How to Install and Configure Prosody XMPP Server on Ubuntu 20.04

Introduction

Before we begin talking about how to install and configure Prosody XMPP on Ubuntu 20.04, let’s briefly understand - What is Prosody XMPP Server?

Prosody XMPP Server is a powerful open-source software that facilitates real-time communication over the internet. It enables instant messaging, voice and video calls, and file sharing. With a user-friendly interface and excellent performance, Prosody XMPP Server is ideal for businesses and individuals seeking a reliable and secure communication solution.

It supports various platforms and can be easily customized to meet specific requirements. Whether for personal or professional use, Prosody XMPP Server offers a seamless and efficient communication experience.

In this tutorial, you will install and configure the Prosody XMPP Server on Ubuntu 20.04. We will also address a few FAQs on how to install and configure the Prosody XMPP Server on Ubuntu 20.04.

Advantages of Prosody XMPP Server

1. Reliable Communication: Prosody XMPP Server ensures reliable and real-time communication, making it ideal for instant messaging and voice/video calls.
2. Open-Source: Being open-source, Prosody XMPP Server allows customization and flexibility for businesses and individuals.
3. Secure: With built-in security features, Prosody XMPP Server ensures data privacy and protection during communication.
4. User-Friendly Interface: Prosody XMPP Server offers an intuitive interface, making it easy to navigate and use for all users.
5. Cross-Platform Compatibility: Prosody XMPP Server supports multiple platforms, allowing seamless communication across devices and operating systems.

Step 1 - Installing the Prosody on Ubuntu 20.04

1) The Prosody is in the default Ubuntu repository. It also maintains a package repository. To install the latest version, add the Prosody repository with the following command:

echo 'deb https://packages.prosody.im/debian focal main' | sudo tee /etc/apt/sources.list.d/prosody.list

2) Now, run the following command to download and import the Prosody public key. It even allows APT package-manager to verify the integrity of packages downloadable from the repository:

wget https://prosody.im/files/prosody-debian-packages.key -O- | sudo apt-key add -

3) Next, update the local package index. Then, install the latest version of the Prosody and lua-bound using the below command:

sudo apt update
sudo apt install prosody

sudo apt install libunbound-dev liblua5.3-dev
luarocks install luaunbound

4) The Prosody will then automatically start. For this, check its status by running:

systemctl status prosody

You will see the output like:

prosody.service - Prosody XMPP Server
   Loaded: loaded (/lib/systemd/system/prosody.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2020-04-19 13:58:40 UTC; 16s ago
     Docs: https://prosody.im/doc
 Main PID: 1894 (lua5.2)
    Tasks: 1 (limit: 1108)
   CGroup: /system.slice/prosody.service
           └─1894 lua5.2 /usr/bin/prosody -F

Apr 19 13:58:40 localhost systemd[1]: Started Prosody XMPP Server.

5) If it is not running, start it using the below command:

sudo systemctl start prosody

6) Now to enable the auto-start at system boot time, run:

sudo systemctl enable prosody

Step 2 - Opening the Ports in Firewall

1) By default, it listens on both TCP ports 5269 and 5222 of the public IP address. Further, if Ubuntu does not have the netstat command, then you will install it with the sudo apt install net-tools.

sudo netstat -lnptu | grep lua

2) Port 5222 is useful for the client-to-server connection. While Port 5269 is useful for server-to-server connections.

3) Even by enabling the UFW firewall on Ubuntu, open the above ports by running:

sudo ufw allow 5222,5269/tcp

Step 3 - Configuring the Prosody XMPP Server

1) Next, edit the main configuration file with the command line text editor like Nano, by:

sudo nano /etc/prosody/prosody.cfg.lua

2) Here, in module_enabled {...} section, you will be able to uncomment a line that will enable a specific module, or comment out a line to disable any specific module. Each module will have a description telling what it does. You will have to enable the BOSH module (Bidirectional-streams Over Synchronous HTTP). It will allow XMPP communication over HTTP.

