trents_blog/site/posts/prosody-photo-uploads/index.html
2021-09-02 13:52:37 -07:00

1260 lines
37 KiB
HTML

<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="description" content="Trent's blog of mostly technical documentations.">
<link rel="canonical" href="https://blog.trentsonlinedocs.xyz/posts/prosody-photo-uploads/">
<link rel="icon" href="../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
<title>Prosody Photo Uploads - Trent's Blog</title>
<link rel="stylesheet" href="../../assets/stylesheets/main.802231af.min.css">
<link rel="stylesheet" href="../../assets/stylesheets/palette.3f5d1f46.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
<style>:root{--md-text-font-family:"Roboto";--md-code-font-family:"Roboto Mono"}</style>
<link rel="stylesheet" href="../../extra.css">
</head>
<body dir="ltr" data-md-color-scheme="default" data-md-color-primary="" data-md-color-accent="">
<script>function __prefix(e){return new URL("../..",location).pathname+"."+e}function __get(e,t=localStorage){return JSON.parse(t.getItem(__prefix(e)))}</script>
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#introduction" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<header class="md-header" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href="../.." title="Trent&#39;s Blog" class="md-header__button md-logo" aria-label="Trent's Blog" data-md-component="logo">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54z"/></svg>
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
Trent's Blog
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
Prosody Photo Uploads
</span>
</div>
</div>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<nav class="md-tabs" aria-label="Tabs" data-md-component="tabs">
<div class="md-tabs__inner md-grid">
<ul class="md-tabs__list">
<li class="md-tabs__item">
<a href="../.." class="md-tabs__link md-tabs__link--active">
Home
</a>
</li>
<li class="md-tabs__item">
<a href="../../links/" class="md-tabs__link">
Links
</a>
</li>
<li class="md-tabs__item">
<a href="../../rss/" class="md-tabs__link">
RSS
</a>
</li>
</ul>
</div>
</nav>
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href="../.." title="Trent&#39;s Blog" class="md-nav__button md-logo" aria-label="Trent's Blog" data-md-component="logo">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54z"/></svg>
</a>
Trent's Blog
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_1" type="checkbox" id="__nav_1" checked>
<label class="md-nav__link" for="__nav_1">
Home
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Home" data-md-level="1">
<label class="md-nav__title" for="__nav_1">
<span class="md-nav__icon md-icon"></span>
Home
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../.." class="md-nav__link">
Home
</a>
</li>
<li class="md-nav__item">
<a href="../trents-favorite-podcasts/" class="md-nav__link">
Trent's Favorite Podcasts
</a>
</li>
<li class="md-nav__item">
<a href="../test-qr-svg-django/" class="md-nav__link">
Test QRCODE Svg in Django
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" data-md-toggle="toc" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
Prosody Photo Uploads
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
Prosody Photo Uploads
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#introduction" class="md-nav__link">
Introduction
</a>
</li>
<li class="md-nav__item">
<a href="#dns" class="md-nav__link">
DNS
</a>
</li>
<li class="md-nav__item">
<a href="#firewall" class="md-nav__link">
FireWall
</a>
<nav class="md-nav" aria-label="FireWall">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#ports" class="md-nav__link">
ports
</a>
</li>
<li class="md-nav__item">
<a href="#firewall-with-ufw" class="md-nav__link">
FireWall with UFW
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#postgresql-database" class="md-nav__link">
Postgresql Database
</a>
<nav class="md-nav" aria-label="Postgresql Database">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#install-the-postgresql-database" class="md-nav__link">
Install the postgresql database.
