How to Install and Configure Prosody XMPP Server on Ubuntu 22.04

Introduction

Before we begin talking about how to install and configure Prosody XMPP server on Ubuntu 22.04, let’s briefly understand - What is Prosody XMPP Server?

Prosody XMPP Server is a powerful open-source software that enables efficient communication through the Extensible Messaging and Presence Protocol (XMPP). It provides a reliable and scalable platform for real-time messaging, presence information, and collaboration.

With its lightweight design and extensive customization options, Prosody XMPP Server is a preferred choice for building secure and flexible communication solutions. It supports various features like multi-user chat, file sharing, and encryption, making it an ideal solution for businesses and individuals seeking reliable and versatile messaging services.

In this tutorial, you will install and configure the Prosody XMPP Server on Ubuntu 22.04. We will also address a few FAQs on how to install XMPP Server on Ubuntu 22.04.

Advantages of Prosody XMPP Server

1. Reliable and Scalable: Prosody XMPP Server offers a robust and scalable platform for real-time messaging and collaboration.
2. Lightweight Design: Its lightweight architecture ensures efficient performance and resource utilization.
3. Extensive Customization: Prosody allows extensive customization options to tailor the server according to specific requirements.
4. Feature-rich: It supports essential features like multi-user chat, file sharing, and encryption for enhanced communication.
5. Open-source and Secure: Being open-source, Prosody is constantly improved by the community, ensuring high security standards for your messaging infrastructure.

Step 1 – Install the Prosody on Ubuntu 22.04

1) The Prosody is in the default Ubuntu repository. It also maintains a package repository. To install the latest version, add the Prosody repository with the following command:

echo "deb [signed-by=/etc/apt/keyrings/prosody-debian-packages.key] https://packages.prosody.im/debian $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/prosody.list

2) Now, run the following command to download and import the Prosody public key. It even allows APT package manager to verify the integrity of packages downloadable from the repository:

wget --quiet -O - https://prosody.im/files/prosody-debian-packages.key | sudo tee /etc/apt/keyrings/prosody-debian-packages.key

3) Next, update the local package index. Then, install the latest version of the Prosody and Lua-bound using the below command:

sudo apt update
sudo apt install prosody

4) The Prosody will then automatically start. For this, check its status by running:

systemctl status prosody

You will see the output like:

prosody.service - Prosody XMPP Server
   Loaded: loaded (/lib/systemd/system/prosody.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2020-04-19 13:58:40 UTC; 16s ago
     Docs: https://prosody.im/doc
 Main PID: 1894 (lua5.2)
    Tasks: 1 (limit: 1108)
   CGroup: /system.slice/prosody.service
           └─1894 lua5.2 /usr/bin/prosody -F

Apr 19 13:58:40 localhost systemd[1]: Started Prosody XMPP Server.

5) If it is not running, start it using the below command:

sudo systemctl start prosody

6) Now to enable the auto-start at system boot time, run:

sudo systemctl enable prosody

Step 2 – Open the Ports in the Firewall

1) By default, it listens on both TCP ports 5269 and 5222 of the public IP address. Further, if Ubuntu does not have the netstat command, then you will install it with the sudo apt install net-tools.

sudo netstat -lnptu | grep lua

2) Port 5222 is useful for the client-to-server connection. While Port 5269 is useful for server-to-server connections.

3) Even by enabling the UFW firewall on Ubuntu, open the above ports by running:

sudo ufw allow 5222,5269/tcp

Step 3 – Configure the Prosody XMPP Server

1) Next, edit the main configuration file with the command line text editor like Nano, by:

sudo nano /etc/prosody/prosody.cfg.lua

2) Here, in module_enabled {...} section, you will be able to uncomment a line that will enable a specific module, or comment out a line to disable any specific module. Each module will have a description telling what it does. You will have to enable the BOSH module (Bidirectional-streams Over Synchronous HTTP). It allows XMPP communication over HTTP.

