⚠️ Miscellaneous - In real life
@@ -242,7 +241,6 @@
-In this tutorial we're going to setup a private matrix chat server along with VoIP support for the element desktop client.
-Disclaimer: If you want this service to remain anonymous, make sure you at least keep TOR between you and the service from the VPS acquisition to actual service usage.
- -First install the required packages:
-
-apt install docker.io docker-compose
-
-Then create the directories required:
-
-mkdir /srv/matrix/data -p
-chown -R 755 /srv/matrix/data
-cd /srv/matrix
-
-Then we'll create the docker-compose.yml file and the generateconfig.sh script:
-
-[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
-→ cat docker-compose.yml
-version: "3.3"
-
-services:
- synapse:
- image: "matrixdotorg/synapse:latest"
- container_name: "matrix_synapse"
- ports:
- - 8008:8008
- volumes:
- - "./data:/data" #it will look at the current directory where you save the file and look for the data folder inside
- environment:
- VIRTUAL_HOST: "m.nowhere.moe"
- VIRTUAL_PORT: 8008
- LETSENCRYPT_HOST: "m.nowhere.moe"
- SYNAPSE_SERVER_NAME: "m.nowhere.moe"
- SYNAPSE_REPORT_STATS: "yes"
- coturn:
- image: instrumentisto/coturn:latest
- restart: unless-stopped
- volumes:
- - ./coturn/turnserver.conf:/etc/coturn/turnserver.conf
- ports:
- - 47160-47200:47160-47200/udp
- - 3478:3478
- - 5349:5349
- networks:
- - mybridge
-networks:
- mybridge:
- driver: bridge
-
-[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
-→ cat generateconfig.sh
-#!/bin/bash
-
-docker-compose run --rm -e SYNAPSE_SERVER_NAME=m.nowhere.moe -e SYNAPSE_REPORT_STATS=yes synapse generate
-
-My matrix server will have the "m.nowhere.moe" domain name. The coturn config mentioned here is used for the VOIP support. Now let's generate the initial keys of the matrix server like so:
-
-[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
-→ ./generateconfig.sh
-Creating network "matrix_default" with the default driver
-Creating network "matrix_mybridge" with driver "bridge"
-Setting ownership on /data to 991:991
-Creating log config /data/m.nowhere.moe.log.config
-Generating config file /data/homeserver.yaml
-Generating signing key file /data/m.nowhere.moe.signing.key
-A config file has been generated in '/data/homeserver.yaml' for server name 'm.nowhere.moe'. Please review this file and customise it to your needs.
-
-[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
-→ ls
-coturn data docker-compose.yml docker-compose.yml.coturn generateconfig.sh m.nowhere.moe.conf.nginx
-
-[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
-→ ls data -lash
-total 20K
-4.0K drwxr-xr-x 2 991 991 4.0K Jan 14 11:12 .
-4.0K drwxr-xr-x 4 root root 4.0K Jan 4 13:50 ..
-4.0K -rw-r--r-- 1 root root 1.3K Jan 14 11:12 homeserver.yaml
-4.0K -rw-r--r-- 1 root root 694 Jan 14 11:12 m.nowhere.moe.log.config
-4.0K -rw-r--r-- 1 root root 59 Jan 14 11:12 m.nowhere.moe.signing.key
-
-Now that's done, we can edit the homeserver.yaml if you want to remove trust into the "matrix.org" keys for federation to make it a truly private server:
-
-[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
-→ cat data/homeserver.yaml | grep server
-
-trusted_key_servers:
- - server_name: ""
-
-Then we can edit the coturn config like so:
-
-[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
-→ ls
-coturn data docker-compose.yml docker-compose.yml.coturn generateconfig.sh m.nowhere.moe.conf.nginx
-
-[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
-→ cat coturn/turnserver.conf
-use-auth-secret
-static-auth-secret=cuAWWAAWWAAWWAWADDWADWADWADWADWADWAWADDWADWWADWADDWADWDWoy
-realm=m.nowhere.moe
-listening-port=3478
-tls-listening-port=5349
-min-port=47160
-max-port=47200
-verbose
-allow-loopback-peers
-cli-password=cuAWWAAWWAAWWAWADDWADWADWADWADWADWAWADDWADWWADWADDWADWDWoy
-external-ip=116.202.216.190
-
-[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
-→ cat data/homeserver.yaml | grep turn
-turn_uris: [ "turn:m.nowhere.moe?transport=udp", "turn:m.nowhere.moe?transport=tcp" ]
-turn_shared_secret: "cuAWWAAWWAAWWAWADDWADWADWADWADWADWAWADDWADWWADWADDWADWDWoy"
-turn_user_lifetime: 86400000
-turn_allow_guests: true
-
-
-Make sure the ports match the ones in the docker-compose.yml file, and the external IP is the one of your server:
-
-[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
-→ curl ifconfig.me -4
-116.202.216.190
-
-Then we start the docker-compose:
-
-[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
-→ docker-compose up -d
-Creating matrix_coturn_1 ... done
-Creating matrix_synapse ... done
-
-Then we create the accounts like so:
-
-[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
-→ docker container ls | grep matrixdot
-134d440b1480 matrixdotorg/synapse:latest "/start.py" About a minute ago Up 25 seconds (healthy) 8009/tcp, 0.0.0.0:8008->8008/tcp, :::8008->8008/tcp, 8448/tcp matrix_synapse
-
-[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
-→ docker exec -it 134 bash
-root@134d440b1480:/#
-[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
-→ docker exec -it 134 bash
-
-root@134d440b1480:/# register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008
-New user localpart [root]: nihilist
-Password:
-Confirm password:
-Make admin [no]: yes
-Sending registration request...
