Setting up an XMPP server with Prosody

Tags: howtos, projects, software

Published on
« Previous post: Converting a PDF to the CMYK colour … — Next post: Securely installing ownCloud »

XMPP is the best solution for instant messaging right now: It’s decentralized, with an open protocol, and everyone can run their own server. Since I wanted a JID of the form name@rieck.ru, I decided to run my own server.

After some research, I quickly decided on setting up Prosody. This server is written in LUA and its lightweight configuration appealed to me. morrigan, my server, is running Debian, so I installed Prosody with aptitude install prosody. After this, I went straight to the configuration.

The main configuration file is located under /etc/prosody/prosody.cfg.lua. In my case, I enabled most of the modules, namely:

  • roster
  • saslauth
  • tls
  • dialback
  • disco
  • private
  • vcard
  • privacy
  • legacyauth
  • version
  • uptime
  • time
  • ping
  • pep
  • register
  • posix

I kept most of the “specific functionality” disabled because it seemed overkill for a server that is only intended to be used by my friends and me. I furthermore set allow_registration = false, because I want to add users myself. Note that this does not contradict the usage of the register module above. The module is perhaps not appropriately named, because it allows registration and changing passwords. Even if I have to create every account by myself, I of course want my users to be able to change their passwords whenever they feel like it. I also set c2s_require_encryption and s2s_require_encryption to false, because I had some troubles connecting to other servers with both options enabled.

Following this, I added OpenSSL certificates for my domain rieck.ru in the folder /etc/prosody/certs. I require this because I want to be able to connect to the server with SSL encryption. Last, I created a configuration file /etc/prosody/conf.avail/rieck.ru.cfg.lua with the following contents:

VirtualHost "rieck.ru"
	enabled = true

	ssl = { 
		key = "/etc/prosody/certs/rieck.ru.key";
		certificate = "/etc/prosody/certs/rieck.ru.crt";
		}

After issuing a /etc/init.d/prosody restart, I was good to go.

Or so I thought. It turns out that to properly interact with Google Talk users, for example, Prosody/XMPP requires setting up DNS federation records. For fastmail.fm, my awesome e-mail provider that also provides DNS for my domain, this was quite easy: I simply had to add a record of type JABBER for my domain rieck.ru. The record needed to point at rieck.ru, as well.

In general, things are more complicated. The official Prosody documentation defines some example SRV records that need to be set up. Another good overview is provided by the XMPP wiki. To summarize: If your server is located at xmpp.example.com and you want to provide XMPP services for example.com, you need the following records:

_xmpp-client._tcp.example.com. 18000 IN SRV 0 5 5222 xmpp.example.com.
_xmpp-server._tcp.example.com. 18000 IN SRV 0 5 5269 xmpp.example.com.
_jabber._tcp.example.com 18000 IN SRV 0 5 5222 xmpp.example.com

Note that the target of these records is not allowed to be an IP address. Instead, only existing A records of the server are allowed (yet, not even a CNAME). I initially configured this erroneously by entering an IP address, and as a result, I could not add friends using Google Talk to my XMPP roster. Adding users from other domains worked fine, though.

All in all, everything went better than expected. I like XMPP. If only more people would use it instead of proprietary protocols…