Setting up XMPP server on Mageia

As with VPN, It had been my intention for quite some time to setup a chat server on a Linux box. I first encountered chat using talk and ytalk way back on UNIX systems. Anyone remember those? It seemed to me a wonderful invention. Once SIP came along, the modern chat systems on the Internet became far more capable. I thought Google Wave was a terrific invention but it went nowhere. I especially loved the federated model proposed by it. So for a while now, I had been toying with the idea of setting up a XMPP chat server. Mostly this would be for Intranet use (for transferring files between computers in a local college and for A/V chats without going over expensive Internet). The thought of installing and configuring ejabberd or other heavyweight solutions made me pause and plus there was no urgent need of the college community for this software. So I never got around to it.

After the NSA's PRISM revelations, it has became apparent how vulnerable data is when it is not hosted by you. This did not deter me from using traditional services like Skype but it did re-invoke my interest in hosting my own federated chat setup. Coincidentally, on the 13th July 2013 episode of the Linux Action Show , the hosts discussed an easy to install XMPP server Prosody . So I decided to spend a couple of hours and see if this worked. Turned out, it works great!

Three separate actions need to be performed.

  1. Install prosody software and configure it.
  2. Configure firewall to accept packets on XMPP ports.
  3. Add new DNS SRV records to redirect XMPP traffic to the appropriate Linux box.

Installing and configuring prosody

The installation process on Mageia 2.0 is painless. Three commands and you are done.

	  su -
	  urpmi prosody
	  urpmi lua-filesystem
	
If you want to use the XMPP server only on the local LAN for a few folks, you can skip most of the following.
For those who want to set this up for a domain, continue reading. Create a backup and then edit /etc/prosody/prosody.cfg.lua. There is already a section for an imaginary domain called example.com. Change that to reflect your domain (I will use mageiafan.com here). Enable XMPP server for this domain.
	  Host "mageiafan.com"
	  key = "/etc/prosody/certs/mageiafan.com.key";
	  certificate = "/etc/prosody/certs/mageiafan.com.crt"
	  enabled = "true"
	  Component "conference.mageiafan.com" "muc"
	  admins = { "admin@mageiafan.com" }
	
Next you need to create the key and the certificate for this server.
	  cd /etc/prosody/certs/
	  cp openssl.cnf mageiafan.com.cnf
	  vi mageiafan.com.cnf
	
Now this file needs to be edited to reflect your domain. So, %s/example.com/mageiafan.com/g in vim will change all occurrences of example.com to your domain. Additionally, you need to change commonName, countryName, localityName, organizationName, organizationalUnitName and emailAddress. Now run the makefile to generate the self-signed key and the certificate.
	    make mageiafan.com.cnf
	    make mageiafan.com.key
	    make mageiafan.com.cert
	  
If you choose to generate the .csr file, you can then get it signed by a CA..
Finally, we add a user and then start the server.
	    prosodyctl adduser adam@mageiafan.com
	    service prosody start
	  

One Prosody instance can run more than one domain's XMPP server. Check the documentation.

Configuring the firewalls for XMPP

This is fairly straightforward. From the command line, run drakfirewall. Go to Advanced and type 5269/tcp 5222/tcp and then select OK. This should open up the ports required by XMPP. Check this with a port scan from another machine.

Configuring the DNS entries

In order to enable XMPP users from different domains (e.g. gmail.com) to talk to your XMPP server, new SRV records need to be added to the DNS zone. Three records need to be added as follows:

	  # service    protocol host priority weight port	  target       ttl
	  _xmpp-server    tcp    @      0        0   5269  chatserver.mageiafan.com 14400
	  _xmpp-client    tcp    @      0        0   5222  chatserver.mageiafan.com 14400
	  _jabber         tcp    @      0        0   5269  chatserver.mageiafan.com 14400
	
And you are done! Go and install Jitsi (Win/Mac/Linux) or Xabber (Android) or ChatSecure (iOS). Have fun chatting!