-Success!
-
-root@134d440b1480:/# exit
-exit
-
-Then we make sure that we can access the matrix server via nginx:
-
-[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
-→ cat /etc/nginx/sites-enabled/m.nowhere.moe.conf
-server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
-
- # For the federation port
- listen 8448 ssl http2;
- listen [::]:8448 ssl http2;
-
- server_name m.nowhere.moe;
-
- ssl_certificate /etc/acme/certs/m.nowhere.moe/fullchain.cer;
- ssl_certificate_key /etc/acme/certs/m.nowhere.moe/m.nowhere.moe.key;
-
- location ~ ^(/_matrix|/_synapse/client) {
- # note: do not add a path (even a single /) after the port in `proxy_pass`,
- # otherwise nginx will canonicalise the URI and cause signature verification
- # errors.
- proxy_pass http://localhost:8008;
- proxy_set_header X-Forwarded-For $remote_addr;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Host $host;
-
- # Nginx by default only allows file uploads up to 1M in size
- # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
- client_max_body_size 50M;
-
- # Synapse responses may be chunked, which is an HTTP/1.1 feature.
- proxy_http_version 1.1;
- }
-}
-
-[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
-→ nginx -t
-nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
-nginx: configuration file /etc/nginx/nginx.conf test is successful
-
-Then we test that we can login from a matrix client (which can be installed inside a whonix VM), let's use element because we want to be able to do voicecalls:
-
-
-
-
-
-Here we will setup a secure backup password, that is a separate password, for end to end encryption purposes. Then you can do the following steps:
-
-Make sure you log out of every unverified session:
-
-
-You may need to log in and log out before being able to send messages so do that, then create the space along with the chatroom
-
-
-
-
-
-
-
-
- - Until there is Nothing left.
Creative Commons Zero: No Rights Reserved
-
-
-
- RSS Feed
SimpleX Chat
-
-
Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
Contact: nihilist@contact.nowhere.moe (PGP)
-
In this tutorial we're going to cover how to setup an XMPP chatting service over Tor.
-Disclaimer: If you want this service to remain anonymous, make sure you at least keep TOR between you and the service from the VPS acquisition to actual service usage.
- - - -First let's install the required packages, and then run the xmpp server using docker (you can check the documentation here), we'll follow Lukesmith's tutorial specifically:
-
-apt install ejabberd -y
-
-Now we need the following domain names to point to your server:
-
- nowhere.moe - Your XMPP hostname
- xmpp.nowhere.moe - For mod_muc, Multi User Chats (MUCs)
- upload.nowhere.moe - For mod_http_upload, file upload support
- proxy.nowhere.moe - For mod_proxy65, SOCKS5 proxy support
- pubsub.nowhere.moe - For mod_pubsub, publish-subscribe support (A fancier RSS)
-
-Then we edit the ejabberd config file accordingly:
-
-[ Datura ] [ /dev/pts/10 ] [/srv]
-→ vim /etc/ejabberd/ejabberd.yml
-
-[...]
-
-hosts:
- - nowhere.moe
-
-[...]
-
- mod_muc:
- host: xmpp.nowhere.moe
-
-[...]
