Jabber server with Prosody

Update: If you use Puppet, I’ve written a module for Prosody which can be found here: https://forge.puppetlabs.com/JohannDickson/prosody

I’ve recently installed a Jabber server for use within my family, it’s a great way for us to communicate since we’re split among different places, don’t really use Skype or other, and it can be more convenient than SMS or email.

So I figured I’d keep track of my installation steps, and share them here.

In preparation, you will need to set up the following DNS records:

jabber.imnotacyb.org A ...
_jabber._tcp.imnotacyb.org CNAME jabber.imnotacyb.org
_xmpp-client._tcp.imnotacyb.org CNAME jabber.imnotacyb.org
_xmpp-server._tcp.imnotacyb.org CNAME jabber.imnotacyb.org

Also open the following Firewall ports:

TCP 5222
TCP 5269


apt-get install prosody lua-sec

I’m not going to be using ‘localhost’ configuration, so I’ll remove its configuration and keys:

cd /etc/prosody
rm conf.d/localhost.cfg.lua
rm certs/localhost.cert certs/localhost.key

Create new configuration file, based on existing example:

cp conf.avail/example.com.cfg.lua conf.avail/imnotacyb.org.cfg.lua

Certificate creation:

openssl req -new -x509 -days 365 -nodes \
 -out jabber.imnotacyb.org.crt \
 -keyout jabber.imnotacyb.org.key

Fill in the info, then put the keys in their proper location (/etc/prosody/certs/)

Modify your generic (virtualhost defaults) values in prosody.cfg.lua

nano prosody.cfg.lua

Here are the general changes I’ve done:

ssl = {
    key = "/etc/prosody/certs/localhost.key";
    certificate = "/etc/prosody/certs/localhost.cert";
--c2s_require_encryption = false
--s2s_require_encryption = false
c2s_require_encryption = true
s2s_require_encryption = true
authentication = "internal_plain"
authentication = "internal_hashed"

I also removed everything to do with the virtualhost and components, as these will be added on a per-site basis.

You can set your virtualhost configuration in prosody.cfg.lua if you want, but I prefer to make a separate virtualhost file:

nano conf.avail/imnotacyb.org.cfg.lua
-- jabber.imnotacyb.org

VirtualHost "jabber.imnotacyb.org"

-- admins = { "johann@jabber.imnotacyb.org" }

ssl = {
    key = "/etc/prosody/certs/jabber.imnotacyb.org.key",
    certificate = "/etc/prosody/certs/jabber.imnotacyb.org.crt",

modules_enabled = {

groups_file = "/etc/prosody/imnotacyb.org_groups.txt"

Component "conference.jabber.imnotacyb.org" "muc"
    name = "imnotacyb.org Conferences"
    restrict_room_creation = true

Create a symlink in conf.d to enable the virtualhost, then (re)start prosody.

Create the user accounts:

prosodyctl adduser johann@jabber.imnotacyb.org

Or for batch registrations:

prosodyctl register johann jabber.imnotacyb.org secretpassword

I’ve defined a file for groups, here’s what it looks like;

[Test group]

[Test group] is the name of the group; putting a + in front of the name ( such as [+Test group]) will make it a public group, viewable by everyone registered on the server.

In this example, a user will see the contact list as such:

Test group

Basically, if you put a name after an address (and an = sign), the users will see that name, instead of the jabber address.

You can now do the following command to reload the server configuration:

service prosody reload

And connect using your favourite client. I personally use Pidgin on Windows, and Xabber on Android.

This entry was posted in Linux, Software and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *