-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathprosody_uberspace_setup.sh
145 lines (120 loc) · 6.43 KB
/
prosody_uberspace_setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
# Prosody uberspace setup
#
# ©10.01.2015
# github.com/andre-hub/ShellCollection/tree/master/lnx/prosody_uberspace_setup.sh
#
# based on a article from 2013-02-07 - prosody auf dem uberspace installieren
# - by Christian Ruesch - https://blog.rt.fm/ -> thanks!
# prosody auf dem uberspace installieren
YOUR_DOMAIN="---domain--"
YOUR_USERNAME="--username--"
SRV_ADMIN_JABBER_ID="/"$YOUR_USERNAME@$YOUR_DOMAIN/""
CLIENT2SRV_PORTS="53728" # c2s_ports
SRV2SRV_PORTS="53729" # s2s_ports
SSL_VERSION="1.0.1k"
PROSODY_VERSION="0.9.7"
LUA_VERSION="5.1"
# prosody installieren:
echo "# added for Prosody and Luarocks" >> .bash_profile
echo "export LUA_PATH='/home/$YOUR_USERNAME/.luarocks/share/lua/$LUA_VERSION/?.lua;/home/$YOUR_USERNAME/.luarocks/share/lua/$LUA_VERSION/?/init.lua;./?.lua;/usr/share/lua/$LUA_VERSION/?.lua;/usr/share/lua/$LUA_VERSION/?/init.lua;/home/$YOUR_USERNAME/.luarocks/share/lua/$LUA_VERSION/?.lua;/home/$YOUR_USERNAME/.luarocks/share/lua/$LUA_VERSION/?/init.lua;./?.lua;/usr/lib64/lua/$LUA_VERSION/?.lua;/usr/lib64/lua/$LUA_VERSION/?/init.lua;/home/$YOUR_USERNAME/.luarocks/share/lua/$LUA_VERSION/?.lua;/home/$YOUR_USERNAME/.luarocks/share/lua/$LUA_VERSION/?/init.lua;./?.lua'" >> .bash_profile
echo "export LUA_CPATH='/home/$YOUR_USERNAME/.luarocks/lib/lua/$LUA_VERSION/?.so;/usr/lib/lua/$LUA_VERSION/?.so;/home/$YOUR_USERNAME/.luarocks/lib/lua/$LUA_VERSION/?.so;./?.so;/usr/lib64/lua/$LUA_VERSION/?.so;/usr/lib64/lua/$LUA_VERSION/loadall.so;/home/$YOUR_USERNAME/.luarocks/lib/lua/$LUA_VERSION/?.so'" >> .bash_profile
source ~/.bash_profile
luarocks install luasocket --local
luarocks install luaexpat --local
luarocks install luafilesystem --local
luarocks install luasec --local OPENSSL_DIR=/home/$YOUR_USERNAME/.toast/armed/usr/local/
toast arm https://www.openssl.org/source/openssl-$SSL_VERSION.tar.gz
toast arm https://prosody.im/downloads/source/prosody-$PROSODY_VERSION.tar.gz
if [ -d /home/$YOUR_USERNAME/.ssl ]; then
mkdir /home/$YOUR_USERNAME/.ssl
fi
# certs anlegen:
cd /home/$YOUR_USERNAME/.ssl/
if [ -f localhost.key -o -f localhost.crt ]; then
mv loscalhost.key localhost.key.orig
mv localhost.cert localhost.cert.orig
fi
openssl genrsa -out localhost.key 4096
openssl req -new -x509 -key localhost.key -out localhost.crt -days 365
openssl genrsa -out "$YOUR_DOMAIN"_prosody.key 4096
openssl req -new -x509 -key "$YOUR_DOMAIN"_prosody.key -out "$YOUR_DOMAIN"_prosody.crt -days 365
# notwendige directories anlegen:
mkdir -p /home/$YOUR_USERNAME/var/prosody/data/
# damit jabber auf dem uberspace funktioniert, muessen die ports freigegeben werden
# hierzu eine email an [email protected] schicken und um Portfreigabe bitten
# die u.a. Beispielports 53728 (client) und 53729 (server) durch eure freigegebenen ports ersetzen
# Anmerkung: nicht vergessen, die SRV Eintraege in eurem DNS auf diese ports zu setzen
# prosody.cfg.lua config anpassen:
cat <<__EOF__ > /home/$YOUR_USERNAME/var/prosody/data/prosody.cfg.lua
admins = { $SRV_ADMIN_JABBER_ID }
pidfile = "/home/$YOUR_USERNAME/var/prosody/prosody.pid";
modules_enabled = {
-- Generally required
"roster"; -- Allow users to have a roster. Recommended ;)
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
"tls"; -- Add support for secure TLS on c2s/s2s connections
"dialback"; -- s2s dialback support
"disco"; -- Service discovery
-- Not essential, but recommended
"private"; -- Private XML storage (for room bookmarks, etc.)
