This ties into the following wishlist items:
- https://forum.cloudron.io/topic/7755/openfire-xmpp-server
- https://forum.cloudron.io/topic/2486/ejabberd-robust-scalable-and-extensible-realtime-server-using-xmpp-mqtt-and-sip
- https://forum.cloudron.io/topic/4188/snikket-server-your-own-messaging-server-in-a-box
These are the three "main" XMPP servers out there (with Snikket being a simplified deploment of Prosody). I think most of the people making these requests don't actually care which server is used - as long as it has the common modules, like roster, OMEMO encryption, file upload, etc.
I have chosen to package Prosody over the others because:
- OpenFire - I know nothing about it
- ejabberd - It's what is running on my server and the configuration for it is a pain
- Snikket - it's TOO simple, not giving us options to configure things
While Prosody does have its own docker image, I started from a different one because it has a sensible set of defaults baked in, is easy to extend, and is making use of environment variables for a lot of the configuration. Since Cloudron can inject environment variables with addons, I thought it would be easy to map Cloudron's environment variables to the ones expected by this container.
Here's where I'm at:
- I've made a repostory
- I've built a docker image
- I've tried to install it
Addons being used:
- tls - The app needs the certs to secure information on a number of ports other than HTTP
- ldap - I want to do SSO
- storage - The app needs to store data for message history, uploads, etc.
Upon install I'm getting an error related to me trying to create the cert structure described here: https://github.com/SaraSmiseth/prosody/tree/dev#ssl-certificates
mkdir: cannot create directory '/usr/local/etc/prosody/certs/upload.xmpp.domain.tld': Read-only file system
My plan for managing the SSL certs was to have the entrypoint script create the directory structure required by the app within the /app/data
folder, copy the certs as provided by the tls addon, and symlink that directory to the expected directory /usr/local/var/lib/prosody
. From what I've read, there are a few hard-coded things in prosody that may be difficult to change - which is why I'm trying to find a way to put the certs where it expects to find them.
So now I need some help figuring out the best way to deal with this read-only file system issue. Help would be greatly appreciated!
Other Notes:
There's a health check module for prosody that can also serve up a status through HTTP. I am planning to use this for the required healthcheck endpoint, and since an HTTP endpoint is generally not used for this application I also want to put it behind auth. The only purpose this HTTP endpoint serves is for the mandatory health check for the Manifest.