-
-Next we need to obtain the TLS certificate for the xmpp.nowhere.moe domain, to do so we'll use acme.sh:
-
-[ Datura ] [ /dev/pts/10 ] [~]
-→ systemctl stop nginx ; acme.sh --issue --standalone -d xmpp.nowhere.moe -k 4096 ; systemctl start nginx
-
-[Sun Jun 9 07:12:21 PM CEST 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
-[Sun Jun 9 07:12:21 PM CEST 2024] Standalone mode.
-[Sun Jun 9 07:12:21 PM CEST 2024] Creating domain key
-[Sun Jun 9 07:12:23 PM CEST 2024] The domain key is here: /root/.acme.sh/xmpp.nowhere.moe/xmpp.nowhere.moe.key
-[Sun Jun 9 07:12:23 PM CEST 2024] Single domain='xmpp.nowhere.moe'
-[Sun Jun 9 07:12:25 PM CEST 2024] Getting webroot for domain='xmpp.nowhere.moe'
-[Sun Jun 9 07:12:25 PM CEST 2024] Verifying: xmpp.nowhere.moe
-[Sun Jun 9 07:12:25 PM CEST 2024] Standalone mode server
-[Sun Jun 9 07:12:26 PM CEST 2024] Pending, The CA is processing your order, please just wait. (1/30)
-[Sun Jun 9 07:12:30 PM CEST 2024] Pending, The CA is processing your order, please just wait. (2/30)
-[Sun Jun 9 07:12:33 PM CEST 2024] Pending, The CA is processing your order, please just wait. (3/30)
-[Sun Jun 9 07:12:37 PM CEST 2024] Success
-[Sun Jun 9 07:12:37 PM CEST 2024] Verify finished, start to sign.
-[Sun Jun 9 07:12:37 PM CEST 2024] Lets finalize the order.
-[Sun Jun 9 07:12:37 PM CEST 2024] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/1581078457/276884921497'
-[Sun Jun 9 07:12:38 PM CEST 2024] Downloading cert.
-[Sun Jun 9 07:12:38 PM CEST 2024] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/03a21dfde3a1a017ddaec55ef3c43a3cae0c'
-[Sun Jun 9 07:12:39 PM CEST 2024] Cert success.
-
-[...]
-
-[Sun Jun 9 07:12:39 PM CEST 2024] Your cert is in: /root/.acme.sh/xmpp.nowhere.moe/xmpp.nowhere.moe.cer
-[Sun Jun 9 07:12:39 PM CEST 2024] Your cert key is in: /root/.acme.sh/xmpp.nowhere.moe/xmpp.nowhere.moe.key
-[Sun Jun 9 07:12:39 PM CEST 2024] The intermediate CA cert is in: /root/.acme.sh/xmpp.nowhere.moe/ca.cer
-[Sun Jun 9 07:12:39 PM CEST 2024] And the full chain certs is there: /root/.acme.sh/xmpp.nowhere.moe/fullchain.cer
-
-[ Datura ] [ /dev/pts/10 ] [~]
-→ chown -R ejabberd:ejabberd /root/.acme.sh/xmpp.nowhere.moe
-
-[ Datura ] [ /dev/pts/10 ] [~]
-→ cat /etc/ejabberd/ejabberd.yml
-
-[...]
-
-certfiles:
- - "/root/.acme.sh/xmpp.nowhere.moe/fullchain.cer"
-
-[...]
-
-Then we add the admin user in ejabberd.yml:
-
-[ Datura ] [ /dev/pts/10 ] [~]
-→ cat /etc/ejabberd/ejabberd.yml
-
-[...]
-
-acl:
- admin:
- user:
- - "nihilist"
-
-[...]
-
-We also add the File Uploads:
-
-[ Datura ] [ /dev/pts/10 ] [~]
-→ cat /etc/ejabberd/ejabberd.yml
-
-[...]
-
- mod_http_upload:
- put_url: https://@HOST@:5443/upload
- docroot: /srv/xmpp/upload/
- custom_headers:
- "Access-Control-Allow-Origin": "https://@HOST@"
- "Access-Control-Allow-Methods": "GET,HEAD,PUT,OPTIONS"
- "Access-Control-Allow-Headers": "Content-Type"
-
-[...]
-
-[ Datura ] [ /dev/pts/10 ] [~]
-→ mkdir /srv/xmpp/upload/ -p
-
-[ Datura ] [ /dev/pts/10 ] [~]
-→ chown -R ejabberd:ejabberd /srv/xmpp/upload/
-
-We enable message archives too:
-
-[ Datura ] [ /dev/pts/10 ] [~]
-→ cat /etc/ejabberd/ejabberd.yml
-
-[...]
