trent
/
trents_blog
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add Prosody Photo Uploads

This commit is contained in:
Trent Palmer 2021-01-25 08:37:39 -08:00
parent 8321671231
commit 0f885a69fd
22 changed files with 1465 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/index.md
View File

@ -5,6 +5,7 @@ authors: ["trent"]
# Trent's Blog
## **Posts By Date**
* [2021-01-25: Prosody Photo Uploads](posts/prosody-photo-uploads.md){target=_blank}
* [2021-01-09: Xmpp Apt Notifications](posts/xmpp-apt-notifications.md){target=_blank}
* [2020-12-20: Apache Virtual Hosts](posts/apache-virtual-hosts.md){target=_blank}
* [2020-12-19: SENDXMPPHandler for Python Logging](posts/sendxmpp-handler-for-python-logging.md){target=_blank}

252
docs/posts/prosody-photo-uploads.md Normal file
View File

@ -0,0 +1,252 @@
---
title: "Prosody Photo Uploads"
date: 2021-01-25
draft: false
tags: ["xmpp","prosody","debian","letsencrypt"]
authors: ["trent"]
---
date: 2021-01-25
## **Introduction**
Install [prosody](https://prosody.im/){target=_blank} on [Debian 10](https://www.debian.org/){target=_blank}
with photoupload, postgresql database, and letsencrypt certs.
## **DNS**
* Log into your dns provider and create A and AAAA records for *xmpp.example.com*
* Log into your dns provider and create A and AAAA records for *xmppupload.example.com*
## **FireWall**
Incidentally, you definitely do want to use a non-standard ssh port for connecting over the internet.
I would suggest that a firewall is important, because I couldn't figure out how to completely disable
port 5280 for the http protocol, in the clear, in the prosody config.
### ports
* `80/tcp`, `443/tcp` for certbot
* `4444/tcp` i.e. port 4444 for ssh
* `5222/tcp` for xmpp-client
* `5269/tcp` for xmpp-server
* `5281/tcp` for https connections to prosody for uploads and photos
### FireWall with UFW
* `ufw allow http`
* `ufw allow https`
* `ufw allow xmpp-client`
* `ufw allow xmpp-server`
* `ufw allow 5281/tcp`
* `ufw allow 4444/tcp` i.e. if 4444 for ssh
* `ufw enable` to start the firewall
## **Postgresql Database**
### Install the postgresql database.
```console
apt-get install postgresql postgresql-contrib
```
Log into the psql command line.
```console
sudo -u postgres psql
```
Create prosody database
```sql
postgres=# CREATE DATABASE prosody;
```
Creat prosody user
```sql
postgres=# CREATE ROLE prosody WITH LOGIN;
```
Set password for user
```sql
postgres=# \password prosody
```
Quit `psql`
```sql
postgres=# \q
```
### allow authentication in `pg_hba.conf`
To connect to postgresql via unix socket
```cfg
# /etc/postgresql/11/main/pg_hba.conf
# make sure this line is above
local prosody prosody md5
# make sure this line is below
local all all peer
```
or i.e. through a wireguard tunnel
```cfg
# /etc/postgresql/11/main/pg_hba.conf
# where 10.0.22.5 is the ip address of the machine that prosody will run on
host prosody prosody 10.0.22.5/32 md5
```
and then restart postgresql
```console
systemctl restart postgresql
```
## **Prosody**
### Install Prosody
```console
apt install prosody prosody-modules lua-dbi-postgresql
```
### Configure Prosody
backup the prosody config file
```console
cp /etc/prosody/prosody.cfg.lua /etc/prosody/prosody.cfg.lua.bak
```
if you want to disable advertising version and uptime, allow message archives,
and disallow registration, change this
```cfg
-- /etc/prosody/prosody.cfg.lua
modules_enabled = {
...
-- Nice to have
"version"; -- Replies to server version requests
"uptime"; -- Report how long server has been running
"time"; -- Let others know the time here on this server
"ping"; -- Replies to XMPP pings with pongs
"register"; -- Allow users to register on this server using a client and change passwords
--"mam"; -- Store messages in an archive and allow users to access it
--"csi_simple"; -- Simple Mobile optimizations
...
}
```
to this
```cfg
-- /etc/prosody/prosody.cfg.lua
modules_enabled = {
...
-- Nice to have
--"version"; -- Replies to server version requests
--"uptime"; -- Report how long server has been running
"time"; -- Let others know the time here on this server
"ping"; -- Replies to XMPP pings with pongs
--"register"; -- Allow users to register on this server using a client and change passwords
"mam"; -- Store messages in an archive and allow users to access it
--"csi_simple"; -- Simple Mobile optimizations
...
}
```
to force certificate authentication for server-to-server connections,
make the following edit around line 123
```cfg
-- /etc/prosody/prosody.cfg.lua
-- Force certificate authentication for server-to-server connections?
-- change this
s2s_secure_auth = false
-- to this
s2s_secure_auth = true
```
around line 147 enable sql
```cfg
-- /etc/prosody/prosody.cfg.lua
-- change this
--storage = "sql"
-- to this
storage = "sql"
```
and describe the database connection
```cfg
-- /etc/prosody/prosody.cfg.lua
-- change this
--sql = {
driver = "PostgreSQL",
database = "prosody",
username = "prosody",
password = "secret",
host = "localhost"
}
-- to this
sql = {
driver = "PostgreSQL",
database = "prosody",
username = "prosody",
password = "secret",
host = "localhost"
}
-- or to use a unix socket in Debian 10
sql = {
driver = "PostgreSQL",
database = "prosody",
username = "prosody",
password = "secret",
host = "/var/run/postgresql"
}
```
somewhere around line 196, describe the certificate file for the upoad subdomain
```cfg
-- /etc/prosody/prosody.cfg.lua
-- change this
--https_certificate = "/etc/prosody/certs/localhost.crt"
-- to this
https_certificate = "/etc/prosody/certs/xmppupload.example.com.crt"
```
somewhere around line 210 describe your virtualhost
```cfg
-- /etc/prosody/prosody.cfg.lua
VirtualHost "xmpp.example.com"
disco_items = {
{"xmppupload.example.com"},
}
```
add the following to the end of the file
```cfg
-- /etc/prosody/prosody.cfg.lua
Component "xmppupload.example.com" "http_upload"
```
and then restart prosody
```console
systemctl restart prososdy
```
## **Certbot**
install certbot
```console
apt install certbot
```
get certificates
```console
certbot certonly -d xmpp.example.com
certbot certonly -d xmppupload.example.com
```
import the certificates into prosody and restart prosody
```console
prosodyctl --root cert import /etc/letsencrypt/live
systemctl restart prosody
```
create the following renewal-hook for letsencrypt
```console
#!/bin/bash
# /etc/letsencrypt/renewal-hooks/deploy/prosody_deploy_hook
prosodyctl --root cert import /etc/letsencrypt/live
```