</a>
</li>
<li class="md-nav__item">
<a href="#allow-authentication-in-pg_hbaconf" class="md-nav__link">
allow authentication in pg_hba.conf
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#prosody" class="md-nav__link">
Prosody
</a>
<nav class="md-nav" aria-label="Prosody">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#install-prosody" class="md-nav__link">
Install Prosody
</a>
</li>
<li class="md-nav__item">
<a href="#configure-prosody" class="md-nav__link">
Configure Prosody
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#certbot" class="md-nav__link">
Certbot
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../xmpp-apt-notifications/" class="md-nav__link">
Xmpp Apt Notifications
</a>
</li>
<li class="md-nav__item">
<a href="../apache-virtual-hosts/" class="md-nav__link">
Apache Virtual Hosts
</a>
</li>
<li class="md-nav__item">
<a href="../sendxmpp-handler-for-python-logging/" class="md-nav__link">
SENDXMPPHandler for Python Logging
</a>
</li>
<li class="md-nav__item">
<a href="../instructions-for-tethering-from-phone/" class="md-nav__link">
Instructions For Tethering From Phone
</a>
</li>
<li class="md-nav__item">
<a href="../lmde4-custom-partitions-disk-encryption/" class="md-nav__link">
LMDE4 Custom Partitions Disk Encryption
</a>
</li>
<li class="md-nav__item">
<a href="../linux-move-cursor-with-keyboard/" class="md-nav__link">
Linux Move Cursor With Keyboard
</a>
</li>
<li class="md-nav__item">
<a href="../simplified-raspberry-streaming/" class="md-nav__link">
Simplified Raspberry Streaming
</a>
</li>
<li class="md-nav__item">
<a href="../clear-linux-encrypted-xfs-root/" class="md-nav__link">
Clear Linux Encrypted xfs Root
</a>
</li>
<li class="md-nav__item">
<a href="../clear-linux-guest-virt-manager/" class="md-nav__link">
Clear Linux Guest Virt Manager
</a>
</li>
<li class="md-nav__item">
<a href="../faster-partitioning-with-sgdisk/" class="md-nav__link">
Faster Partitioning With sgdisk
</a>
</li>
<li class="md-nav__item">
<a href="../lmde3-xfs-full-disk-encryption/" class="md-nav__link">
LMDE3 xfs Full Disk Encryption
</a>
</li>
<li class="md-nav__item">
<a href="../rewrite-hugo-themes-report-in-python/" class="md-nav__link">
Rewrite Hugo Themes Report in Python
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_2" type="checkbox" id="__nav_2" >
<label class="md-nav__link" for="__nav_2">
Links
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Links" data-md-level="1">
<label class="md-nav__title" for="__nav_2">
<span class="md-nav__icon md-icon"></span>
Links
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../links/" class="md-nav__link">
Links
</a>
</li>
<li class="md-nav__item">
<a href="https://trentpalmer.org" class="md-nav__link">
TrentReads
</a>
</li>
<li class="md-nav__item">
<a href="https://blog.trentpalmer.org" class="md-nav__link">
AttentionSpanHistory
</a>
</li>
<li class="md-nav__item">
<a href="https://github.com/TrentSPalmer" class="md-nav__link">
GitHub
</a>
</li>
<li class="md-nav__item">
<a href="https://twitter.com/boringtrent" class="md-nav__link">
Twitter
</a>
</li>
<li class="md-nav__item">
<a href="https://www.facebook.com/trentspalmer" class="md-nav__link">
Facebook
</a>
</li>
<li class="md-nav__item">
<a href="https://docs.trentsonlinedocs.xyz/" class="md-nav__link">
TrentDocs
</a>
</li>
<li class="md-nav__item">
<a href="https://trentsonlinedocs.xyz/hugo-themes-report/hugo-themes-report.html" class="md-nav__link">
HugoThemesReport
</a>
</li>
<li class="md-nav__item">
<a href="https://play.google.com/store/apps/details?id=org.trentpalmer.libre_gps_parser" class="md-nav__link">
LibreGpsParser
</a>
</li>
<li class="md-nav__item">
<a href="https://concise-pdx.com/" class="md-nav__link">
ConcisePDX
</a>
</li>
<li class="md-nav__item">
<a href="https://trentspalmer.github.io/fcc-challenges/" class="md-nav__link">
FreeCodeCampChallenges
</a>
</li>
<li class="md-nav__item">
<a href="https://trentpalmer.work/6a57bbe24d8244289610bf57533d6c6f/" class="md-nav__link">
DeviceLayout
</a>
</li>
<li class="md-nav__item">
