{"id":2355,"date":"2017-04-14T19:30:54","date_gmt":"2017-04-14T17:30:54","guid":{"rendered":"http:\/\/monodes.com\/predaelli\/?p=2355"},"modified":"2017-04-14T14:32:01","modified_gmt":"2017-04-14T12:32:01","slug":"lets-chat","status":"publish","type":"post","link":"https:\/\/monodes.com\/predaelli\/2017\/04\/14\/lets-chat\/","title":{"rendered":"Let&#8217;s chat!"},"content":{"rendered":"<p>I&#8217;ve been lingering on OTFC <a rel=\"tag\" class=\"hashtag u-tag u-category\" href=\"https:\/\/monodes.com\/predaelli\/tag\/debian\/\">#debian<\/a>-it IRC channel and the almighty Elena of Valhalla made me discover the importance of maintain control over our communications that nowasdays are oftn channeled into various chat, social network and the like.<\/p>\n<p>So I&#8217;ve read her article \u00ab<a href=\"https:\/\/www.trueelena.org\/computers\/howto\/modern_xmpp_server.html\">Modern XMPP Server<\/a>\u00bb and Enrico Zini&#8217;s \u00ab<a href=\"http:\/\/www.enricozini.org\/blog\/2017\/debian\/modern-and-secure-instant-messaging\/\">Modern and secure instant messaging<\/a>\u00bb discovering several interesting softwares like:<\/p>\n<ul>\n<li><em><a href=\"https:\/\/prosody.im\/\">Prosody IM &#8211; Jabber\/XMPP server<\/a><\/em><\/li>\n<li><a href=\"https:\/\/conversations.im\/\">Conversations<\/a> is a really nice, actively developed, up to date XMPP client for Android<\/li>\n<\/ul>\n<p>I also discovered <a href=\"http:\/\/www.gl-como.it\/v2015\/\">Gruppo Linux Como <\/a>Figli orgogliosi del pinguino \ud83d\ude09 (and their <a href=\"https:\/\/identi.ca\/glcomo\">identi.ca account<\/a> <a href=\"http:\/\/social.gl-como.it\/~gl-como\">Friendica social networ)<\/a><\/p>\n<p><!--nextpage--><\/p>\n<blockquote>\n<h1 class=\"title\">Modern XMPP Server<\/h1>\n<p><a class=\"reference external\" href=\"http:\/\/www.enricozini.org\/blog\/2017\/debian\/modern-and-secure-instant-messaging\/\">Enrico<\/a> already wrote about the Why (and the What, Who and When), so I&#8217;ll just quote his conclusion and move on to the How.<\/p>\n<blockquote><p>I now have an XMPP setup which has all the features of the recent fancy chat systems, and on top of that it runs, client and server, on Free Software, which can be audited, it is federated and I can self-host my own server in my own VPS if I want to, with <a class=\"reference external\" href=\"https:\/\/www.debian.org\/security\/\">packages supported in Debian<\/a>.<\/p><\/blockquote>\n<div id=\"how\" class=\"section\">\n<h2>How<\/h2>\n<p>I&#8217;ve decided to install <a class=\"reference external\" href=\"https:\/\/prosody.im\/\">prosody<\/a>, mostly because it was recommended by the <a class=\"reference external\" href=\"http:\/\/rtcquickstart.org\/\">RTC QuickStart Guide<\/a>; I&#8217;ve heard that similar results can be reached with <a class=\"reference external\" href=\"https:\/\/www.ejabberd.im\/\">ejabberd<\/a> and other servers.<\/p>\n<p>I&#8217;m also targetting <a class=\"reference external\" href=\"https:\/\/www.debian.org\">Debian<\/a> stable (+ backports); as I write this is jessie; if there are significant differences I will update this article when I will upgrade my server to stretch. Right now, this means that I&#8217;m using prosody 0.9 (and that&#8217;s probably also the version that will be available in stretch).<\/p>\n<div id=\"installation-and-prerequisites\" class=\"section\">\n<h3>Installation and prerequisites<\/h3>\n<p>You will need to enable the <a class=\"reference external\" href=\"https:\/\/backports.debian.org\/\">backports<\/a> repository and then install the packages <tt class=\"docutils literal\">prosody<\/tt> and <tt class=\"docutils literal\"><span class=\"pre\">prosody-modules<\/span><\/tt>.<\/p>\n<p>You also need to setup some TLS certificates (I used <a class=\"reference external\" href=\"https:\/\/letsencrypt.org\/\">Let&#8217;s Encrypt<\/a>); and make them readable by the <tt class=\"docutils literal\">prosody<\/tt> user; you can see <a class=\"reference external\" href=\"http:\/\/rtcquickstart.org\/guide\/multi\/xmpp-server-prosody.html\">Chapter 12 of the RTC QuickStart Guide<\/a> for more details.