Setup XMPP Server With Prosody And FreeBSD

Updated on November 4, 2014
Setup XMPP Server With Prosody And FreeBSD header image

While ejabberd is very widespread, a competitor has gained a lot of popularity recently - Prosody. This tutorial will show you how to set up Prosody on FreeBSD 10.

Assuming that you are on a fresh installation of FreeBSD 10, you start by bootstrapping pkg and installing the right package, prosody:

pkg
pkg install prosody

All the necessary configuration files are located under /usr/local/etc/prosody. Open up /usr/local/etc/prosody/prosody.cfg.lua with your favorite text editor and make a few changes:

admins = { "yourusername@yourdomain" }

The account you enter in here (which will be created later on in this tutorial) will be able to do ad-hoc administration from within your client software. If you wish to solely use prosodyctl you can leave this empty.

modules_enabled = {
    "posix";
}

In order to make Prosody work properly, you need to add the posix-module to the list of enabled modules (Do not delete the other modules!).

pidfile = /tmp/prosody.pid

Prosody needs to be able to write a PID file. It is easiest to configure this using the /tmp folder.

ssl = {
    key = "/path/to/your/keyfile"
    certificate = "/path/to/your/certificate/file"
}

There are two ways of setting up SSL certificates.

  • A certificate for a certain virtual host.
  • A default certificate that's going to be used when no specific certificate is configured.

Since there is only one virtual host used, you can simply configure the default one. Per default, Prosody stores the password of each user in plaintext on the hard disk. To avoid this, you need to change how authentication is configured:

authentication = "internal_hashed"

Nearly all modern clients support encrypted connections, so it is safe to enable the following:

c2s_require_encryption = true

It is also possible to force encrypted connections between servers. Unfortunately, there are a lot of servers out there that do not support encryption (at the time of writing). Some of which include the "big players", such as Google. Therefore, you have to decide for yourself whether or not the increased security is worth the potential trouble with users using a server that doesn't support encryption.

Now, with the general configuration finished, all that is left is to create a virtual host serving your domain. You can do that by adding the following to the end of the configuration file:

VirtualHost "yourdomain"
    enabled = true

Prosody comes with its own command line tool, called prosodyctl. This tool aids in creating and managing users. Create your first user by issuing the following command:

prosodyctl add youruser@yourdomain

The last thing before you can start chatting away is editing /etc/rc.conf ...

prosody_enable=YES

... and starting the service:

/usr/local/etc/rc.d/prosody start