<a href="https://www.oregonhikers.org/field_guide/" class="md-nav__link">
OregonHikersFieldGuide
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3" type="checkbox" id="__nav_3" >
<label class="md-nav__link" for="__nav_3">
RSS
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="RSS" data-md-level="1">
<label class="md-nav__title" for="__nav_3">
<span class="md-nav__icon md-icon"></span>
RSS
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../rss/" class="md-nav__link">
RSS
</a>
</li>
<li class="md-nav__item">
<a href="/feed_rss_created.xml" class="md-nav__link">
RssCreated
</a>
</li>
<li class="md-nav__item">
<a href="/feed_rss_updated.xml" class="md-nav__link">
RssUpdated
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#introduction" class="md-nav__link">
Introduction
</a>
</li>
<li class="md-nav__item">
<a href="#dns" class="md-nav__link">
DNS
</a>
</li>
<li class="md-nav__item">
<a href="#firewall" class="md-nav__link">
FireWall
</a>
<nav class="md-nav" aria-label="FireWall">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#ports" class="md-nav__link">
ports
</a>
</li>
<li class="md-nav__item">
<a href="#firewall-with-ufw" class="md-nav__link">
FireWall with UFW
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#postgresql-database" class="md-nav__link">
Postgresql Database
</a>
<nav class="md-nav" aria-label="Postgresql Database">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#install-the-postgresql-database" class="md-nav__link">
Install the postgresql database.
</a>
</li>
<li class="md-nav__item">
<a href="#allow-authentication-in-pg_hbaconf" class="md-nav__link">
allow authentication in pg_hba.conf
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#prosody" class="md-nav__link">
Prosody
</a>
<nav class="md-nav" aria-label="Prosody">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#install-prosody" class="md-nav__link">
Install Prosody
</a>
</li>
<li class="md-nav__item">
<a href="#configure-prosody" class="md-nav__link">
Configure Prosody
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#certbot" class="md-nav__link">
Certbot
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<h1>Prosody Photo Uploads</h1>
<p>date: 2021-01-25</p>
<h2 id="introduction"><strong>Introduction</strong></h2>
<p>Install <a href="https://prosody.im/" target="_blank">prosody</a> on <a href="https://www.debian.org/" target="_blank">Debian 10</a>
with photoupload, postgresql database, and letsencrypt certs.</p>
<h2 id="dns"><strong>DNS</strong></h2>
<ul>
<li>Log into your dns provider and create A and AAAA records for <em>xmpp.example.com</em></li>
<li>Log into your dns provider and create A and AAAA records for <em>xmppupload.example.com</em></li>
</ul>
<h2 id="firewall"><strong>FireWall</strong></h2>
<p>Incidentally, you definitely do want to use a non-standard ssh port for connecting over the internet.</p>
<p>I would suggest that a firewall is important, because I couldn't figure out how to completely disable
port 5280 for the http protocol, in the clear, in the prosody config.</p>
<h3 id="ports">ports</h3>
<ul>
<li><code>80/tcp</code>, <code>443/tcp</code> for certbot</li>
<li><code>4444/tcp</code> i.e. port 4444 for ssh</li>
<li><code>5222/tcp</code> for xmpp-client</li>
<li><code>5269/tcp</code> for xmpp-server</li>
<li><code>5281/tcp</code> for https connections to prosody for uploads and photos</li>
</ul>
<h3 id="firewall-with-ufw">FireWall with UFW</h3>
<ul>
<li><code>ufw allow http</code></li>
<li><code>ufw allow https</code></li>
<li><code>ufw allow xmpp-client</code></li>
<li><code>ufw allow xmpp-server</code></li>
<li><code>ufw allow 5281/tcp</code></li>
<li><code>ufw allow 4444/tcp</code> i.e. if 4444 for ssh</li>
<li><code>ufw enable</code> to start the firewall</li>
</ul>
<h2 id="postgresql-database"><strong>Postgresql Database</strong></h2>
<h3 id="install-the-postgresql-database">Install the postgresql database.</h3>
<p><div class="highlight"><pre><span></span><code><span class="go">apt-get install postgresql postgresql-contrib</span>
</code></pre></div>
Log into the psql command line.
