Prosody tutorial.
This commit is contained in:
parent
29af35ab97
commit
2bf8926fa7
262
documentation/tutorials/prosody.md
Normal file
262
documentation/tutorials/prosody.md
Normal file
@ -0,0 +1,262 @@
|
||||
# Tutorial: quick setup for Prosody XMPP server on your Peertube's instance
|
||||
|
||||
## Abstract
|
||||
|
||||
This tutorial is meant to help you configure [Prosody](https://prosody.im)
|
||||
on your Peertube server.
|
||||
|
||||
This tutorial is for debian-like systems (debian, ubuntu, ...).
|
||||
It was tested with Debian 10 (Buster).
|
||||
|
||||
## Important notes about this tutorial
|
||||
|
||||
### File editor
|
||||
|
||||
I use the `editor` command to edit files. This is a command that switch to
|
||||
the configured editor («vi», «vim», «nano», ...).
|
||||
If you don't have the `editor` command, you can replace with your favorite
|
||||
editor command.
|
||||
To change the editor used by `editor`, you can do:
|
||||
|
||||
```bash
|
||||
sudo update-alternatives --config editor
|
||||
```
|
||||
|
||||
If you don't know which editor to choose, the Nano editor is often a good choice
|
||||
for non-sysadmin users.
|
||||
If you run `vi` or `vim` accidentaly and are stuck withing (that is a *very*
|
||||
common mistake), type `:q!` to exit.
|
||||
|
||||
## Step 1: install Prosody
|
||||
|
||||
Prosody is a XMPP server. XMPP is a communication protocol.
|
||||
It is a robust instant messaging protocol, used by many softwares.
|
||||
|
||||
```bash
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y prosody
|
||||
```
|
||||
|
||||
## Step 2: configure Prosody
|
||||
|
||||
Prosody works with a «virtualhosts» mecanism. You can define multiple
|
||||
virtualhosts, each one having his own configuration.
|
||||
|
||||
**Imporante note**: some settings are global. If you have already a
|
||||
prosody installed (using it as a Jabber server, or because you installed Jisti),
|
||||
some settings may affect existing services. In such case, please read Prosody
|
||||
documentation and be sure to understand what you are doing.
|
||||
|
||||
First step, we are going to create a configuration file.
|
||||
|
||||
```bash
|
||||
sudo editor /etc/prosody/conf.avail/peertube.cfg.lua
|
||||
```
|
||||
|
||||
Then you can add this content to the file:
|
||||
|
||||
```lua
|
||||
-- these global settings can affect an existing Prosody installation.
|
||||
-- Use them with care.
|
||||
-- NB: prosody http will be behind the nginx reverse proxy.
|
||||
cross_domain_bosh = false;
|
||||
consider_bosh_secure = true;
|
||||
cross_domain_websocket = false;
|
||||
consider_websocket_secure = true;
|
||||
https_ports = {};
|
||||
trusted_proxies = { "127.0.0.1", "::1" }
|
||||
|
||||
VirtualHost "${PEERTUBE_DOMAIN}"
|
||||
authentication = "anonymous"
|
||||
allow_anonymous_s2s = false
|
||||
ssl = {
|
||||
key = "/etc/prosody/certs/${PEERTUBE_DOMAIN}.key";
|
||||
certificate = "/etc/prosody/certs/${PEERTUBE_DOMAIN}.crt";
|
||||
}
|
||||
modules_enabled = {
|
||||
"http";
|
||||
"bosh";
|
||||
"ping";
|
||||
-- TODO: does not work for now "websocket";
|
||||
}
|
||||
http_host = "${PEERTUBE_DOMAIN}"
|
||||
http_external_url = "http://${PEERTUBE_DOMAIN}"
|
||||
-- if you have an external XMPP account
|
||||
-- that you want to be moderator,
|
||||
-- uncomment this line and set your adress
|
||||
-- admins = { "admin@your_xmpp_provider_domain" }
|
||||
|
||||
Component "room.${PEERTUBE_DOMAIN}" "muc"
|
||||
-- if you have an external XMPP account
|
||||
-- that you want to be moderator,
|
||||
-- uncomment this line and set your adress
|
||||
-- admins = { "admin@your_xmpp_provider_domain" }
|
||||
|
||||
-- if you want room persistence, uncomment these lines
|
||||
-- (requires prosody>=11, for older version there is the mam_muc module)
|
||||
-- modules_enabled = { "muc_mam" }
|
||||
-- muc_log_by_default = true
|
||||
-- muc_log_presences = true
|
||||
-- log_all_rooms = true
|
||||
-- muc_log_expires_after = "1w"
|
||||
-- muc_log_cleanup_interval = 4 * 60 * 60
|
||||
|
||||
restrict_room_creation = "local"
|
||||
muc_room_locking = false
|
||||
muc_tombstones = false
|
||||
muc_room_default_language = "fr"
|
||||
muc_room_default_public = true
|
||||
muc_room_default_persistent = false
|
||||
muc_room_default_members_only = false
|
||||
muc_room_default_moderated = false
|
||||
muc_room_default_public_jids = false
|
||||
muc_room_default_change_subject = false
|
||||
muc_room_default_history_length = 20
|
||||
|
||||
```
|
||||
|
||||
You have to replace `${PEERTUBE_DOMAIN}` with your actual Peertube server
|
||||
domain name. You can do it by hand, or with the following command
|
||||
(replace `[peertube-domain]` with your domain):
|
||||
|
||||
```bash
|
||||
sudo sed -i 's/${PEERTUBE_DOMAIN}/[peertube-domain]/g' /etc/prosody/conf.avail/peertube.cfg.lua
|
||||
```
|
||||
|
||||
By default, if a chat room is empty, it content will be dropped.