<\/p>\n<p>On your firewall, you&#8217;ll need to open the following TCP ports:<\/p>\n<ul class=\"simple\">\n<li>5222 (client2server)<\/li>\n<li>5269 (server2server)<\/li>\n<li>5280 (default http port for prosody)<\/li>\n<li>5281 (default https port for prosody)<\/li>\n<\/ul>\n<p>The latter two are needed to enable some services provided via http(s), including rich media transfers.<\/p>\n<p>With just a handful of users, I didn&#8217;t bother to configure LDAP or anything else, but just created users manually via:<\/p>\n<pre class=\"literal-block\">prosodyctl adduser alice@example.org\n<\/pre>\n<p>In-band registration is disabled by default (and I&#8217;ve left it that way, to prevent my server from being used to send <a class=\"reference external\" href=\"https:\/\/en.wikipedia.org\/wiki\/Messaging_spam\">spim<\/a>).<\/p>\n<\/div>\n<div id=\"prosody-configuration\" class=\"section\">\n<h3>prosody configuration<\/h3>\n<p>You can then start configuring prosody by editing <tt class=\"docutils literal\">\/etc\/prosody\/prosody.cfg.lua<\/tt> and changing a few values from the distribution defaults.<\/p>\n<p>First of all, enforce the use of encryption and certificate checking both for client2server and server2server communications with:<\/p>\n<pre class=\"literal-block\">c2s_require_encryption = true\ns2s_secure_auth = true\n<\/pre>\n<p>and then, sadly, add to the whitelist any server that you want to talk to and doesn&#8217;t support the above:<\/p>\n<pre class=\"literal-block\">s2s_insecure_domains = { \"gmail.com\" }\n<\/pre>\n<\/div>\n<div id=\"virtualhosts\" class=\"section\">\n<h3>virtualhosts<\/h3>\n<p>For each virtualhost you want to configure, create a file <tt class=\"docutils literal\">\/etc\/prosody\/conf.avail\/chat.example.org.cfg.lua<\/tt> with contents like the following:<\/p>\n<pre class=\"literal-block\">VirtualHost \"chat.example.org\"\n        enabled = true\n        ssl = {\n            key = \"\/etc\/ssl\/private\/example.org-key.pem\";\n            certificate = \"\/etc\/ssl\/public\/example.org.pem\";\n        }\n<\/pre>\n<p>For the domains where you also want to enable MUCs, add the follwing lines:<\/p>\n<pre class=\"literal-block\">Component \"conference.chat.example.org\" \"muc\"\n        restrict_room_creation = \"local\"\n<\/pre>\n<p>the <tt class=\"docutils literal\">\"local\"<\/tt> configures prosody so that only local users are allowed to create new rooms (but then everybody can join them, if the room administrator allows it): this may help reduce unwanted usages of your server by random people.<\/p>\n<p>You can also add the following line to enable rich media transfers via http uploads (<a class=\"reference external\" href=\"https:\/\/xmpp.org\/extensions\/xep-0363.html\">XEP-0363<\/a>):<\/p>\n<pre class=\"literal-block\">Component \"upload.chat.trueelena.org\" \"http_upload\"\n<\/pre>\n<p>The defaults are pretty sane, but see <a class=\"reference external\" href=\"https:\/\/modules.prosody.im\/mod_http_upload.html\">https:\/\/modules.prosody.im\/mod_http_upload.html<\/a> for details on what knobs you can configure for this module<\/p>\n<p>Don&#8217;t forget to enable the virtualhost by linking the file inside <tt class=\"docutils literal\">\/etc\/prosody\/conf.d\/<\/tt>.<\/p>\n<\/div>\n<div id=\"additional-modules\" class=\"section\">\n<h3>additional modules<\/h3>\n<p>Most of the other interesting XEPs are enabled by loading additional modules inside <tt class=\"docutils literal\">\/etc\/prosody\/prosody.cfg.lua<\/tt> (under <tt class=\"docutils literal\">modules_enabled<\/tt>); to enable <tt class=\"docutils literal\">mod_something<\/tt> just add a line like:<\/p>\n<pre class=\"literal-block\">\"something\";\n<\/pre>\n<p>Most of these come from the <tt class=\"docutils literal\"><span class=\"pre\">prosody-modules<\/span><\/tt> package (and thus from <a class=\"reference external\" href=\"https:\/\/modules.prosody.im\/\">https:\/\/modules.prosody.im\/<\/a> ) and some may require changing when prosody 0.10 will be available; when this is the case it is mentioned below.<\/p>\n<dl class=\"docutils\">\n<dt><tt class=\"docutils literal\">mod_carbons<\/tt> (XEP-0280)<\/dt>\n<dd>\n<p class=\"first\">To keep conversations syncronized while using multiple devices at the same time.