<div class="highlight"><pre><span></span><code><span class="go">sudo -u postgres psql</span>
</code></pre></div>
Create prosody database
<div class="highlight"><pre><span></span><code><span class="n">postgres</span><span class="o">=#</span> <span class="k">CREATE</span> <span class="k">DATABASE</span> <span class="n">prosody</span><span class="p">;</span>
</code></pre></div>
Creat prosody user
<div class="highlight"><pre><span></span><code><span class="n">postgres</span><span class="o">=#</span> <span class="k">CREATE</span> <span class="k">ROLE</span> <span class="n">prosody</span> <span class="k">WITH</span> <span class="n">LOGIN</span><span class="p">;</span>
</code></pre></div>
Set password for user
<div class="highlight"><pre><span></span><code><span class="n">postgres</span><span class="o">=#</span> <span class="err">\</span><span class="n">password</span> <span class="n">prosody</span>
</code></pre></div>
Quit <code>psql</code>
<div class="highlight"><pre><span></span><code><span class="n">postgres</span><span class="o">=#</span> <span class="err">\</span><span class="n">q</span>
</code></pre></div></p>
<h3 id="allow-authentication-in-pg_hbaconf">allow authentication in <code>pg_hba.conf</code></h3>
<p>To connect to postgresql via unix socket
<div class="highlight"><pre><span></span><code><span class="c1"># /etc/postgresql/11/main/pg_hba.conf</span>
<span class="c1"># make sure this line is above</span>
<span class="na">local prosody prosody md5</span>
<span class="c1"># make sure this line is below</span>
<span class="na">local all all peer</span>
</code></pre></div>
or i.e. through a wireguard tunnel
<div class="highlight"><pre><span></span><code><span class="c1"># /etc/postgresql/11/main/pg_hba.conf</span>
<span class="c1"># where 10.0.22.5 is the ip address of the machine that prosody will run on </span>
<span class="na">host prosody prosody 10.0.22.5/32 md5</span>
</code></pre></div></p>
<p>and then restart postgresql
<div class="highlight"><pre><span></span><code><span class="go">systemctl restart postgresql</span>
</code></pre></div></p>
<h2 id="prosody"><strong>Prosody</strong></h2>
<h3 id="install-prosody">Install Prosody</h3>
<div class="highlight"><pre><span></span><code><span class="go">apt install prosody prosody-modules lua-dbi-postgresql</span>
</code></pre></div>
<h3 id="configure-prosody">Configure Prosody</h3>
<p>backup the prosody config file
<div class="highlight"><pre><span></span><code><span class="go">cp /etc/prosody/prosody.cfg.lua /etc/prosody/prosody.cfg.lua.bak</span>
</code></pre></div></p>
<p>if you want to disable advertising version and uptime, allow message archives,
and disallow registration, change this
<div class="highlight"><pre><span></span><code><span class="na">-- /etc/prosody/prosody.cfg.lua</span>
<span class="na">modules_enabled</span> <span class="o">=</span> <span class="s">{</span>
<span class="na">...</span>
<span class="na">-- Nice to have</span>
<span class="na">&quot;version&quot;; -- Replies to server version requests</span>
<span class="na">&quot;uptime&quot;; -- Report how long server has been running</span>
<span class="na">&quot;time&quot;; -- Let others know the time here on this server</span>
<span class="na">&quot;ping&quot;; -- Replies to XMPP pings with pongs</span>
<span class="na">&quot;register&quot;; -- Allow users to register on this server using a client and change passwords</span>
<span class="na">--&quot;mam&quot;; -- Store messages in an archive and allow users to access it</span>