3) Then, scroll down in the configuration file. To allow for account registration from XMPP client, set the allow_registration to true. Also, If you are new to XMPP, you do not want to allow the XMPP clients to register by themselves.

allow_registration = true;

4) The Prosody will only allow for encrypted communication by running the below command:

c2s_require_encryption = true

s2s_require_encryption = true

5) Although, you will need to create a virtual host and install a TLS certificate. It will enable connections encryption. By default, there is only one virtual host in the Prosody- localhost:

VirtualHost "localhost"

6) Now, you will create another virtual host like chat.example.com. For that, add the following line in the file:

VirtualHost "chat.example.com"

Next, save and close the file. You will need to install a trusted TLS certificate from the Let’s Encrypt.

Step 4 - Obtaining Trusted TLS certificate

1) Issue the below command to install the Let’s Encrypt client (certbot) on the Ubuntu server:

sudo apt install certbot

2) If you do not have a web-server running yet, then install Apache or Nginx. It will make it easier to obtain and install a TLS certificate with a webserver.

3) If you use the Apache webserver, you need to install the Apache plugin. By the below command, you can install the Apache webserver if it is not installed:

sudo apt install python3-certbot-apache

4) If you use Nginx web-server, then install the Nginx plugin, by running the below command:

sudo apt install python3-certbot-nginx

5) You will now need an Apache virtual host for chat.example.com. Before obtaining the Let’s Encrypt TLS certificate, create a virtual host file using the below command:

sudo nano /etc/apache2/sites-available/prosody.conf

6) Now, paste the below text into the file. Replace the chat.example.com with your actual domain name. Further, remember to set DNS A record for it:

<VirtualHost *:80>        
        ServerName chat.example.com

        DocumentRoot /var/www/prosody
</VirtualHost>

7) After that, save and close the file and create the web-root directory using the below command:

sudo mkdir /var/www/prosody

8) You will need to set www-data, as, the owner of the web-root using the below command:

sudo chown www-data:www-data /var/www/prosody -R

9) Then, enable the virtual host and disable default, by:

sudo a2ensite prosody.conf
sudo a2dissite 000-default

10) You will need to reload Apache for the changes to take place:

sudo systemctl reload apache2

11) After that, create and enable the virtual host. Then, run the following command to obtain and install the Let’s Encrypt TLS certificate, by:

sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d chat.example.com

12) Next, substitute the text with your actual data.

13) If you want to obtain TLS Certificate with Nginx Web Server. You will first need to have a Nginx virtual host for the chat.example.com. So, create the virtual host file using the following command:

sudo nano /etc/nginx/conf.d/prosody.conf

14) Then, paste the below text into the file. Replace the chat.example.com with your actual domain name. Moreover, need to set DNS A record for it:

server {
      listen 80;
      listen [::]:80;
      server_name chat.example.com;

      root /var/www/prosody/;

      location ~ /.well-known/acme-challenge {
         allow all;
      }
}

15) Next, save and close the file. Now create the web-root directory using the below command:

sudo mkdir /var/www/prosody/

16) Also, set the  www-data, as the owner of the web-root, by:

sudo chown www-data:www-data /var/www/prosody -R

17) Again reload Nginx for the changes to take place, by:

sudo systemctl reload nginx

18) After the creation and enabling of a virtual host. Now, run the below command to obtain and install the Let’s Encrypt certificate with the Nginx plugin:

sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d chat.example.com

Step 5 - Installing the TLS Certificate in Prosody

1) Edit the main configuration file.

sudo nano /etc/prosody/prosody.cfg.lua

2) Go to the Prosody virtual host and add the TLS certificate as well as key file, by:

ssl = {
      key = "/etc/letsencrypt/live/chat.example.com/privkey.pem";
     certificate = "/etc/letsencrypt/live/chat.example.com/fullchain.pem";
}

4) Finally, save and close the file. The Prosody XMPP server runs as the prosody user. You will need to allow the prosody user to read the TLS certificate and key file by:

sudo setfacl -R -m u:prosody:rx /etc/letsencrypt/

Step 6 - Creating the User Accounts

1) Now create the user account for the Prosody XMPP server, using the below command. You will get a prompt to enter a password:

sudo prosodyctl adduser [email protected]