"vcard"; -- Allow users to set vCards
-- These are commented by default as they have a performance impact
--"privacy"; -- Support privacy lists
--"compression"; -- Stream compression
-- Nice to have
--"version"; -- Replies to server version requests
--"uptime"; -- Report how long server has been running
--"time"; -- Let others know the time here on this server
--"ping"; -- Replies to XMPP pings with pongs
--"pep"; -- Enables users to publish their mood, activity, playing music and more
--"register"; -- Allow users to register on this server using a client and change passwords
-- Admin interfaces
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
--"admin_telnet"; -- Opens telnet console interface on localhost port 5582
-- HTTP modules
--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
--"http_files"; -- Serve static files from a directory over HTTP
-- Other specific functionality
"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
--"groups"; -- Shared roster support
--"announce"; -- Send announcement to all online users
--"welcome"; -- Welcome users who register accounts
"watchregistrations"; -- Alert admins of registrations
--"motd"; -- Send a message to users when they log in
--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
};
daemonize = false; -- IMPORTANT for daemontools! DO NOT EDIT!
data_path = "/home/$YOUR_USERNAME/var/prosody/data";
log = { "*console" } -- IMPORTANT for daemontools! DO NOT EDIT!
allow_registration = false;
s2s_ports = { $SRV2SRV_PORTS } -- freien Port suchen & eintragen!
c2s_ports = { $CLIENT2SRV_PORTS } -- freien Port (+1) suchen & eintragen!
c2s_require_encryption = true
s2s_require_encryption = true
authentication = "internal_hashed" -- do not save passphrases in cleartext!
VirtualHost "$YOUR_DOMAIN"
enabled = true
Component "muc.$YOUR_DOMAIN" "muc"
name = "muc"
restrict_room_creation = false
ssl = {
key = "/home/$YOUR_USERNAME/.ssl/$YOUR_DOMAIN"_prosody.key";
certificate = "/home/$YOUR_USERNAME/.ssl/$YOUR_DOMAIN_prosody.crt";
ciphers = "kEDH:AESGCM:HIGH:MEDIUM:TLSv1:!RC4:!RC2:!3DES:!DES:!MD5:!DSS:!aNULL:!eNULL";
options = { "no_ticket", "no_compression", "no_sslv2", "no_sslv3", "cipher_server_preference" }
}
__EOF__
rm /home/$YOUR_USERNAME/.toast/armed/etc/prosody/prosody.cfg.lua
ln -s /home/$YOUR_USERNAME/var/prosody/data/prosody.cfg.lua /home/$YOUR_USERNAME/.toast/armed/etc/prosody/prosody.cfg.lua
# prosody test
prosodyctl about
# prosody starten:
prosodyctl start
# bugfixes:
# ln -s /home/%USERNAME%/.toast/pkg/prosody/v%VERSION%/1/root/bin/prosody prosody
# ln -s /home/%USERNAME%/.toast/pkg/prosody/v%VERSION%/1/root/bin/prosodyctl prosodyctl
echo "Installation Fertig!"
echo "Hinweis:"
echo "ein daemontools-service erstellen: $ uberspace-setup-svscan"
echo "und weiter .... $ uberspace-setup-service prosody ~/.toast/armed/bin/prosody"
echo "prosodyctl adduser [email protected]"