Simple hosting procedure for a Jabber server (Prosody)

Some of you already know that we think more and more about building a Cozy Box. It would allow anyone to host his Cozy Personal Cloud at home. What’s new here is that we are not alone to think about it! Tommy Rombouts, a talented designer located in Belgium, built a Computer Case for the Raspberry Pi.

Jabber Logo

I have finally decided to host my own Jabber server, for various reasons: my contact list works better on my server than on any other server; the server which I had previously used (jabber.fr) sometimes encounters issues; my Jabber address will be the same with my email address.

And because it is a simple procedure!

Installation and configuration

You will first need to install the prosody package:

apt-get install prosody

You will then need to add at the end of the file /etc/prosody/prosody.cfg.lua :

Host “domain.name”

Which in my case means:

Host "rom1v.com"

You will then create an online user with the command line and choose a password:

prosodyctl adduser user@domain.name 

Certificate

A TLS/SSL certificate is created by default, but its fields are not provided with pertinent values (localhost instead of domain.name, for instance). It is therefore recommended to generate a new one. In the directory /etc/prosody/certs, execute:

openssl req -new -x509 -nodes -out domain.name.cert -keyout domain.name.key -days 1000

Provide the required fields (« . » will be used to leave a field blank). Replace the certificate in the configuration file:

ssl = {
        key = "/etc/prosody/certs/domain.name.key";
        certificate = "/etc/prosody/certs/domain.name.cert";
}

Fingerprint

Since it is a self-signing certificate, Jabber clients should not trust it; they should ask for a confirmation while providing its fingerprint. They will then need to check if the present certificate is really the good one, which means that the fingerprint is identical. In order to find this out:

openssl x509 -fingerprint -noout -in domain.name.cert

For example:

$ openssl x509 -fingerprint -noout -in rom1v.com.cert
SHA1 Fingerprint=C3:6D:9B:65:06:55:C4:84:B4:A5:8D:4B:12:68:2F:08:71:7E:AC:DD

Ports

The ports TCP 5222 and 5269 need to be open.

Initiating the service

The only thing left to do is to initiate the service.

service prosody start

Clients

It is now possible to connect with the username and password which you have previously created:

Empathy screenshot

Backup

The server data is stored in /var/lib/prosody. It is, therefore, important not to forget this list in the saving process.

Many thanks to Cyrille Borne and nicolargo

This article is a translation of an article from the Romain Vimont’s blog License Creative Commons by-sa-3.0