Prosody XMPP server

Package installation

Install the package using the appropriate tool, as demonstrated in Example 12.1, “Installing Prosody on Debian/Ubuntu” and Example 12.2, “Install Prosody on Fedora/RHEL/CentOS”.

Example 12.1. Installing Prosody on Debian/Ubuntu

$ sudo apt-get install prosody
$ sudo addgroup prosody ssl-cert 

Example 12.2. Install Prosody on Fedora/RHEL/CentOS

$ sudo yum install prosody
$ sudo addgroup prosody ssl-cert 


Prosody can use the certificates created in Chapter 9, TLS certificate creation. In the Prosody configuration, you can refer to the PEM files directly under /etc/ssl. Alternatively, you can copy the certificate files and private key PEM files to /etc/prosody/certs or create symbolic links from that location to the real PEM files. Whichever approach you choose, make sure that the private key file (or a copy of it) is readable by the user that Prosody runs as but be careful to ensure they are not world-readable.

Using the example provided, create configuration files for each domain you want to host under /etc/prosody/conf.d. Example 12.3, “Domain configuration file (Let's Encrypt / certbot)” demonstrates the minimum configuration for a domain using Let's Encrypt certificates and Example 12.4, “Domain configuration file (manual)” demonstrates the equivalent configuration for a domain using manually maintained certificates.

Example 12.3. Domain configuration file (Let's Encrypt / certbot)

-- Section for VirtualHost

VirtualHost ""
	ssl = {
		key = "/etc/letsencrypt/live/";
		certificate = "/etc/letsencrypt/live/";

Example 12.4. Domain configuration file (manual)

-- Section for VirtualHost

VirtualHost ""
        ssl = {
                key = "/etc/ssl/private/";
                certificate = "/etc/ssl/public/";

Edit the file /etc/prosody/prosody.cfg.lua. This is where you can do things like enabling the LDAP authentication module or enabling SQL storage for user data.

Once configuration is complete, restart the daemon as demonstrated in Example 12.5, “Restarting the prosody daemon (systemd)”.

Example 12.5. Restarting the prosody daemon (systemd)

$ sudo systemctl restart prosody
Restarting prosody 

User management

It is not necessary to add users manually. If users are authenticated by LDAP, for example, Prosody will dynamically create the XMPP account the first time the user logs in. If such a system is not in use, users can be added manually using the command line utility prosodyctl or using a web interface.

Example 12.6, “Using prosodyctl to add a user” demonstrates how to add a user at the command line.

Example 12.6. Using prosodyctl to add a user

$ sudo prosodyctl adduser 

To use LDAP authentication, make sure that mod_auth_ldap.lua is in the Prosody lib directory and add the LDAP settings to prosody.cfg.lua as demonstrated in Example 12.7, “prosody.cfg.lua settings for mod_auth_ldap.

Example 12.7. prosody.cfg.lua settings for mod_auth_ldap

authentication = "ldap"
ldap_server = ""
ldap_rootdn = ""
ldap_password = ""
ldap_filter = "(mail=$user@$host)"
ldap_scope = "subtree"
ldap_tls = true;
ldap_base = "dc=example,dc=org"
ldap_mode = "bind" 

Further reading

The Prosody web site gives more detailed documentation about setting up the user accounts and other steps.