1
mkdocs.yml
View File

@ -19,6 +19,7 @@ markdown_extensions:
nav:
- Home:
- Home: index.md
- posts/prosody-photo-uploads.md
- posts/xmpp-apt-notifications.md
- posts/apache-virtual-hosts.md
- posts/sendxmpp-handler-for-python-logging.md

12
site/404.html
View File

@ -225,6 +225,18 @@
<li class="md-nav__item">
<a href="/posts/prosody-photo-uploads/" class="md-nav__link">
Prosody Photo Uploads
</a>
</li>
<li class="md-nav__item">
<a href="/posts/xmpp-apt-notifications/" class="md-nav__link">
Xmpp Apt Notifications

17
site/index.html
View File

@ -281,6 +281,18 @@
<li class="md-nav__item">
<a href="posts/prosody-photo-uploads/" class="md-nav__link">
Prosody Photo Uploads
</a>
</li>
<li class="md-nav__item">
<a href="posts/xmpp-apt-notifications/" class="md-nav__link">
Xmpp Apt Notifications
@ -515,6 +527,7 @@
<h1 id="trents-blog">Trent's Blog</h1>
<h2 id="posts-by-date"><strong>Posts By Date</strong></h2>
<ul>
<li><a href="posts/prosody-photo-uploads/" target="_blank">2021-01-25: Prosody Photo Uploads</a></li>
<li><a href="posts/xmpp-apt-notifications/" target="_blank">2021-01-09: Xmpp Apt Notifications</a></li>
<li><a href="posts/apache-virtual-hosts/" target="_blank">2020-12-20: Apache Virtual Hosts</a></li>
<li><a href="posts/sendxmpp-handler-for-python-logging/" target="_blank">2020-12-19: SENDXMPPHandler for Python Logging</a></li>
@ -553,13 +566,13 @@
<nav class="md-footer-nav__inner md-grid" aria-label="Footer">
<a href="posts/xmpp-apt-notifications/" class="md-footer-nav__link md-footer-nav__link--next" rel="next">
<a href="posts/prosody-photo-uploads/" class="md-footer-nav__link md-footer-nav__link--next" rel="next">
<div class="md-footer-nav__title">
<div class="md-ellipsis">
<span class="md-footer-nav__direction">
Next
</span>
Xmpp Apt Notifications
Prosody Photo Uploads
</div>
</div>
<div class="md-footer-nav__button md-icon">