<\/p>\n<p class=\"last\">This will be included by default in prosody 0.10.<\/p>\n<\/dd>\n<dt><tt class=\"docutils literal\">mod_privacy<\/tt> + <tt class=\"docutils literal\">mod_blocking<\/tt> (XEP-0191)<\/dt>\n<dd>\n<p class=\"first\">To allow user-controlled blocking of users, including as an anti-spim measure.<\/p>\n<p class=\"last\">In prosody 0.10 these two modules will be replaced by mod_privacy.<\/p>\n<\/dd>\n<dt><tt class=\"docutils literal\">mod_smacks<\/tt> (XEP-0198)<\/dt>\n<dd>Allow clients to resume a disconnected session before a customizable timeout and prevent message loss.<\/dd>\n<dt><tt class=\"docutils literal\">mod_mam<\/tt> (XEP-0313)<\/dt>\n<dd>\n<p class=\"first\">Archive messages on the server for a limited period of time (default 1 week) and allow clients to retrieve them; this is required to syncronize message history between multiple clients.<\/p>\n<p class=\"last\">With prosody 0.9 only an in-memory storage backend is available, which may make this module problematic on servers with many users. prosody 0.10 will fix this by adding support for an SQL backed storage with archiving capabilities.<\/p>\n<\/dd>\n<dt><tt class=\"docutils literal\">mod_throttle_presence<\/tt> + <tt class=\"docutils literal\">mod_filter_chatstates<\/tt> (XEP-0352)<\/dt>\n<dd>Filter out presence updates and chat states when the client announces (via Client State Indication) that the user isn&#8217;t looking. This is useful to reduce power and bandwidth usage for &#8220;useless&#8221; traffic.<\/dd>\n<\/dl>\n<\/div>\n<\/div>\n<div id=\"see-also\" class=\"section\">\n<h2>See also<\/h2>\n<ul class=\"simple\">\n<li><a class=\"reference external\" href=\"https:\/\/gultsch.de\/xmpp_2016.html\">The State of Mobile XMPP in 2016<\/a> (blog post by the maintainer of Conversations)<\/li>\n<li><a class=\"reference external\" href=\"https:\/\/wiki.debian.org\/FreedomBox\/Configs\/Prosody\">Prosody installation instructions in the FreedomBox wiki<\/a> (for basic prosody configuration)<\/li>\n<\/ul>\n<\/div>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p class=\"excerpt\">I&#8217;ve been lingering on OTFC #debian-it IRC channel and the almighty Elena of Valhalla made me discover the importance of maintain control over our communications that nowasdays are oftn channeled into various chat, social network and the like. So I&#8217;ve read her article \u00abModern XMPP Server\u00bb and Enrico Zini&#8217;s \u00abModern and secure instant messaging\u00bb discovering&hellip;<\/p>\n<p class=\"more-link-p\"><a class=\"more-link\" href=\"https:\/\/monodes.com\/predaelli\/2017\/04\/14\/lets-chat\/\">Read more &rarr;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":4,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[42,72,1,82,52],"tags":[],"class_list":["post-2355","post","type-post","status-publish","format-standard","hentry","category-android","category-documentations","category-senza-categoria","category-social-networks","category-software"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6daft-BZ","jetpack-related-posts":[{"id":14331,"url":"https:\/\/monodes.com\/predaelli\/2025\/11\/23\/movim-responsive-web-based-cross-platform-xmpp-client\/","url_meta":{"origin":2355,"position":0},"title":"Movim \u2013 Responsive web-based cross-platform XMPP client","author":"Paolo Redaelli","date":"2025-11-23","format":false,"excerpt":"Movim A powerful social platforms for XMPP When you setup Movim, it gives you a complete social and chat experience for the decentralized XMPP network. You can easily connect to several XMPP servers at the same time. You can also set it up to work with just one XMPP server\u2026","rel":"","context":"In &quot;Social networks&quot;","block_context":{"text":"Social networks","link":"https:\/\/monodes.com\/predaelli\/category\/social-networks\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":9340,"url":"https:\/\/monodes.com\/predaelli\/2022\/05\/01\/xmpp\/","url_meta":{"origin":2355,"position":1},"title":"XMPP","author":"Paolo Redaelli","date":"2022-05-01","format":false,"excerpt":"I've arrived