From b0d23f0f9daf2935de56646e599d40ff641cbbce Mon Sep 17 00:00:00 2001 From: David Luevano Alvarado Date: Sat, 17 Jul 2021 17:01:07 -0600 Subject: forgot to update repo --- blog/dst/a/xmpp_server_with_prosody.html | 9 +++++---- blog/dst/rss.xml | 12 ++++++------ blog/dst/sitemap.xml | 16 ++++++++-------- blog/src/.files | 2 +- blog/src/a/xmpp_server_with_prosody.md | 8 ++++---- 5 files changed, 24 insertions(+), 23 deletions(-) (limited to 'blog') diff --git a/blog/dst/a/xmpp_server_with_prosody.html b/blog/dst/a/xmpp_server_with_prosody.html index d25de3f..a2a09c2 100644 --- a/blog/dst/a/xmpp_server_with_prosody.html +++ b/blog/dst/a/xmpp_server_with_prosody.html @@ -416,7 +416,7 @@ Component "vjud.your.domain" "vjud"

You HAVE to read all of the configuration file, because there are a lot of things that you need to change to make it work with your server/domain. Test the configuration file with:

luac5.2 -p /etc/prosody/prosody.cfg.lua
 
-

Notice that by default prosody will look up certificates that look like sub.your.domain, but if you get the certificates as myself, you’ll have a single certificate for all subdomains, and by default it is in /etc/letsencrypt/live, which has some strict permissions. So, to import them you can run:

+

Notice that by default prosody will look up certificates that look like sub.your.domain, but if you get the certificates like I do, you’ll have a single certificate for all subdomains, and by default it is in /etc/letsencrypt/live, which has some strict permissions. So, to import it you can run:

prosodyctl --root cert import /etc/letsencrypt/live
 

Ignore the complaining about not finding the subdomain certificates and note that you will have to run that command on each certificate renewal, to automate this, add the --deploy-hook flag to your automated Certbot renewal system; for me it’s a systemd timer with the following certbot.service:

@@ -550,7 +550,7 @@ systemctl restart nginx.service
pacman -S coturn
 

You can modify the configuration file (located at /etc/turnserver/turnserver.conf) as desired, but at least you need to make the following changes (uncomment or edit):

-
use-auth-secret
+
use-auth-secret
 realm=proxy.your.domain
 static-auth-secret=YOUR SUPER SECRET TURN PASSWORD
 
@@ -562,11 +562,11 @@ systemctl enable turnserver.service

You can test if your TURN server works at Trickle ICE. You may need to add a user in the turnserver.conf to test this.

Wrapping up

At this point you should have a working XMPP server, start/enable the prosody service now:

-
systemctl start prosody.service
+
systemctl start prosody.service
 systemctl enable prosody.service
 

And you can add your first user with the prosodyctl command (it will prompt you to add a password):

-
prosodyctl adduser user@your.domain
+
prosodyctl adduser user@your.domain
 

You may want to add a compliance user, so you can check if your server is set up correctly. To do so, go to XMPP Compliance Tester and enter the compliance user credentials. It should have similar compliance score to mine:

@@ -597,6 +597,7 @@ systemctl enable prosody.service