3) Then, scroll down in the configuration file. To allow for account registration from XMPP client, set the allow_registration to true. Also, If you are new to XMPP, you do not want to allow the XMPP clients to register by themselves.

allow_registration = true;

4) The Prosody will only allow for encrypted communication by running the below command:

c2s_require_encryption = true

s2s_require_encryption = true

5) Although, you will need to create a virtual host and install a TLS certificate. It will enable connection encryption. By default, there is only one virtual host in the Prosody- localhost:

VirtualHost "localhost"

6) Now, you will create another virtual host like chat.example.com. For that, add the following line in the file:

VirtualHost "chat.example.com"

Next, save and close the file. You will need to install a trusted TLS certificate from Let’s Encrypt.

Step 4 - Obtain a Trusted TLS certificate

1) Issue the below command to install the Let’s Encrypt client (certbot) on the Ubuntu server:

sudo apt install certbot

2) If you do not have a web server running yet, then install Apache or Nginx. It will make it easier to obtain and install a TLS certificate with a web server.

3) If you use the Apache webserver, you need to install the Apache plugin. By the below command, you can install the Apache webserver if it is not installed:

sudo apt install python3-certbot-apache

4) If you use Nginx web-server, then install the Nginx plugin, by running the below command:

sudo apt install python3-certbot-nginx

5) You will now need an Apache virtual host for chat.example.com. Before obtaining the Let’s Encrypt TLS certificate, create a virtual host file using the below command:

sudo nano /etc/apache2/sites-available/prosody.conf

6) Now, paste the below text into the file. Replace the chat.example.com with your actual domain name. Further, remember to set DNS A record for it:

<VirtualHost *:80>        
        ServerName chat.example.com

        DocumentRoot /var/www/prosody
</VirtualHost>

7) After that, save and close the file and create the web-root directory using the below command:

sudo mkdir /var/www/prosody

8) You will need to set www-data, as the owner of the web root using the below command:

sudo chown www-data:www-data /var/www/prosody -R

9) Then, enable the virtual host and disable default, by:

sudo a2ensite prosody.conf
sudo a2dissite 000-default

10) You will need to reload Apache for the changes to take place:

sudo systemctl reload apache2

11) After that, create and enable the virtual host. Then, run the following command to obtain and install the Let’s Encrypt TLS certificate:

sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d chat.example.com

12) Next, substitute the text with your actual data.

13) If you want to obtain TLS Certificate with Nginx Web Server. You will first need to have an Nginx virtual host for the chat.example.com. So, create the virtual host file using the following command:

sudo nano /etc/nginx/conf.d/prosody.conf

14) Then, paste the below text into the file. Replace the chat.example.com with your actual domain name. Moreover, need to set DNS A record for it:

server {
      listen 80;
      listen [::]:80;
      server_name chat.example.com;

      root /var/www/prosody/;

      location ~ /.well-known/acme-challenge {
         allow all;
      }
}

15) Next, save and close the file. Now create the web-root directory using the below command:

sudo mkdir /var/www/prosody/

16) Also, set the  www-data, as the owner of the web root, by:

sudo chown www-data:www-data /var/www/prosody -R

17) Again reload Nginx for the changes to take place, by:

sudo systemctl reload nginx

18) After the creation and enabling of a virtual host. Now, run the below command to obtain and install the Let’s Encrypt certificate with the Nginx plugin:

sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d chat.example.com

19) You will get the below output:

Step 5 – Install the TLS Certificate in Prosody

1) Edit the main configuration file.

sudo nano /etc/prosody/prosody.cfg.lua

2) Go to the Prosody virtual host and add the TLS certificate as well as the key file, by:

ssl = {
      key = "/etc/letsencrypt/live/chat.example.com/privkey.pem";
     certificate = "/etc/letsencrypt/live/chat.example.com/fullchain.pem";
}

3) You will get the below output:

4) Finally, save and close the file. The Prosody XMPP server runs as the prosody user. You will need to allow the prosody user to read the TLS certificate and key file by:

sudo setfacl -R -m u:prosody:rx /etc/letsencrypt/

Step 6 – Create the User Accounts

1) Now create the user account for the Prosody XMPP server, using the below command. You will get a prompt to enter a password:

sudo prosodyctl adduser [email protected]