-
- mod_mam:
- ## Mnesia is limited to 2GB, better to use an SQL backend
- ## For small servers SQLite is a good fit and is very easy
- ## to configure. Uncomment this when you have SQL configured:
- ## db_type: sql
- assume_mam_usage: true
- default: always
-
-[...]
-
-Next, you setup a coturn service for the VOIP here, but in this case we'll use the same coturn service that we previously setup for the matrix server
-
-[ Datura ] [ /dev/pts/10 ] [~]
-→ cat /etc/ejabberd/ejabberd.yml
-
-[...]
-
- mod_stun_disco:
- secret: "DAWDDWADWADAWDWAWDDWAADWADWDWADWADWAAWDDWAWAD"
- services:
- -
- host: m.nowhere.moe
- type: stun
- -
- host: m.nowhere.moe
- type: turn
-
-[...]
-
-Then we restart the ejabberd service:
-
-[ Datura ] [ /dev/pts/10 ] [~]
-→ systemctl restart ejabberd
-
-[ Datura ] [ /dev/pts/10 ] [~]
-→ systemctl status ejabberd
-● ejabberd.service - robust, scalable and extensible realtime platform (XMPP server + MQTT broker + SIP service)
- Loaded: loaded (/lib/systemd/system/ejabberd.service; enabled; preset: enabled)
- Active: active (running) since Sun 2024-06-09 21:21:41 CEST; 6s ago
- Docs: https://www.process-one.net/en/ejabberd/docs/
- Main PID: 3664214 (sh)
- Tasks: 116 (limit: 77002)
- Memory: 111.9M
- CPU: 3.022s
- CGroup: /system.slice/ejabberd.service
-
-Now that the ejabberd service has restarted successfully, we can register the admin user:
-
-[ Datura ] [ /dev/pts/10 ] [~]
-→ ejabberdctl register nihilist nowhere.moe P@SSW0RD
-
-User nihilist@contact.nowhere.moe successfully registered
-
-
-Now the xmpp server is active, along with your nihilist user, so let's connect to it from a XMPP client like gajim:
-
-[ mainpc ] [ /dev/pts/8 ] [~]
-→ sudo apt install gajim -y
-
-
-
-
-
-
-
-
-
-
-
-
-
-- Until there is Nothing left.
Creative Commons Zero: No Rights Reserved
-
-
-
- RSS Feed
SimpleX Chat
-
-
Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
Contact: nihilist@contact.nowhere.moe (PGP)
-
In this tutorial, we're going to check out how to setup a XMPP chat server, that is accessible over Tor, as a hidden service, using Prosody. We'll also cover how to have a Clearnet XMPP server, and how to have OMEMO End to End encryption using the Gajim XMPP client.
-Before starting, check out this tutorial on how to create your first hidden service.
-
-root@ANON-home:~# apt install prosody prosody-modules lua-unbound -y
-
-root@ANON-home:~# prosodyctl about
- /var/lib/prosody/custom_plugins - not a directory!
- /usr/local/lib/prosody/modules - not a directory!
- /var/lib/prosody/custom_plugins/share/lua/5.4/?.lua
- /var/lib/prosody/custom_plugins/share/lua/5.4/?/init.lua
-
-
-root@ANON-home:~# mkdir /var/lib/prosody/custom_plugins
-root@ANON-home:~# mkdir /usr/local/lib/prosody/modules -p
-
-Then, we make sure that the tor hidden service includes the XMPP ports:
-
-root@ANON-home:# vim /etc/tor/torrc
-root@ANON-home:# cat /etc/tor/torrc
-HiddenServiceDir /var/lib/tor/onions/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion/
-
-[...]
-
-HiddenServicePort 5222 127.0.0.1:5222
-HiddenServicePort 5269 127.0.0.1:5269
-HiddenServicePort 5280 127.0.0.1:5280
-HiddenServicePort 5281 127.0.0.1:5281
-
-root@ANON-home:# systemctl restart tor@default
-
-Here, my hidden service is aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion, let's check that the mod_onions module is installed and configure the prosody.cfg.lua file:
-
-root@ANON-home:~# ls /usr/lib/prosody/modules/mod_onions
-mod_onions.lua
-
-root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
-root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
-
-[...]
-
-VirtualHost "localhost"
--- Prosody requires at least one enabled VirtualHost to function. You can
--- safely remove or disable 'localhost' once you have added another.
-
-VirtualHost "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion"
- modules_enabled = {"onions"};
- onions_only = true;
- disco_items = {
- {"conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion","Public Chatroom"},
- {"upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion","Public Chatroom"}
- }
-
-Component "conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "muc"
- modules_enabled = { "onions" };
- onions_only = true;
-
-Component "upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "http_file_share"
- modules_enabled = { "onions" };
- onions_only = true;
-
-[...]
-
-
-root@ANON-home:~# prosodyctl cert generate aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
-Choose key size (2048):
-Key written to /var/lib/prosody/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion.key
-Please provide details to include in the certificate config file.
-Leave the field empty to use the default value or '.' to exclude the field.
-countryName (GB):
-localityName (The Internet):
-organizationName (Your Organisation):
-organizationalUnitName (XMPP Department):
-commonName (aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion):
-emailAddress (xmpp@aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion):
-
-Config written to /var/lib/prosody/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion.cnf
-Certificate written to /var/lib/prosody/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion.crt
-
-root@ANON-home:~# prosodyctl check
-
-[...]
-
-Checking certificates...
-Checking certificate for conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
-certmanager info No certificate present in SSL/TLS configuration for conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion. SNI will be required.
- No 'certificate' found for conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
-Checking certificate for localhost
-certmanager info No certificate present in SSL/TLS configuration for localhost. SNI will be required.
- No 'certificate' found for localhost
-Checking certificate for upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
-certmanager info No certificate present in SSL/TLS configuration for upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion. SNI will be required.
- No 'certificate' found for upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
-Checking certificate for aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
-certmanager info No certificate present in SSL/TLS configuration for aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion. SNI will be required.
- No 'certificate' found for aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
-
-For more information about certificates please see https://prosody.im/doc/certificates
-
-Problems found, see above.
-
-
-root@ANON-home:# mv /var/lib/prosody/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion.* /etc/prosody/certs/
-
-
-root@ANON-home:/etc/prosody/certs# prosodyctl adduser nihilist@aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion
-Enter new password:
-Retype new password:
-
-#if you want to create users in batch:
-root@ANON-home:/etc/prosody/certs# prosodyctl adduser testuser aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion p4ssw0rd
-
-root@ANON-home:/etc/prosody/certs# systemctl restart prosody
-root@ANON-home:/etc/prosody/certs# systemctl status prosody
-● prosody.service - Prosody XMPP Server
- Loaded: loaded (/lib/systemd/system/prosody.service; enabled; preset: enabled)
- Active: active (running) since Mon 2024-08-05 22:02:47 CEST; 4s ago
- Docs: https://prosody.im/doc
- Main PID: 3419 (lua5.4)
- Tasks: 1 (limit: 4653)
- Memory: 7.8M
- CPU: 139ms
- CGroup: /system.slice/prosody.service
- └─3419 lua5.4 /usr/bin/prosody -F
-
-Aug 05 22:02:47 ANON-home systemd[1]: Started prosody.service - Prosody XMPP Server.
-
-
-all good now, now let's connect to it using pidgin:
-
-[ mainpc ] [ /dev/pts/9 ] [~/Nextcloud/blog]
-→ apt install pidgin -y
-
-[ mainpc ] [ /dev/pts/9 ] [~/Nextcloud/blog]
-→ pidgin
-
-Then, create your account on the XMPP server:
-
-
-
-
-
-
-Next, we can start chatting with Alice, who is another user on that XMPP server like so:
-
-Then from Alice's XMPP client, we accept nihilist's buddy request:
-
-
-
-
-
- if you want to enable message archiving, enable the "mam" module by uncommenting it:
-
-root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
-root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
-
-[...]
-
-modules_enabled = {
- "mam"; -- Store recent messages to allow multi-device synchronization
-}
-
-[...]
