From a5de35c567c31b5f82d71b7c3cfae6debe22e320 Mon Sep 17 00:00:00 2001 From: John Livingston Date: Fri, 19 Feb 2021 19:38:39 +0100 Subject: [PATCH] Documentation --- README.md | 43 +++++++- documentation/examples/converseJS/host-meta | 5 + documentation/examples/nginx/site.conf | 100 ++++++++++++++++++ .../examples/prosody/virtualhost.cfg.lua | 30 ++++++ 4 files changed, 176 insertions(+), 2 deletions(-) create mode 100644 documentation/examples/converseJS/host-meta create mode 100644 documentation/examples/nginx/site.conf create mode 100644 documentation/examples/prosody/virtualhost.cfg.lua diff --git a/README.md b/README.md index f4f40de5..6329cf63 100644 --- a/README.md +++ b/README.md @@ -9,9 +9,9 @@ This is under development. It is not functional yet. For now, there is no documentation for how you can setup the webchat. It has to be setup by your own. For example with a XMPP Server and the ConverseJS Javascript. -Next step: document how you can setup the XMPP server. +## XMPP backend with ConverseJS -## ConverseJS +### ConverseJS Once you have a XMPP server that allow anonymous authentication, with bosh (or websocket) enabled, you can - for example - setup a html page that looks like @@ -21,3 +21,42 @@ by your actual domain. NB : there is a bug in the converseJS 7.0.4 release. The dist files don't work. So if you are not building converseJS yourself, use version 7.0.3 instead. + +NB: for converseJS to find your server configuration (bosh, websocket, ...), +you have to add a file [/.well-known/host-meta](documentation/examples/converseJS/host-meta). +Please refer to the converseJS documentation. + +### XMPP Server: Prosody + +You can use Prosody for the XMPP backend. + +You can find an example configuration file [here](documentation/examples/prosody/virtualhost.cfg.lua). + +You have to place this file in /etc/prosody/conf.avail/your_domain.cfg.lua. + +Replace peertube.im.your_domain with the domain you want. + +There must be a DNS record for that domain. + +NB : no need to have a DNS record for room.peertube.im.your_domain. + +To create the certificate, you can use certbot with letsencrypt: + +```certbot certonly --nginx --emailyour_email -d peertube.im.your_domain``` + +Then: + +```prosodyctl --root cert import /etc/letsencrypt/live/``` + +Please refer to the [Prosody documentation](https://prosody.im/doc/). + +NB : if you have not nginx on your server, please replace by the correct parameter. + +### XMPP over HTTP: nginx + +You can use the reverse proxy nginx to server the Prosody Bosh server. +So your requests will be on the 443 port, and it will minimise cross domains constraints. + +There is an example file [here](documentation/examples/nginx/site.conf). + +NB: this example files also serve the static html files with converseJS. diff --git a/documentation/examples/converseJS/host-meta b/documentation/examples/converseJS/host-meta new file mode 100644 index 00000000..265231a3 --- /dev/null +++ b/documentation/examples/converseJS/host-meta @@ -0,0 +1,5 @@ + + + + diff --git a/documentation/examples/nginx/site.conf b/documentation/examples/nginx/site.conf new file mode 100644 index 00000000..375e7b72 --- /dev/null +++ b/documentation/examples/nginx/site.conf @@ -0,0 +1,100 @@ +server { + if ($host = peertube.im.your_domain) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + listen [::]:80; + server_name peertube.im.your_domain; + + access_log /var/log/nginx/peertube.im.your_domain.access.log; + error_log /var/log/nginx/peertube.im.your_domain.error.log; + + location / { return 301 https://$host$request_uri; } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name peertube.im.your_domain; + + ssl_protocols TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; + + access_log /var/log/nginx/peertube.im.your_domain.access.log; + error_log /var/log/nginx/peertube.im.your_domain.error.log; + + root /var/www/peertube.im; + index index.html; + + location / { + try_files $uri $uri/ =404; + } + + location /.well-known/host-meta { + default_type "application/xml"; + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; + add_header 'Access-Control-Max-Age' 1728000; + add_header 'Content-Type' 'text/plain; charset=utf-8'; + add_header 'Content-Length' 0; + return 204; + } + if ($request_method = 'GET') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; + add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; + } + try_files $uri $uri/ =404; + } + + location /http-bind { + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; + add_header 'Access-Control-Max-Age' 1728000; + add_header 'Content-Type' 'text/plain; charset=utf-8'; + add_header 'Content-Length' 0; + return 204; + } + if ($request_method = 'POST') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; + add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; + } + if ($request_method = 'GET') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; + add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; + } + + proxy_pass http://localhost:5280/http-bind; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_buffering off; + tcp_nodelay on; + } + + location /xmpp-websocket { + proxy_pass http://localhost:5280/xmpp-websocket; + proxy_http_version 1.1; + proxy_set_header Connection "Upgrade"; + proxy_set_header Upgrade $http_upgrade; + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_read_timeout 900s; + } + + + ssl_certificate /etc/letsencrypt/live/peertube.im.your_domain/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/peertube.im.your_domain/privkey.pem; # managed by Certbot +} diff --git a/documentation/examples/prosody/virtualhost.cfg.lua b/documentation/examples/prosody/virtualhost.cfg.lua new file mode 100644 index 00000000..d8301d17 --- /dev/null +++ b/documentation/examples/prosody/virtualhost.cfg.lua @@ -0,0 +1,30 @@ +cross_domain_bosh = false; +consider_bosh_secure = true; + +VirtualHost "peertube.im.your_domain" + authentication = "anonymous" + allow_anonymous_s2s = false + ssl = { + key = "/etc/prosody/certs/peertube.im.your_domain.key"; + certificate = "/etc/prosody/certs/peertube.im.your_domain.crt"; + } + modules_enabled = { + "http"; + "bosh"; + "ping"; + } + admins = { "admin@im.your_domain" } + +Component "room.peertube.im.your_domain" "muc" + admins = { "admin@im.your_domain" } + restrict_room_creation = "local" + muc_room_locking = false + muc_tombstones = false + muc_room_default_language = "fr" + muc_room_default_public = true + muc_room_default_persistent = false + muc_room_default_members_only = false + muc_room_default_moderated = false + muc_room_default_public_jids = false + muc_room_default_change_subject = false + muc_room_default_history_length = 20