2) Next change the password by:

sudo prosodyctl passwd [email protected]

Step 7 – Restart the Prosody

1) Next, check the configuration file syntax by running:

sudo prosodyctl check config

2) If the syntax is correct, restart Prosody for the changes to take place:

sudo systemctl restart prosody

Step 8 – Configure XMPP Client

1) Here, the Pidgin instant messenger is used as the XMPP client. Empathy can also be installed on an Ubuntu desktop by running:

sudo apt install pidgin

sudo apt install empathy

2) After the first launch, add an account in Pidgin and click Add button.

3) Next, select the XMPP from the list of protocols and enter your username, domain and password as well.

4) Now, hit the Add button, you are now logged in.

Step 9 – Setting up the Bosh

Bosh allows users to use XMPP over HTTP. For instance, Jitsi Meet video-conference software uses the Bosh. It helps to integrate Prosody into web pages. Here, the attendees are able to text chat while joining an online video meeting.

1) After enabling the Bosh module, edit the Prosody configuration file (/etc/prosody/prosody.cfg.lua). Next, add the below lines at the end of the configuration file:

consider_bosh_secure = true;
cross_domain_bosh = true;
https_ssl = {
        certificate = "/etc/letsencrypt/live/chat.example.com/fullchain.pem";
        key = "/etc/letsencrypt/live/chat.example.com/privkey.pem";
    }

2) The first line enables to secure HTTPS connection. Next adds COR headers to BOSH responses, allowing the requests to come from any domain. Then https_ssl parameter states the TLS certificate as well as the key file for the Bosh service.

3) Now, save and close the file, and restart Prosody:

sudo systemctl restart prosody

4) If enabled, the UFW firewall on the Ubuntu server. You will need to open both ports 5280 and 5281 with the below command:

sudo ufw allow 5280,5281/tcp

5) Further, the Bosh endpoint will be available at the below address. Port 5280 is for plain text HTTP, and port 5281 is for HTTPS.

http://chat.example.com:5280/http-bind

Or,

https://chat.example.com:5281/http-bind

6) A Bosh endpoint is a URL used by a client to connect to the XMPP server over HTTP.

Step 10 – Multi-User Chatting Room

1) Now, to enable a Multi-User Chat, add the below line in the Prosody configuration file. Then, replace conference.example.com with your preferred sub-domain name:

Component "conference.example.com" "muc"
     restrict_room_creation = "admin"

2) 2nd line will allow only the admin to create the rooms. For defining the admin for the XMPP server, first, create an account using sudo prosodyctl adduser command above. Next, in the configuration file, add the account in the admin {...} section:

admins = { "[email protected]", "[email protected]" }

3) Now, check the configuration file syntax by running the below command:

sudo prosodyctl check config

4) If the syntax is correct, then restart Prosody for the changes to take place:

sudo systemctl restart prosody

5) Main log file for the Prosody is /var/log/prosody/prosody.log. There is also an error-log /var/log/prosody/prosody.err. Also if the Prosody is not working as per expectation then the error log is a good place to check it.

Step 11 – Auto-Renewing the TLS Certificate

1) You will create the Cron job to automatically renew the TLS certificate. For this open root user’s crontab file:

sudo crontab -e

2) If  using the Apache web server, add the below line at the bottom of the file:

@daily certbot renew --quiet && systemctl reload postfix dovecot apache2

3) For using the Nginx web server, add the below line:

@daily certbot renew --quiet && systemctl reload postfix dovecot nginx

So, reloading the Postfix, Dovecot, as well as the webserver, is necessary. It makes these programs pick new certificates and private keys too.

FAQs to Install and Configure Prosody XMPP Server on Ubuntu 22.04

Conclusion

We hope this detailed tutorial helped you understand how to Install and Configure Prosody XMPP Server on Ubuntu 22.04.

If you have any queries, please leave a comment below, and we’ll be happy to respond to them for sure.