Integration/XMPP/Prosody

From diaspora* project wiki
Revision as of 02:46, 15 October 2018 by DenSchub (talk | contribs) (Drop i18n template)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Integrating Prosody with Diaspora

Here you will find all you need to install and set up a Prosody XMPP server integrated with your Diaspora user database. This guide was tested using Debian 7 and Archlinux, but it will probably work well for all GNU distributions. There are several steps and configurations you will need to perform, so read the instructions carefully.

See debian specific instructions at https://wiki.debian.org/Diaspora/XMPP

Understanding

The main goal is to set up Prosody to be capable of comparing the password received by the XMPP client with the hashed password stored on your pod's Diaspora database. Diasporas password hash is done using bcrypt, so we need to extend Prosody to do the same with the received password. To do so, we need to install a modified version of the - mod_auth_sql module, available below.

Since authentication methods can be set per host, you can use an existing Prosody instance with access to Diasporas database.

You can also pull in Diaspora contacts into the roster. They will only be updated on signing into the XMPP account and all modifications to them from the XMPP side will be lost.

Prosody

If you haven't yet, install Prosody. This setup was tested against 0.9.8 and is known to be incompatible with the 0.8 series. Follow the instructions described on their official site.

Once Prosody is installed, you can proceed.

Install bcrypt Lua library

Lua or Prosody don't ship with the bcrypt library. If it isn't in your repositories, you can install it with the following command:

luarocks install bcrypt

Prosody still depends on Lua 5.1, if your distribution is already on Lua 5.2 you may need to change the command to luarocks-5.1 or something similar.

Changes in prosody.cfg.lua

There are a couple of required changes to your prosody.cfg.lua.

Plugin path

Since we're going to install a new module, you should pick a location where you want to store it, for example /etc/prosody/modules. Then tell Prosody to look for modules there:

plugin_paths = { "/etc/prosody/modules" }

Don't worry, Prosody will continue looking for modules in the standard location.

Now download the module to your machine:

curl https://gist.githubusercontent.com/jhass/948e8e8d87b9143f97ad/raw/mod_auth_diaspora.lua > /etc/prosody/modules/mod_auth_diaspora.lua
curl https://gist.githubusercontent.com/jhass/948e8e8d87b9143f97ad/raw/mod_diaspora_contacts.lua > /etc/prosody/modules/mod_diaspora_contacts.lua

Add a virtual host for your pod

VirtualHost "yourpod.example.org"
  authentication = "diaspora"
  -- Uncomment and adjust username and password for MySQL/MariaDB
  --auth_diaspora = { driver = "MySQL", database = "diaspora_production", username = "diaspora", password = "pass", host = "localhost" }
  -- Uncomment and adjust username and password for PostgreSQL
  --auth_diaspora = { driver = "PostgreSQL", database = "diaspora_production", username = "diaspora", password = "pass", host = "localhost" }
  
  modules_enabled = {
    "diaspora_contacts";
  };

Replace yourpod.example.org with your pod's domain and adjust the username and password for the database connection. This is very important!

Read in Prosodys official documentation on how to correctly update your nameserver records afterwards. Also read about setting up the right certificates for your host.

Enable BOSH support

Uncomment following line inside modules_enabled to enable BOSH support:

"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"

Other recommendations

  • Since we have to transmit the password in plaintext to the server, we strongly recommend to require encryption:
 c2s_require_encryption = true
  • You may also require server to server connections to be encrypted and validate server certificates (diaspora does this already), but your pod won't be able to talk to some xmpp servers which use self signed certificates.
s2s_require_encryption = true
s2s_secure_auth = true
  • Adding a reverse proxy to Prosody's BOSH endpoint under your pods domain on the path /http-bind is a good idea too (check the examples on Vines page). If you have done so, set the proxy setting in diaspora.yml to true and add consider_bosh_secure = true to your Prosody configuration.

Restart Prosody

To complete the setup, just restart Prosody.

Testing

Just use your favorite XMPP client to connect to your pod using your regular Diaspora account and password.