<span class="na">--&quot;csi_simple&quot;; -- Simple Mobile optimizations</span>
<span class="na">...</span>
<span class="na">}</span>
</code></pre></div></p>
<p>to this
<div class="highlight"><pre><span></span><code><span class="na">-- /etc/prosody/prosody.cfg.lua</span>
<span class="na">modules_enabled</span> <span class="o">=</span> <span class="s">{</span>
<span class="na">...</span>
<span class="na">-- Nice to have</span>
<span class="na">--&quot;version&quot;; -- Replies to server version requests</span>
<span class="na">--&quot;uptime&quot;; -- Report how long server has been running</span>
<span class="na">&quot;time&quot;; -- Let others know the time here on this server</span>
<span class="na">&quot;ping&quot;; -- Replies to XMPP pings with pongs</span>
<span class="na">--&quot;register&quot;; -- Allow users to register on this server using a client and change passwords</span>
<span class="na">&quot;mam&quot;; -- Store messages in an archive and allow users to access it</span>
<span class="na">--&quot;csi_simple&quot;; -- Simple Mobile optimizations</span>
<span class="na">...</span>
<span class="na">}</span>
</code></pre></div></p>
<p>to force certificate authentication for server-to-server connections,
make the following edit around line 123
<div class="highlight"><pre><span></span><code><span class="na">-- /etc/prosody/prosody.cfg.lua</span>
<span class="na">-- Force certificate authentication for server-to-server connections?</span>
<span class="na">-- change this</span>
<span class="na">s2s_secure_auth</span> <span class="o">=</span> <span class="s">false</span>
<span class="na">-- to this</span>
<span class="na">s2s_secure_auth</span> <span class="o">=</span> <span class="s">true</span>
</code></pre></div></p>
<p>around line 147 enable sql
<div class="highlight"><pre><span></span><code><span class="na">-- /etc/prosody/prosody.cfg.lua</span>
<span class="na">-- change this</span>
<span class="na">--storage</span> <span class="o">=</span> <span class="s">&quot;sql&quot;</span>
<span class="na">-- to this</span>
<span class="na">storage</span> <span class="o">=</span> <span class="s">&quot;sql&quot;</span>
</code></pre></div></p>
<p>and describe the database connection
<div class="highlight"><pre><span></span><code><span class="na">-- /etc/prosody/prosody.cfg.lua</span>
<span class="na">-- change this</span>
<span class="na">--sql</span> <span class="o">=</span> <span class="s">{</span>
<span class="na">driver</span> <span class="o">=</span> <span class="s">&quot;PostgreSQL&quot;,</span>
<span class="na">database</span> <span class="o">=</span> <span class="s">&quot;prosody&quot;,</span>
<span class="na">username</span> <span class="o">=</span> <span class="s">&quot;prosody&quot;,</span>
<span class="na">password</span> <span class="o">=</span> <span class="s">&quot;secret&quot;,</span>
<span class="na">host</span> <span class="o">=</span> <span class="s">&quot;localhost&quot;</span>
<span class="na">}</span>
<span class="na">-- to this</span>
<span class="na">sql</span> <span class="o">=</span> <span class="s">{</span>
<span class="na">driver</span> <span class="o">=</span> <span class="s">&quot;PostgreSQL&quot;,</span>
<span class="na">database</span> <span class="o">=</span> <span class="s">&quot;prosody&quot;,</span>
<span class="na">username</span> <span class="o">=</span> <span class="s">&quot;prosody&quot;,</span>
<span class="na">password</span> <span class="o">=</span> <span class="s">&quot;secret&quot;,</span>