2) Next change the password by:

sudo prosodyctl passwd [email protected]

Step 7 - Restarting the Prosody

1) Next, check the configuration file syntax by running:

sudo prosodyctl check config

2) If the syntax is correct, restart Prosody for the changes to take place:

sudo systemctl restart prosody

Step 8 - Configure XMPP Client

1) Here, the Pidgin instant messenger is used as the XMPP client. Empathy can also be installed on an Ubuntu desktop by running:

sudo apt install pidgin

sudo apt install empathy

2) After the first launch, add an account in Pidgin and click Add button.

3) Next, select the XMPP from the list of protocols and enter your username, domain and password as well.

4) Now, hit the Add button, you are now logged in.

Step 9 - Setting up the Bosh

Bosh allows users to use XMPP over HTTP. For instance, Jitsi Meet video-conference software uses the Bosh. It helps to integrate Prosody into web pages. Here, the attendees are able to text chat while joining an online video meeting.

1) After enabling the Bosh module, edit the Prosody configuration file (/etc/prosody/prosody.cfg.lua). Next, add the below lines at the end of the configuration file:

consider_bosh_secure = true;
cross_domain_bosh = true;
https_ssl = {
        certificate = "/etc/letsencrypt/live/chat.example.com/fullchain.pem";
        key = "/etc/letsencrypt/live/chat.example.com/privkey.pem";
    }

2) The first-line enables to secure HTTPS connection. Next adds COR headers to BOSH responses, allowing the requests to come from any domain. Then https_ssl parameter states the TLS certificate as well as key file for the Bosh service.

3) Now, save and close the file, and restart Prosody:

sudo systemctl restart prosody

4) If enabled, the UFW firewall on the Ubuntu server. You will need to open both ports 5280 and 5281 with the below command:

sudo ufw allow 5280,5281/tcp

5) Further, the Bosh endpoint will be available at the below address. Port 5280 is for plain text HTTP, and port 5281 is for HTTPS.

http://chat.example.com:5280/http-bind

Or,

https://chat.example.com:5281/http-bind

6) A Bosh endpoint is a URL used by a client to connect to the XMPP server over HTTP.

Step 10 - Multi-User Chatting Room

1) Now, to enable a Multi-User Chat, add the below line in the Prosody configuration file. Then, replace conference.example.com with your preferred subdomain name:

Component "conference.example.com" "muc"
     restrict_room_creation = "admin"

2) 2nd line will allow only the admin to create the rooms. For defining the admin for the XMPP server, first, create an account using sudo prosodyctl adduser command above. Next, in the configuration file, add the account in the admin {...} section like:

admins = { "[email protected]", "[email protected]" }

3) Now, check the configuration file syntax by running the below command:

sudo prosodyctl check config

4) If the syntax is correct, then restart Prosody for the changes to take place:

sudo systemctl restart prosody

5) Main log file for the Prosody is /var/log/prosody/prosody.log. There is also an error-log /var/log/prosody/prosody.err. Also, if the Prosody is not working as per expectation, then the error log is a good place to check it.

Step 11 - Auto-Renewing the TLS Certificate

1) You will create the Cron job to automatically renew the TLS certificate. For this open root user’s crontab file:

sudo crontab -e

2) If using the Apache web-server, add the below line at the bottom of the file:

@daily certbot renew --quiet && systemctl reload postfix dovecot apache2

3) For using the Nginx web server, add the below line:

@daily certbot renew --quiet && systemctl reload postfix dovecot nginx

So, reloading the Postfix, Dovecot, as well as the web server, is necessary. It makes these programs pick new certificates and private keys too.

FAQs to Install and Configure Prosody XMPP Server on Ubuntu 20.04

Conclusion

We hope this detailed tutorial helped you understand how to Install and Configure Prosody XMPP Server on Ubuntu 20.04.

If you have any queries, please leave a comment below, and we’ll be happy to respond to them for sure.