Prosody + Converse.js
-
Kaiwa is no longer maintained, but there is now inverse.chat.
I have packaged this as https://git.cloudron.io/synchrone/jabber-app, but also got stuck on TLS certificates.
@synchrone looks like that just points to an install of https://conversejs.org/ now
-
Okay, 4 years later, we now have a fairly good prosody 0.12 release (March-June 2022).
Components like Multi-User Chat, and Proxy65 for file uploads require their own TLS certificates, which is now sort of possible via Secondary Domains aka "httpPorts" introduced in December 2021.
The only thing missing is accessing those TLS certs via
tlsadd-on. It should work if you just upload your certs to /app/data/certs as well though.@jdaviescoates: converse.js gets served on the frontend, yes. There is also a fully featured Prosody.im installation, so it's a fully-featured xmpp/jabber server, and you can use any compatible client app with it.
-
S syn referenced this topic on
-
Okay, 4 years later, we now have a fairly good prosody 0.12 release (March-June 2022).
Components like Multi-User Chat, and Proxy65 for file uploads require their own TLS certificates, which is now sort of possible via Secondary Domains aka "httpPorts" introduced in December 2021.
The only thing missing is accessing those TLS certs via
tlsadd-on. It should work if you just upload your certs to /app/data/certs as well though.@jdaviescoates: converse.js gets served on the frontend, yes. There is also a fully featured Prosody.im installation, so it's a fully-featured xmpp/jabber server, and you can use any compatible client app with it.
@syn said in Prosody + Kaiwa:
Components like Multi-User Chat, and Proxy65 for file uploads require their own TLS certificates, which is now sort of possible via Secondary Domains aka "httpPorts" introduced in December 2021.
So each feature is in it's own subdomain, is it? How many such features are there? I don't have much idea about prosody as such as you can tell
FWIW, IIRC, in Jitsi which uses prosody underneath as well, the subdomains are just virtual subdomains. They don't need to be real (cc @nebulon )
-
@syn said in Prosody + Kaiwa:
Components like Multi-User Chat, and Proxy65 for file uploads require their own TLS certificates, which is now sort of possible via Secondary Domains aka "httpPorts" introduced in December 2021.
So each feature is in it's own subdomain, is it? How many such features are there? I don't have much idea about prosody as such as you can tell
FWIW, IIRC, in Jitsi which uses prosody underneath as well, the subdomains are just virtual subdomains. They don't need to be real (cc @nebulon )
@girish in my provisional implementation I am using the key from httpPort for a predictable certificate/key locations.
given:
"httpPorts": { "CONFERENCE_DOMAIN": { "title": "Conference Service Domain", "description": "XEP-0045 domain", "containerPort": 5280, "defaultValue": "conference.chat" } },the expected paths by convention are:
ssl = { certificate = "/etc/certs/secondary/CONFERENCE_DOMAIN.cert"; key = "/etc/certs/secondary/CONFERENCE_DOMAIN.key"; }but I do not insist on this method. I would be perfectly fine with listing that directory to find out which domains exist, as well as environment variable based paths per a predictable
httpPortskey.So each feature is in it's own subdomain, is it?
not necessarily. E.g file uploads and proxy65 turned out to not need their own TLS certificates.
However, XMPP components that participate in federation MUST authenticate themselves for server-to-server communication via TLS. In my current configuration there is a Multi-User chat component that acts as it's own entity under "conference.chat.example.com" and must present a CA-trusted TLS certificate for that domain. Same goes for pubsub service.
This is necessary because other XMPP servers will expect to talk to "conference.chat.example.com" on port 5269 or 5222 with STARTTLS.
I do not expect many more components to be there. In total under 5 in the scope of this app. There may be a different XMPP Transports app that will have it's own configuration, but right now I'm focused on getting the core functionality.
As to why Jitsi is working ... I would need to check that code, but perhaps they do not do server-to-server xmpp ? Everything would happily work within the boundaries of the single prosody server, but outside world XMPP federation wouldn't work.
-
@girish in my provisional implementation I am using the key from httpPort for a predictable certificate/key locations.
given:
"httpPorts": { "CONFERENCE_DOMAIN": { "title": "Conference Service Domain", "description": "XEP-0045 domain", "containerPort": 5280, "defaultValue": "conference.chat" } },the expected paths by convention are:
ssl = { certificate = "/etc/certs/secondary/CONFERENCE_DOMAIN.cert"; key = "/etc/certs/secondary/CONFERENCE_DOMAIN.key"; }but I do not insist on this method. I would be perfectly fine with listing that directory to find out which domains exist, as well as environment variable based paths per a predictable
httpPortskey.So each feature is in it's own subdomain, is it?
not necessarily. E.g file uploads and proxy65 turned out to not need their own TLS certificates.
However, XMPP components that participate in federation MUST authenticate themselves for server-to-server communication via TLS. In my current configuration there is a Multi-User chat component that acts as it's own entity under "conference.chat.example.com" and must present a CA-trusted TLS certificate for that domain. Same goes for pubsub service.
This is necessary because other XMPP servers will expect to talk to "conference.chat.example.com" on port 5269 or 5222 with STARTTLS.
I do not expect many more components to be there. In total under 5 in the scope of this app. There may be a different XMPP Transports app that will have it's own configuration, but right now I'm focused on getting the core functionality.
As to why Jitsi is working ... I would need to check that code, but perhaps they do not do server-to-server xmpp ? Everything would happily work within the boundaries of the single prosody server, but outside world XMPP federation wouldn't work.