on \ud83d\udc41\ufe0f monocul.us recently. It reminded me I should install an XMPP\u00a0 server someday","rel":"","context":"In &quot;Agenda&quot;","block_context":{"text":"Agenda","link":"https:\/\/monodes.com\/predaelli\/category\/agenda\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6362,"url":"https:\/\/monodes.com\/predaelli\/2019\/12\/30\/secushare\/","url_meta":{"origin":2355,"position":2},"title":"SECUSHARE","author":"Paolo Redaelli","date":"2019-12-30","format":false,"excerpt":"Secushare employs GNUnet for end-to-end encryption and anonymizing mesh routing (because it has a more suitable architecture than Tor or I2P) and applies PSYC on top (because it performs better than XMPP, JSON or OStatus) to create a distributed social graph. Together, these technologies allow for distributed private social networking\u2026","rel":"","context":"In &quot;Osservanda&quot;","block_context":{"text":"Osservanda","link":"https:\/\/monodes.com\/predaelli\/category\/software\/osservanda\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2019\/12\/secushare-0444.png?fit=444%2C296&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":7175,"url":"https:\/\/monodes.com\/predaelli\/2020\/05\/06\/clean-sites\/","url_meta":{"origin":2355,"position":3},"title":"Clean sites.","author":"Paolo Redaelli","date":"2020-05-06","format":"status","excerpt":"I wish I could find a WordPress theme as clean and light as the HTML you can read on Running your own XMPP server on Debian or Ubuntu","rel":"","context":"In &quot;Themes&quot;","block_context":{"text":"Themes","link":"https:\/\/monodes.com\/predaelli\/category\/themes\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":11635,"url":"https:\/\/monodes.com\/predaelli\/2024\/05\/11\/nice-yet\/","url_meta":{"origin":2355,"position":4},"title":"Nice yet&#8230;","author":"Paolo Redaelli","date":"2024-05-11","format":false,"excerpt":"Recently I installed an unofficial Linux desktop application for WhatsApp. Yes, I know I should ask people to use free-as-in-freedom instant messaging based on XMPP or Matrix but far too many non technical people can't be really convinced. I used the nice user interface of Gnome Software. Nice app, yet...\u2026","rel":"","context":"In &quot;Mood&quot;","block_context":{"text":"Mood","link":"https:\/\/monodes.com\/predaelli\/category\/mood\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2024\/05\/whatsapp-webview-600mb.webp?fit=742%2C724&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2024\/05\/whatsapp-webview-600mb.webp?fit=742%2C724&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2024\/05\/whatsapp-webview-600mb.webp?fit=742%2C724&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2024\/05\/whatsapp-webview-600mb.webp?fit=742%2C724&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":6355,"url":"https:\/\/monodes.com\/predaelli\/2019\/12\/30\/federation-doesnt-work-anymore\/","url_meta":{"origin":2355,"position":5},"title":"Federation doesn&#8217;t work anymore","author":"Paolo Redaelli","date":"2019-12-30","format":false,"excerpt":"Nice read this \u00abFederation doesn't work anymore\u00bb from . If I recap it correctly it says something like using federated social networks (think about OStatus, GNU Social, Mastodon, Diaspora and Matrix ) is no better that staying on Facebook.It's a shame that the sharing software depicted in secushare.org is not\u2026","rel":"","context":"In &quot;Ethics&quot;","block_context":{"text":"Ethics","link":"https:\/\/monodes.com\/predaelli\/category\/ethics\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2019\/12\/secushare-0444.png?fit=444%2C296&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/posts\/2355","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/comments?post=2355"}],"version-history":[{"count":0,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/posts\/2355\/revisions"}],"wp:attachment":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/media?parent=2355"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/categories?post=2355"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/tags?post=2355"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}