12
site/links/index.html
View File

@ -234,6 +234,18 @@
<li class="md-nav__item">
<a href="../posts/prosody-photo-uploads/" class="md-nav__link">
Prosody Photo Uploads
</a>
</li>
<li class="md-nav__item">
<a href="../posts/xmpp-apt-notifications/" class="md-nav__link">
Xmpp Apt Notifications

12
site/posts/apache-virtual-hosts/index.html
View File

@ -236,6 +236,18 @@
<li class="md-nav__item">
<a href="../prosody-photo-uploads/" class="md-nav__link">
Prosody Photo Uploads
</a>
</li>
<li class="md-nav__item">
<a href="../xmpp-apt-notifications/" class="md-nav__link">
Xmpp Apt Notifications

12
site/posts/clear-linux-encrypted-xfs-root/index.html
View File

@ -236,6 +236,18 @@
<li class="md-nav__item">
<a href="../prosody-photo-uploads/" class="md-nav__link">
Prosody Photo Uploads
</a>
</li>
<li class="md-nav__item">
<a href="../xmpp-apt-notifications/" class="md-nav__link">
Xmpp Apt Notifications

12
site/posts/clear-linux-guest-virt-manager/index.html
View File

@ -236,6 +236,18 @@
<li class="md-nav__item">
<a href="../prosody-photo-uploads/" class="md-nav__link">
Prosody Photo Uploads
</a>
</li>
<li class="md-nav__item">
<a href="../xmpp-apt-notifications/" class="md-nav__link">
Xmpp Apt Notifications

12
site/posts/faster-partitioning-with-sgdisk/index.html
View File

@ -236,6 +236,18 @@
<li class="md-nav__item">
<a href="../prosody-photo-uploads/" class="md-nav__link">
Prosody Photo Uploads
</a>
</li>
<li class="md-nav__item">
<a href="../xmpp-apt-notifications/" class="md-nav__link">
Xmpp Apt Notifications

12
site/posts/instructions-for-tethering-from-phone/index.html
View File

@ -236,6 +236,18 @@
<li class="md-nav__item">
<a href="../prosody-photo-uploads/" class="md-nav__link">
Prosody Photo Uploads
</a>
</li>
<li class="md-nav__item">
<a href="../xmpp-apt-notifications/" class="md-nav__link">
Xmpp Apt Notifications

12
site/posts/linux-move-cursor-with-keyboard/index.html
View File

@ -236,6 +236,18 @@
<li class="md-nav__item">
<a href="../prosody-photo-uploads/" class="md-nav__link">
Prosody Photo Uploads
</a>
</li>
<li class="md-nav__item">
<a href="../xmpp-apt-notifications/" class="md-nav__link">
Xmpp Apt Notifications

12
site/posts/lmde3-xfs-full-disk-encryption/index.html
View File

@ -236,6 +236,18 @@
<li class="md-nav__item">
<a href="../prosody-photo-uploads/" class="md-nav__link">
Prosody Photo Uploads
</a>
</li>
<li class="md-nav__item">
<a href="../xmpp-apt-notifications/" class="md-nav__link">
Xmpp Apt Notifications

12
site/posts/lmde4-custom-partitions-disk-encryption/index.html
View File

@ -236,6 +236,18 @@
<li class="md-nav__item">
<a href="../prosody-photo-uploads/" class="md-nav__link">
Prosody Photo Uploads
</a>
</li>
<li class="md-nav__item">
<a href="../xmpp-apt-notifications/" class="md-nav__link">
Xmpp Apt Notifications

1007
site/posts/prosody-photo-uploads/index.html Normal file
View File

File diff suppressed because it is too large Load Diff

12
site/posts/rewrite-hugo-themes-report-in-python/index.html
View File

@ -236,6 +236,18 @@
<li class="md-nav__item">
<a href="../prosody-photo-uploads/" class="md-nav__link">
Prosody Photo Uploads
</a>
</li>
<li class="md-nav__item">
<a href="../xmpp-apt-notifications/" class="md-nav__link">
Xmpp Apt Notifications