-
-and then you can mention the expiration time of messages like so:
-
-root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
-root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
-
-archive_expires_after = "1w" -- remove archived messages after 1 week
-
-you can choose to limit the bandwidth usage of your server too, using the mod_limits module:
-
-root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
-root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
-
-limits = {
- c2s = {
- rate = "10kb/s";
- }
- s2sin = {
- rate = "30kb/s";
- }
-
-}
-You can also enable archiving on the multi-user chats like so :
-
-root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
-root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
-
-Component "conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "muc"
- modules_enabled = { "onions", "muc_mam" };
- onions_only = true;
-
-And just like in mod_mam, you can set the expiration time of the messages in MUCs:
-
-root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
-root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
-
-Component "conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "muc"
- modules_enabled = { "onions", "muc_mam" };
- onions_only = true;
- muc_log_expires_after = "1w"
-
-Then, you can also enable file archiving using mod_http_file_share:
-
-root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
-root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
-
-Component "upload.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "http_file_share"
- modules_enabled = { "onions" };
- onions_only = true;
- http_file_share_daily_quota = 100*1024*1024; -- 100 MiB
- http_file_share_after = 7*86400; -- One week in seconds
- http_file_share_size_limit = 10*1024*1024 -- 10 Mib
-
-Then, as you're going to have a multi user chat, you'll most likely need the mod_muc_moderation module:
-
-root@ANON-home:~# vim /etc/prosody/prosody.cfg.lua
-root@ANON-home:~# cat /etc/prosody/prosody.cfg.lua
-
-Component "conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.onion" "muc"
- modules_enabled = { "onions", "muc_mam", "muc_moderation" };
- onions_only = true;
- muc_log_expires_after = "1w"
-
-First edit prosody.cfg.lua like so :
-
-[ Datura ] [ /dev/pts/3 ] [~]
-→ vim /etc/prosody/prosody.cfg.lua
-
-[...]
-
-VirtualHost "nowhere.moe"
-ssl = {
- certificate = "/etc/ssl/nowhere.moe/fullchain.cer";
- key = "/etc/ssl/nowhere.moe/nowhere.moe.key";
-}
-
-VirtualHost "nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion"
-
-[...]
-
-Then copy the existing acme.sh certificates for nowhere.moe into another non-root directory, otherwise prosody wont be able to read them:
-
-[ Datura ] [ /dev/pts/4 ] [/etc/ssl/nowhere.moe]
-→ mkdir -p /etc/ssl/nowhere.moe/
-
-[ Datura ] [ /dev/pts/4 ] [/etc/ssl/nowhere.moe]
-→ cp -r /root/.acme.sh/nowhere.moe/* /etc/ssl/nowhere.moe
-
-[ Datura ] [ /dev/pts/4 ] [/etc/ssl/nowhere.moe]
-→ sudo setfacl -R -m u:prosody:rx /etc/ssl/nowhere.moe/
-
-[ Datura ] [ /dev/pts/4 ] [/etc/ssl/nowhere.moe]
-→ sudo -u prosody cat /etc/ssl/nowhere.moe/nowhere.moe.cer
------BEGIN CERTIFICATE-----
-MIIF5zCCBM+gAwIBAgISBCVaPZeC38+C4bWEm3yPX1LMMA0GCSqGSIb3DQEBCwUA
-MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
-EwNSMTAwHhcNMjQwODExMjAyMjI5WhcNMjQxMTA5MjAyMjI4WjAWMRQwEgYDVQQD
-Ewtub3doZXJlLm1vZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJPO
-[...]
------END CERTIFICATE-----
-
-
-to copy it once a day to the correct folder, you can do it via cronjob:
-
-[ Datura ] [ /dev/pts/7 ] [~]
-→ crontab -e
-
-0 0 * * * cp -r /root/.acme.sh/nowhere.moe/* /etc/ssl/nowhere.moe ; setfacl -R -m u:prosody:rx /etc/ssl/nowhere.moe ; systemctl restart prosody
-
-Then, don't forget to create the clearnet user:
-
-[ Datura ] [ /dev/pts/7 ] [~]
-→ prosodyctl adduser usertest usertestpwd
-
-[ Datura ] [ /dev/pts/7 ] [~]
-→ prosodyctl passwd usertest@nowhere.moe
-
-Then you can just connect to the XMPP server over clearnet aswell, but one thing to note is that pidgin is limited when it comes to encrypting chats, so let's use Gajim instead as it comes with OMEMO encryption out of the box:
-
-user@laptop: apt install gajim -y
-
-
-
-
-
-
-
-
-Now here, you need to tell the other peer (if they don't have OMEMO enabled) to install a XMPP client like gajim, just like you, to use OMEMO encryption just like you, to have end to end encryption.
-
-
-
-
-
-
-
-And that's it! you now have a XMPP server working over both Clearnet, and Tor, with end to end encryption.
- -- Until there is Nothing left.
Creative Commons Zero: No Rights Reserved
-
-
-
- RSS Feed
SimpleX Chat
-
-
Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
Contact: nihilist@contact.nowhere.moe (PGP)
-
+
+
+
+
+
++ Until there is Nothing left.
Creative Commons Zero: No Rights Reserved
+
+
+
+ RSS Feed
SimpleX Chat
+
+
Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
Contact: nihilist@contact.nowhere.moe (PGP)
+