<span class="na">host</span> <span class="o">=</span> <span class="s">&quot;localhost&quot;</span>
<span class="na">}</span>
<span class="na">-- or to use a unix socket in Debian 10</span>
<span class="na">sql</span> <span class="o">=</span> <span class="s">{</span>
<span class="na">driver</span> <span class="o">=</span> <span class="s">&quot;PostgreSQL&quot;,</span>
<span class="na">database</span> <span class="o">=</span> <span class="s">&quot;prosody&quot;,</span>
<span class="na">username</span> <span class="o">=</span> <span class="s">&quot;prosody&quot;,</span>
<span class="na">password</span> <span class="o">=</span> <span class="s">&quot;secret&quot;,</span>
<span class="na">host</span> <span class="o">=</span> <span class="s">&quot;/var/run/postgresql&quot;</span>
<span class="na">}</span>
</code></pre></div></p>
<p>somewhere around line 196, describe the certificate file for the upoad subdomain
<div class="highlight"><pre><span></span><code><span class="na">-- /etc/prosody/prosody.cfg.lua</span>
<span class="na">-- change this</span>
<span class="na">--https_certificate</span> <span class="o">=</span> <span class="s">&quot;/etc/prosody/certs/localhost.crt&quot;</span>
<span class="na">-- to this</span>
<span class="na">https_certificate</span> <span class="o">=</span> <span class="s">&quot;/etc/prosody/certs/xmppupload.example.com.crt&quot;</span>
</code></pre></div></p>
<p>somewhere around line 210 describe your virtualhost
<div class="highlight"><pre><span></span><code><span class="na">-- /etc/prosody/prosody.cfg.lua</span>
<span class="na">VirtualHost &quot;xmpp.example.com&quot;</span>
<span class="na">disco_items</span> <span class="o">=</span> <span class="s">{</span>
<span class="na">{&quot;xmppupload.example.com&quot;},</span>
<span class="na">}</span>
</code></pre></div></p>
<p>add the following to the end of the file
<div class="highlight"><pre><span></span><code><span class="na">-- /etc/prosody/prosody.cfg.lua</span>
<span class="na">Component &quot;xmppupload.example.com&quot; &quot;http_upload&quot;</span>
</code></pre></div></p>
<p>and then restart prosody
<div class="highlight"><pre><span></span><code><span class="go">systemctl restart prososdy</span>
</code></pre></div></p>
<h2 id="certbot"><strong>Certbot</strong></h2>
<p>install certbot
<div class="highlight"><pre><span></span><code><span class="go">apt install certbot</span>
</code></pre></div>
get certificates
<div class="highlight"><pre><span></span><code><span class="go">certbot certonly -d xmpp.example.com</span>
<span class="go">certbot certonly -d xmppupload.example.com</span>
</code></pre></div>
import the certificates into prosody and restart prosody
<div class="highlight"><pre><span></span><code><span class="go">prosodyctl --root cert import /etc/letsencrypt/live</span>
<span class="go">systemctl restart prosody</span>
</code></pre></div>
create the following renewal-hook for letsencrypt
<div class="highlight"><pre><span></span><code><span class="gp">#</span>!/bin/bash
<span class="gp"># </span>/etc/letsencrypt/renewal-hooks/deploy/prosody_deploy_hook
<span class="go">prosodyctl --root cert import /etc/letsencrypt/live</span>
</code></pre></div></p>
</article>
</div>
</div>
</main>
<footer class="md-footer">
<nav class="md-footer__inner md-grid" aria-label="Footer">
<a href="../test-qr-svg-django/" class="md-footer__link md-footer__link--prev" aria-label="Previous: Test QRCODE Svg in Django" rel="prev">
<div class="md-footer__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg>
</div>