|
||||
If you want to activate room persistence (chat room content will be kept even
|
||||
if there is no more users), uncomment the lines in the config file,
|
||||
and change the `muc_log_expires_after` parameter as you want. Please refer to
|
||||
the [muc_mam module documentation](https://prosody.im/doc/modules/mod_muc_mam).
|
||||
This requires Prosody >= 11. For older version, see
|
||||
[mam_muc](https://modules.prosody.im/mod_mam_muc.html).
|
||||
|
||||
We have now to activate this configuration file:
|
||||
|
||||
```bash
|
||||
sudo ln -s /etc/prosody/conf.avail/peertube.cfg.lua /etc/prosody/conf.d/
|
||||
```
|
||||
|
||||
You have now to import your ssl certificates from your web server.
|
||||
Prosody use a different certificate format than your web server.
|
||||
See [Prosody certificates documentation](https://prosody.im/doc/certificates)
|
||||
or [Prosody letsencrypt documentation](https://prosody.im/doc/letsencrypt)
|
||||
|
||||
**Important note**: This assume you are using letsencrypt certificates and
|
||||
`certbot` to update them.
|
||||
If you are using other certificates, you have to change the commande. Please
|
||||
reffer to the [Prosody](https://prosody.im) documentation
|
||||
([Prosody certificates documentation](https://prosody.im/doc/certificates)
|
||||
or [Prosody letsencrypt documentation](https://prosody.im/doc/letsencrypt)).
|
||||
|
||||
```bash
|
||||
sudo prosodyctl --root cert import /etc/letsencrypt/live/
|
||||
```
|
||||
|
||||
To do this automatically after each certificate renewall, you can create
|
||||
this file:
|
||||
|
||||
```bash
|
||||
sudo touch /etc/letsencrypt/renewal-hooks/deploy/prosody.sh
|
||||
sudo chmod u+x /etc/letsencrypt/renewal-hooks/deploy/prosody.sh
|
||||
sudo editor /etc/letsencrypt/renewal-hooks/deploy/prosody.sh
|
||||
```
|
||||
|
||||
With this content:
|
||||
|
||||
```bash
|
||||
#!/bin/sh
|
||||
/usr/bin/prosodyctl --root cert import /etc/letsencrypt/live
|
||||
|
||||
```
|
||||
|
||||
You can now restart Prosody.
|
||||
|
||||
```bash
|
||||
sudo systemctl restart prosody
|
||||
```
|
||||
|
||||
And you can check prosody status with:
|
||||
|
||||
```bash
|
||||
sudo systemctl status prosody
|
||||
```
|
||||
|
||||
## Step 3: Configure nginx
|
||||
|
||||
Open your peertube's nginx config file:
|
||||
|
||||
```bash
|
||||
sudo editor /etc/nginx/sites-enabled/peertube
|
||||
```
|
||||
|
||||
At the end of the `server { ... }` section, **just before the final curly bracket (`}`)**
|
||||
(assuming you have no custom modification in this file), add:
|
||||
|
||||
```nginx
|
||||
location /http-bind {
|
||||
proxy_pass http://localhost:5280/http-bind;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_buffering off;
|
||||
tcp_nodelay on;
|
||||
}
|
||||
|
||||
location /xmpp-websocket {
|
||||
proxy_pass http://localhost:5280/xmpp-websocket;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_read_timeout 900s;
|
||||
}
|
||||
|
||||
```
|
||||
|
||||
Save the file, and reload nginx:
|
||||
|
||||
```bash
|
||||
sudo systemctl reload nginx
|
||||
```
|
||||
|
||||
## Step 4: Configure the plugin
|
||||
|
||||
**NB**: If you have not installed peertube-plugin-livechat it is time to do so
|
||||
now.
|
||||
|
||||
Now log in to your peertube instance, and go to the plugin settings page
|
||||
(/admin/plugins/show/peertube-plugin-livechat).
|
||||
Change settings has you want (`Automatically open the chat`, ...).
|
||||
|
||||
Check `Use builtin ConverseJS`.
|
||||
|
||||
Set `Builtin webchat: XMPP service server` to `PEERTUBE_DOMAIN`,
|
||||
replacing `PEERTUBE_DOMAIN` by your actual peertube domain.
|
||||
Don't add `https://` before, you should only set your domain (example.com).
|
||||
|
||||
Set `Builtin webchat: XMPP room template` to something like
|
||||
`video_{{VIDEO_UUID}}@room.PEERTUBE_DOMAIN`, once again by replacing
|
||||
`PEERTUBE_DOMAIN` by your actual peertube domain.
|
||||
|
||||
Set `Builtin webchat: BOSH uri` to `https://PEERTUBE_DOMAIN/http-bind`
|
||||
(you got the point... replace `PEERTUBE_DOMAIN` by your actual peertube domain).
|
||||
|
||||
**TODO: does not work for now**
|
||||
~~Set `Builtin webchat: WS uri` to `wss://PEERTUBE_DOMAIN/xmpp-websocket`
|
||||
(/!\\ the scheme is `wss`, not `https`!).~~
|
||||
|
||||
Save the settings.
|
||||
|
||||
That's it!
|
||||
|
||||
## TODOs
|
||||
|
||||
* TODO: mention that the first user will be granted with moderator rights and
|
||||
how to handle this.
|
||||
* TODO: how to open with jabber clients (or prevent that).
|
||||
* TODO: firewall configuration.
|
||||
* TODO: talk about security issues
|
||||
(for now, rooms can be created without restriction).
|
||||
* TODO: talk about legal notices (specially in case of persistent rooms).
|
Loading…
x
Reference in New Issue
Block a user