Install the package using the appropriate tool, as demonstrated in Example 12.1, “Installing Prosody on Debian/Ubuntu” and Example 12.2, “Install Prosody on Fedora/RHEL/CentOS”.
Example 12.1. Installing Prosody on Debian/Ubuntu
$ sudo apt-get install prosody $ sudo addgroup prosody ssl-cert
Example 12.2. Install Prosody on Fedora/RHEL/CentOS
$ sudo yum install prosody $ sudo addgroup prosody ssl-cert
Prosody can use the certificates created in Chapter 9, TLS certificate creation.
In the Prosody configuration, you can refer to the PEM files
directly under /etc/ssl. Alternatively, you can copy
the certificate files and private key PEM files to
/etc/prosody/certs or create symbolic links from that
location to the real PEM files. Whichever approach you choose,
make sure that the private key file (or a copy of it) is readable
by the user that Prosody runs as but be careful to ensure they
are not world-readable.
Using the example provided, create configuration files for
each domain you want to host under /etc/prosody/conf.d.
Example 12.3, “Domain configuration file (Let's Encrypt / certbot)” demonstrates the minimum
configuration for a domain using Let's Encrypt certificates and
Example 12.4, “Domain configuration file (manual)” demonstrates the
equivalent configuration for a domain using manually maintained
certificates.
Example 12.3. Domain configuration file (Let's Encrypt / certbot)
-- Section for VirtualHost example.com
VirtualHost "example.org"
ssl = {
key = "/etc/letsencrypt/live/example.org/privkey.pem";
certificate = "/etc/letsencrypt/live/example.org/fullchain.pem";
}
Example 12.4. Domain configuration file (manual)
-- Section for VirtualHost example.com
VirtualHost "example.org"
ssl = {
key = "/etc/ssl/private/example.org-key.pem";
certificate = "/etc/ssl/public/example.org.pem";
}
Edit the file /etc/prosody/prosody.cfg.lua. This
is where you can do things like enabling the LDAP authentication
module or enabling SQL storage for user data.
Once configuration is complete, restart the daemon as
demonstrated in Example 12.5, “Restarting the prosody daemon (systemd)”.
Example 12.5. Restarting the prosody daemon (systemd)
$ sudo systemctl restart prosody Restarting prosody
It is not necessary to add users manually. If users are
authenticated by LDAP, for example, Prosody will dynamically
create the XMPP account the first time the user logs in. If such a
system is not in use, users can be added manually using the command
line utility prosodyctl or using a web interface.
Example 12.6, “Using prosodyctl to add a user” demonstrates how to add
a user at the command line.
To use LDAP authentication, make sure that
mod_auth_ldap.lua is in the Prosody lib
directory and add the LDAP settings to prosody.cfg.lua
as demonstrated in Example 12.7, “prosody.cfg.lua settings for
mod_auth_ldap”.
Example 12.7. prosody.cfg.lua settings for
mod_auth_ldap
authentication = "ldap" ldap_server = "ldap-server.example.org" ldap_rootdn = "" ldap_password = "" ldap_filter = "(mail=$user@$host)" ldap_scope = "subtree" ldap_tls = true; ldap_base = "dc=example,dc=org" ldap_mode = "bind"