<div class="md-footer__title">
<div class="md-ellipsis">
<span class="md-footer__direction">
Previous
</span>
Test QRCODE Svg in Django
</div>
</div>
</a>
<a href="../xmpp-apt-notifications/" class="md-footer__link md-footer__link--next" aria-label="Next: Xmpp Apt Notifications" rel="next">
<div class="md-footer__title">
<div class="md-ellipsis">
<span class="md-footer__direction">
Next
</span>
Xmpp Apt Notifications
</div>
</div>
<div class="md-footer__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11H4z"/></svg>
</div>
</a>
</nav>
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-footer-copyright">
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
<div class="md-footer-social">
<a href="https://twitter.com/boringtrent" target="_blank" rel="noopener" title="trent on twitter" class="md-footer-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M459.37 151.716c.325 4.548.325 9.097.325 13.645 0 138.72-105.583 298.558-298.558 298.558-59.452 0-114.68-17.219-161.137-47.106 8.447.974 16.568 1.299 25.34 1.299 49.055 0 94.213-16.568 130.274-44.832-46.132-.975-84.792-31.188-98.112-72.772 6.498.974 12.995 1.624 19.818 1.624 9.421 0 18.843-1.3 27.614-3.573-48.081-9.747-84.143-51.98-84.143-102.985v-1.299c13.969 7.797 30.214 12.67 47.431 13.319-28.264-18.843-46.781-51.005-46.781-87.391 0-19.492 5.197-37.36 14.294-52.954 51.655 63.675 129.3 105.258 216.365 109.807-1.624-7.797-2.599-15.918-2.599-24.04 0-57.828 46.782-104.934 104.934-104.934 30.213 0 57.502 12.67 76.67 33.137 23.715-4.548 46.456-13.32 66.599-25.34-7.798 24.366-24.366 44.833-46.132 57.827 21.117-2.273 41.584-8.122 60.426-16.243-14.292 20.791-32.161 39.308-52.628 54.253z"/></svg>
</a>
<a href="https://www.facebook.com/trentspalmer" target="_blank" rel="noopener" title="trent on facebook" class="md-footer-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M504 256C504 119 393 8 256 8S8 119 8 256c0 123.78 90.69 226.38 209.25 245V327.69h-63V256h63v-54.64c0-62.15 37-96.48 93.67-96.48 27.14 0 55.52 4.84 55.52 4.84v61h-31.28c-30.8 0-40.41 19.12-40.41 38.73V256h68.78l-11 71.69h-57.78V501C413.31 482.38 504 379.78 504 256z"/></svg>
</a>
<a href="https://github.com/TrentSPalmer" target="_blank" rel="noopener" title="trent on github" class="md-footer-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6 0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2z"/></svg>
</a>
<a href="/rss" target="_blank" rel="noopener" title="rss" class="md-footer-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path d="M400 32H48C21.49 32 0 53.49 0 80v352c0 26.51 21.49 48 48 48h352c26.51 0 48-21.49 48-48V80c0-26.51-21.49-48-48-48zM112 416c-26.51 0-48-21.49-48-48s21.49-48 48-48 48 21.49 48 48-21.49 48-48 48zm157.533 0h-34.335c-6.011 0-11.051-4.636-11.442-10.634-5.214-80.05-69.243-143.92-149.123-149.123-5.997-.39-10.633-5.431-10.633-11.441v-34.335c0-6.535 5.468-11.777 11.994-11.425 110.546 5.974 198.997 94.536 204.964 204.964.352 6.526-4.89 11.994-11.425 11.994zm103.027 0h-34.334c-6.161 0-11.175-4.882-11.427-11.038-5.598-136.535-115.204-246.161-251.76-251.76C68.882 152.949 64 147.935 64 141.774V107.44c0-6.454 5.338-11.664 11.787-11.432 167.83 6.025 302.21 141.191 308.205 308.205.232 6.449-4.978 11.787-11.432 11.787z"/></svg>
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "../..", "features": ["navigation.tabs"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../assets/javascripts/workers/search.409db549.min.js", "version": null}</script>
<script src="../../assets/javascripts/bundle.756773cc.min.js"></script>
</body>
</html>