@syn said in Prosody + Kaiwa:
As to why Jitsi is working ... I would need to check that code, but perhaps they do not do server-to-server xmpp ? Everything would happily work within the boundaries of the single prosody server, but outside world XMPP federation wouldn't work.
Ah, good point. Indeed, jitsi doesn't talk to anything else.
I will incorporate your main patch in 7.3 itself if time permit. Trying to get it out this week.
-
@syn said in Prosody + Kaiwa:
As to why Jitsi is working ... I would need to check that code, but perhaps they do not do server-to-server xmpp ? Everything would happily work within the boundaries of the single prosody server, but outside world XMPP federation wouldn't work.
Ah, good point. Indeed, jitsi doesn't talk to anything else.
I will incorporate your main patch in 7.3 itself if time permit. Trying to get it out this week.
-
Ok, certificates are in place (thanks @girish) so now jabber-app is in a useable state with server-to-server communication, AND mutli-user chatrooms support.
One problem is that when we limit MUC room creation to local users only (so random people off the internet won't be able to create public rooms on your conference.example.com) - prosody expects your local JIDs to be user@example.com, not user@chat.example.com.
I have side-stepped this by defaulting jabber-app's conference subdomain to conference.chat.example.com, and not conference.example.com. So it's possible misconfiguration by the end user will result in the MUC component not being functional.
Another problem is, I would like to be able to use cloudron's apex domain as my JID host (syn@example.com, not syn@chat.example.com)
That requires 2 things:
- DNS management to add SRV records (we can probably have the users manually do that with a generated instruction)
- Access to the TLS certificate for apex domain
- alternatively, TLS-proxied ports 5223/5270, although I'm not certain what is the state of Direct TLS adoption among clients/server implementations these days
then a small patch for
prosofy.cfg.luashould enable those upper-level VirtualHosts, and it's done. -
Ok, certificates are in place (thanks @girish) so now jabber-app is in a useable state with server-to-server communication, AND mutli-user chatrooms support.
One problem is that when we limit MUC room creation to local users only (so random people off the internet won't be able to create public rooms on your conference.example.com) - prosody expects your local JIDs to be user@example.com, not user@chat.example.com.
I have side-stepped this by defaulting jabber-app's conference subdomain to conference.chat.example.com, and not conference.example.com. So it's possible misconfiguration by the end user will result in the MUC component not being functional.
Another problem is, I would like to be able to use cloudron's apex domain as my JID host (syn@example.com, not syn@chat.example.com)
That requires 2 things:
- DNS management to add SRV records (we can probably have the users manually do that with a generated instruction)
- Access to the TLS certificate for apex domain
- alternatively, TLS-proxied ports 5223/5270, although I'm not certain what is the state of Direct TLS adoption among clients/server implementations these days
then a small patch for
prosofy.cfg.luashould enable those upper-level VirtualHosts, and it's done. -
@murgero said in Prosody + Converse.js:
Snikket
+1
It's also written by the same person who is main Prosody dev too.
Upvote here: https://forum.cloudron.io/post/23291
-
@murgero I have. From what i see - it does not have the actual web client, just the management interface.
As for the XMPP server itself - it is in fact prosody, so nothing special there.
Why?
-
@syn Just wondering if it would be easier to bundle snikket since it has the scripts to setup automatically already?
@murgero the blockers for my dream-world Jabber app on Cloudron are not related to configuring prosody. It's done already and I for one am using the current jabber-app daily.
The remaining issues are related to lack of interfaces to editing DNS (SRV, TXT) records from inside cloudron apps. That is going to affect any XMPP implementation.
I appreciate your feedback, but please look into the actual limitations instead of jumping to between shiny end-user brandings.
-
@murgero the blockers for my dream-world Jabber app on Cloudron are not related to configuring prosody. It's done already and I for one am using the current jabber-app daily.
The remaining issues are related to lack of interfaces to editing DNS (SRV, TXT) records from inside cloudron apps. That is going to affect any XMPP implementation.
I appreciate your feedback, but please look into the actual limitations instead of jumping to between shiny end-user brandings.
@syn said in Prosody + Converse.js:
It's done already and I for one am using the current jabber-app daily.
What Jabber app?
-
@syn said in Prosody + Converse.js:
It's done already and I for one am using the current jabber-app daily.
What Jabber app?
@jdaviescoates as I posted on 18 Jul 2018, 20:23:
I have packaged this as https://git.cloudron.io/synchrone/jabber-app
-
@murgero the blockers for my dream-world Jabber app on Cloudron are not related to configuring prosody. It's done already and I for one am using the current jabber-app daily.
The remaining issues are related to lack of interfaces to editing DNS (SRV, TXT) records from inside cloudron apps. That is going to affect any XMPP implementation.
I appreciate your feedback, but please look into the actual limitations instead of jumping to between shiny end-user brandings.
-
@jdaviescoates as I posted on 18 Jul 2018, 20:23:
I have packaged this as https://git.cloudron.io/synchrone/jabber-app
-
@syn I'd like to build and install, what's the proper way to do this while waiting for this beautiful app to hit the store.
-
@robi Hey Robi, I am an app dev with Cloudron (RE: the appdev tag) so I know how to package and install apps. My question was more the after-install setup as he mentioned some manual steps (but was not specific)
--
https://urgero.org
~ Professional Nerd. Freelance Programmer. ~ -
@robi Hey Robi, I am an app dev with Cloudron (RE: the appdev tag) so I know how to package and install apps. My question was more the after-install setup as he mentioned some manual steps (but was not specific)
