Integration/XMPP/Prosody: Difference between revisions
(mention consider_bosh_secure) |
|||
Line 79: | Line 79: | ||
=== Other recommendations === | === Other recommendations === | ||
Since we have to transmit the password in plaintext to the server, we strongly recommend to require encryption: | * Since we have to transmit the password in plaintext to the server, we strongly recommend to require encryption: | ||
:<syntaxhighlight lang="lua"> | |||
<syntaxhighlight lang="lua"> | c2s_require_encryption = true | ||
c2s_require_encryption = true | |||
</syntaxhighlight> | </syntaxhighlight> | ||
If you | * Adding a reverse proxy to Prosody on the path <tt>/http-bind</tt> under your pods domain is a good idea too. If you have done so set the <tt>proxy</tt> setting in <tt>diaspora.yml</tt> to <tt>true</tt> and add <tt>consider_bosh_secure = true</tt> to your Prosody configuration. | ||
* mod_carbons | * If you want to improve the experience of your users when connecting from mobile devices, install: | ||
* mod_smacks | :* mod_carbons | ||
:* mod_smacks | |||
== Restart Prosody == | == Restart Prosody == |
Revision as of 12:46, 17 June 2015
Integrating Prosody with Diaspora
Here you will find all you need to install and set up a Prosody XMPP server integrated with your Diaspora user database. This guide was tested using Debian 7 and Archlinux, but it will probably work well for all GNU distributions. There are several steps and configurations you will need to perform, so read the instructions carefully.
See debian specific instructions at https://wiki.debian.org/Diaspora/XMPP
Understanding
The main goal is to set up Prosody to be capable of comparing the password received by the XMPP client with the hashed password stored on your pod's Diaspora database. Diasporas password hash is done using bcrypt, so we need to extend Prosody to do the same with the received password. To do so, we need to install a modified version of the - mod_auth_sql module, available below.
Since authentication methods can be set per host, you can use an existing Prosody instance with access to Diasporas database.
You can also pull in Diaspora contacts into the roster. They will only be updated on signing into the XMPP account and all modifications to them from the XMPP side will be lost.
Prosody
If you haven't yet, install Prosody. This setup was tested against 0.9.4 and is known to be incompatible with the 0.8 series. Follow the instructions described on their official site.
Once Prosody is installed, you can proceed.
Install bcrypt Lua library
Lua or Prosody don't ship with the bcrypt library. If it isn't in your repositories, you can install it with the following command:
luarocks install bcrypt
Prosody still depends on Lua 5.1, if your distribution is already on Lua 5.2 you may need to change the command to luarocks-5.1 or something similar.
Changes in prosody.cfg.lua
There are a couple of required changes to your prosody.cfg.lua.
Plugin path
Since we're going to install a new module, you should pick a location where you want to store it, for example /etc/prosody/modules. Then tell Prosody to look for modules there:
plugin_paths = { "/etc/prosody/modules" }
Don't worry, Prosody will continue looking for modules in the standard location.
Now download the module to your machine:
curl https://gist.githubusercontent.com/jhass/948e8e8d87b9143f97ad/raw/mod_auth_diaspora.lua > /etc/prosody/modules/mod_auth_diaspora.lua
curl https://gist.githubusercontent.com/jhass/948e8e8d87b9143f97ad/raw/mod_diaspora_contacts.lua > /etc/prosody/modules/mod_diaspora_contacts.lua
Add a virtual host for your pod
VirtualHost "yourpod.example.org"
authentication = "diaspora"
-- Uncomment and adjust username and password for MySQL/MariaDB
--auth_diaspora = { driver = "MySQL", database = "diaspora_production", username = "diaspora", password = "pass", host = "localhost" }
-- Uncomment and adjust username and password for PostgreSQL
--auth_diaspora = { driver = "PostgreSQL", database = "diaspora_production", username = "diaspora", password = "pass", host = "localhost" }
modules_enabled = {
"diaspora_contacts";
};
Replace yourpod.example.org with your pod's domain and adjust the username and password for the database connection. This is very important!
Read in Prosodys official documentation on how to correctly update your nameserver records afterwards. Also read about setting up the right certificates for your host.
Other recommendations
- Since we have to transmit the password in plaintext to the server, we strongly recommend to require encryption:
c2s_require_encryption = true
- Adding a reverse proxy to Prosody on the path /http-bind under your pods domain is a good idea too. If you have done so set the proxy setting in diaspora.yml to true and add consider_bosh_secure = true to your Prosody configuration.
- If you want to improve the experience of your users when connecting from mobile devices, install:
- mod_carbons
- mod_smacks
Restart Prosody
To complete the setup, just restart Prosody.
Testing
Just use your favorite XMPP client to connect to your pod using your regular Diaspora account and password.