Documentation

README.md

@@ -9,9 +9,9 @@ This is under development. It is not functional yet.
 For now, there is no documentation for how you can setup the webchat.
 It has to be setup by your own. For example with a XMPP Server and the ConverseJS Javascript.
 
-Next step: document how you can setup the XMPP server.
+## XMPP backend with ConverseJS
 
-## ConverseJS
+### ConverseJS
 
 Once you have a XMPP server that allow anonymous authentication, with bosh
 (or websocket) enabled, you can - for example - setup a html page that looks like
@@ -21,3 +21,42 @@ by your actual domain.
 
 NB : there is a bug in the converseJS 7.0.4 release. The dist files don't work.
 So if you are not building converseJS yourself, use version 7.0.3 instead.
+
+NB: for converseJS to find your server configuration (bosh, websocket, ...),
+you have to add a file [/.well-known/host-meta](documentation/examples/converseJS/host-meta).
+Please refer to the converseJS documentation.
+
+### XMPP Server: Prosody
+
+You can use Prosody for the XMPP backend.
+
+You can find an example configuration file [here](documentation/examples/prosody/virtualhost.cfg.lua).
+
+You have to place this file in /etc/prosody/conf.avail/your_domain.cfg.lua.
+
+Replace peertube.im.your_domain with the domain you want.
+
+There must be a DNS record for that domain.
+
+NB : no need to have a DNS record for room.peertube.im.your_domain.
+
+To create the certificate, you can use certbot with letsencrypt:
+
+```certbot certonly --nginx --emailyour_email -d peertube.im.your_domain```
+
+Then:
+
+```prosodyctl --root cert import /etc/letsencrypt/live/```
+
+Please refer to the [Prosody documentation](https://prosody.im/doc/).
+
+NB : if you have not nginx on your server, please replace by the correct parameter.
+
+### XMPP over HTTP: nginx
+
+You can use the reverse proxy nginx to server the Prosody Bosh server.
+So your requests will be on the 443 port, and it will minimise cross domains constraints.
+
+There is an example file [here](documentation/examples/nginx/site.conf).
+
+NB: this example files also serve the static html files with converseJS.

documentation/examples/converseJS/host-meta

@@ -0,0 +1,5 @@
+<?xml version='1.0' encoding='utf-8'?>
+<XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'>
+  <Link rel="urn:xmpp:alt-connections:xbosh"
+        href="https://peertube.im.your_domain/http-bind" />
+</XRD>

documentation/examples/nginx/site.conf

@@ -0,0 +1,100 @@
+server {
+    if ($host = peertube.im.your_domain) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+  listen 80;
+  listen [::]:80;
+  server_name peertube.im.your_domain;
+
+  access_log /var/log/nginx/peertube.im.your_domain.access.log;
+  error_log /var/log/nginx/peertube.im.your_domain.error.log;
+
+  location / { return 301 https://$host$request_uri; }
+}
+
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  server_name peertube.im.your_domain;
+  
+  ssl_protocols TLSv1.2;
+  ssl_prefer_server_ciphers on;
+  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
+
+  access_log /var/log/nginx/peertube.im.your_domain.access.log;
+  error_log /var/log/nginx/peertube.im.your_domain.error.log;
+
+  root /var/www/peertube.im;
+  index index.html;
+
+  location / {
+    try_files $uri $uri/ =404;
+  }
+
+  location /.well-known/host-meta {
+   default_type "application/xml";
+   if ($request_method = 'OPTIONS') {
+      add_header 'Access-Control-Allow-Origin' '*';
+      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
+      add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+      add_header 'Access-Control-Max-Age' 1728000;
+      add_header 'Content-Type' 'text/plain; charset=utf-8';
+      add_header 'Content-Length' 0;
+      return 204;
+   }
+   if ($request_method = 'GET') {
+      add_header 'Access-Control-Allow-Origin' '*';
+      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
+      add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+      add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
+   }
+   try_files $uri $uri/ =404; 
+  }
+
+  location /http-bind {
+    if ($request_method = 'OPTIONS') {
+      add_header 'Access-Control-Allow-Origin' '*';
+      add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+      add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+      add_header 'Access-Control-Max-Age' 1728000;
+      add_header 'Content-Type' 'text/plain; charset=utf-8';
+      add_header 'Content-Length' 0;
+      return 204;
+   }
+   if ($request_method = 'POST') {
+      add_header 'Access-Control-Allow-Origin' '*';
+      add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+      add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+      add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
+   }
+   if ($request_method = 'GET') {
+      add_header 'Access-Control-Allow-Origin' '*';
+      add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+      add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+      add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
+   }
+
+    proxy_pass  http://localhost:5280/http-bind;
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-For $remote_addr;
+    proxy_buffering off;
+    tcp_nodelay on;
+  }
+
+  location /xmpp-websocket {
+    proxy_pass http://localhost:5280/xmpp-websocket;
+    proxy_http_version 1.1;
+    proxy_set_header Connection "Upgrade";
+    proxy_set_header Upgrade $http_upgrade;
+
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-For $remote_addr;
+    proxy_read_timeout 900s;
+  }
+
+
+    ssl_certificate /etc/letsencrypt/live/peertube.im.your_domain/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/peertube.im.your_domain/privkey.pem; # managed by Certbot
+}

documentation/examples/prosody/virtualhost.cfg.lua

@@ -0,0 +1,30 @@
+cross_domain_bosh = false;
+consider_bosh_secure = true;
+
+VirtualHost "peertube.im.your_domain"
+        authentication = "anonymous"
+        allow_anonymous_s2s = false
+        ssl = {
+                key = "/etc/prosody/certs/peertube.im.your_domain.key";
+                certificate = "/etc/prosody/certs/peertube.im.your_domain.crt";
+                }
+        modules_enabled = {
+            "http";
+            "bosh";
+            "ping";
+        }
+        admins = { "admin@im.your_domain" }
+
+Component "room.peertube.im.your_domain" "muc"
+        admins = { "admin@im.your_domain" }
+        restrict_room_creation = "local"
+        muc_room_locking = false
+        muc_tombstones = false
+        muc_room_default_language = "fr"
+        muc_room_default_public = true
+        muc_room_default_persistent = false
+        muc_room_default_members_only = false
+        muc_room_default_moderated = false
+        muc_room_default_public_jids = false
+        muc_room_default_change_subject = false
+        muc_room_default_history_length = 20