect to your pod using your regular Diaspora account and password.