search

jsxc / xmpp-cloud-auth

:key: Authentication hub for Nextcloud+JSXC→Prosody, ejabberd, saslauthd, Postfix
https://www.jsxc.org
MIT License
59 stars 18 forks source link

XMPP server (encryption setup problem) #47

Closed Minahora closed 5 years ago

Minahora commented 6 years ago

Hello, I can't setting up my xmpp server, I tried to ask for help in the forum of nextcloud but unsuccessfully. sualko said i can ask the help here.

My xmpp server and my nextcloud is in the same machine.

I have a message : screenshot_5

So i use bind9 for my domain name. My config : 1

My config apache : 2

my config prosody.cfg.lua : 

@@ -26,6 +26,9 @@
 -- For more information see: http://prosody.im/doc/libevent
 --use_libevent = true;

+plugin_paths = { "/opt/xmpp-cloud-auth/prosody-modules" }

 -- This is the list of modules Prosody will load on startup.
 -- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
 -- Documentation on modules can be found at: http://prosody.im/doc/modules
@@ -52,14 +55,14 @@
        "time"; -- Let others know the time here on this server
        "ping"; -- Replies to XMPP pings with pongs
        "pep"; -- Enables users to publish their mood, activity, playing music and more
        "register"; -- Allow users to register on this server using a client and change passwords
+       -- "register"; -- Allow users to register on this server using a client and change passwords

    -- Admin interfaces
        "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
        --"admin_telnet"; -- Opens telnet console interface on localhost port 5582

    -- HTTP modules
-       --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
        "bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
        --"http_files"; -- Serve static files from a directory over HTTP

    -- Other specific functionality
@@ -80,6 +83,8 @@
    -- "s2s"; -- Handle server-to-server connections
 };

cross_domain_bosh = true;

 -- Disable account creation by default, for security
 -- For more information see http://prosody.im/doc/creating_accounts
 allow_registration = false;
@@ -98,14 +103,14 @@
 -- These are the SSL/TLS-related settings. If you don't want
 -- to use SSL/TLS, you may comment or remove this
 ssl = {

+   key = "/etc/letsencrypt/live/example.org/privkey.pem";
+   certificate = "/etc/letsencrypt/live/example.org/fullchain.pem";
 }

 -- Force clients to use encrypted connections? This option will
 -- prevent clients from authenticating unless they are using encryption.

c2s_require_encryption = true

 -- Force certificate authentication for server-to-server connections?
 -- This provides ideal security, but requires servers you communicate
@@ -113,7 +118,7 @@
 -- NOTE: Your version of LuaSec must support certificate verification!
 -- For more information see http://prosody.im/doc/s2s#security

s2s_secure_auth = true

 -- Many servers don't support encryption or have invalid or self-signed
 -- certificates. You can list domains here that will not be required to
@@ -133,7 +138,8 @@
 -- server please see http://prosody.im/doc/modules/mod_auth_internal_hashed
 -- for information about using the hashed backend.

authentication = "external"

 -- Select the storage backend to use. By default Prosody uses flat files
 -- in its configured data directory, but it also supports more backends
@@ -166,17 +172,12 @@
 -- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
 -- Settings under each VirtualHost entry apply *only* to that host.

+VirtualHost "projet.tut"

    -- Assign this host a certificate for TLS, otherwise it would use the one
    -- set in the global section (if any).
    -- Note that old-style SSL on port 5223 only supports one certificate, and will always
    -- use the global one.
-   ssl = {
-       key = "/etc/prosody/certs/example.com.key";
-       certificate = "/etc/prosody/certs/example.com.crt";
-   }

 ------ Components ------
 -- You can specify components to add hosts that provide special services,

I have question.. I need https ? i need ssl ? 

+   key = "/etc/letsencrypt/live/example.org/privkey.pem";
+   certificate = "/etc/letsencrypt/live/example.org/fullchain.pem";

it's important ?

i'm beginner in the xmpp server... sorry.

Step 1 : Installing the software : OK Step 2 : Setting up DNS entries : OK Step 3 : Setting up Apache with a Let’s Encrypt certificate : Apache ok, but Let’s encrypt don't setting up Step 4 : Prosody : Not okay… I tried to modify the file " / etc. / prosody / prosody.cfg.lua

Thanks for your answer

MarcelWaldvogel commented 6 years ago

Sorry for the delay, that somehow fell under my radar.

Did you have a look at https://github.com/jsxc/xmpp-cloud-auth/wiki/raspberry-pi-en ? That provides step-by-step setup instructions. Please let me know if anything there remains unclear.

sualko commented 6 years ago

You should also check your js console for errors.

MarcelWaldvogel commented 6 years ago

Did you make any progress using the guided tour? Or did new issues arrive?

MarcelWaldvogel commented 5 years ago

Closing due to inactivity