12
site/posts/sendxmpp-handler-for-python-logging/index.html
View File

@ -236,6 +236,18 @@
<li class="md-nav__item">
<a href="../prosody-photo-uploads/" class="md-nav__link">
Prosody Photo Uploads
</a>
</li>
<li class="md-nav__item">
<a href="../xmpp-apt-notifications/" class="md-nav__link">
Xmpp Apt Notifications

12
site/posts/simplified-raspberry-streaming/index.html
View File

@ -236,6 +236,18 @@
<li class="md-nav__item">
<a href="../prosody-photo-uploads/" class="md-nav__link">
Prosody Photo Uploads
</a>
</li>
<li class="md-nav__item">
<a href="../xmpp-apt-notifications/" class="md-nav__link">
Xmpp Apt Notifications

16
site/posts/xmpp-apt-notifications/index.html
View File

@ -235,6 +235,18 @@
<li class="md-nav__item">
<a href="../prosody-photo-uploads/" class="md-nav__link">
Prosody Photo Uploads
</a>
</li>
@ -629,7 +641,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
<div class="md-footer-nav">
<nav class="md-footer-nav__inner md-grid" aria-label="Footer">
<a href="../.." class="md-footer-nav__link md-footer-nav__link--prev" rel="prev">
<a href="../prosody-photo-uploads/" class="md-footer-nav__link md-footer-nav__link--prev" rel="prev">
<div class="md-footer-nav__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg>
</div>
@ -638,7 +650,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
<span class="md-footer-nav__direction">
Previous
</span>
Home
Prosody Photo Uploads
</div>
</div>
</a>

2
site/search/search_index.json
View File

File diff suppressed because one or more lines are too long

32
site/sitemap.xml
View File

@ -1,59 +1,63 @@
<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"><url>
<loc>None</loc>
<lastmod>2021-01-10</lastmod>
<lastmod>2021-01-25</lastmod>
<changefreq>daily</changefreq>
</url><url>
<loc>None</loc>
<lastmod>2021-01-10</lastmod>
<lastmod>2021-01-25</lastmod>
<changefreq>daily</changefreq>
</url><url>
<loc>None</loc>
<lastmod>2021-01-10</lastmod>
<lastmod>2021-01-25</lastmod>
<changefreq>daily</changefreq>
</url><url>
<loc>None</loc>
<lastmod>2021-01-10</lastmod>
<lastmod>2021-01-25</lastmod>
<changefreq>daily</changefreq>
</url><url>
<loc>None</loc>
<lastmod>2021-01-10</lastmod>
<lastmod>2021-01-25</lastmod>
<changefreq>daily</changefreq>
</url><url>
<loc>None</loc>
<lastmod>2021-01-10</lastmod>
<lastmod>2021-01-25</lastmod>
<changefreq>daily</changefreq>
</url><url>
<loc>None</loc>
<lastmod>2021-01-10</lastmod>
<lastmod>2021-01-25</lastmod>
<changefreq>daily</changefreq>
</url><url>
<loc>None</loc>
<lastmod>2021-01-10</lastmod>
<lastmod>2021-01-25</lastmod>
<changefreq>daily</changefreq>
</url><url>
<loc>None</loc>
<lastmod>2021-01-10</lastmod>
<lastmod>2021-01-25</lastmod>
<changefreq>daily</changefreq>
</url><url>
<loc>None</loc>
<lastmod>2021-01-10</lastmod>
<lastmod>2021-01-25</lastmod>
<changefreq>daily</changefreq>
</url><url>
<loc>None</loc>
<lastmod>2021-01-10</lastmod>
<lastmod>2021-01-25</lastmod>
<changefreq>daily</changefreq>
</url><url>
<loc>None</loc>
<lastmod>2021-01-10</lastmod>
<lastmod>2021-01-25</lastmod>
<changefreq>daily</changefreq>
</url><url>
<loc>None</loc>
<lastmod>2021-01-10</lastmod>
<lastmod>2021-01-25</lastmod>
<changefreq>daily</changefreq>
</url><url>
<loc>None</loc>
<lastmod>2021-01-10</lastmod>
<lastmod>2021-01-25</lastmod>
<changefreq>daily</changefreq>
</url><url>
<loc>None</loc>
<lastmod>2021-01-25</lastmod>
<changefreq>daily</changefreq>
</url>
</urlset>

BIN
site/sitemap.xml.gz
View File

Binary file not shown.