Difference between revisions of "Securing XMPP"

Jump to navigation Jump to search

Securing XMPP (view source)

Revision as of 16:51, 26 December 2023

18 bytes added ,  16:51, 26 December 2023
m
no edit summary
m
 
(5 intermediate revisions by 4 users not shown)
Line 10: Line 10:


=== Step1: Get a server certificate===
=== Step1: Get a server certificate===
Let's say you run an XMPP service for <code>example.net</code> (jids of user@example.net), you will need to order a certificate for with a subject or alt-name of <code>example.net</code> (not <code>server.example.net</code>) from your preferred cert provider.
Let's say you run an XMPP service for <code>domain.tld</code> (jids of user@domain.tld), you will need to order a certificate for with a subject or alt-name of <code>domain.tld</code> (not <code>server.domain.tld</code>) from your preferred cert provider. The certificate should also include alt-names for subomains such as <code>conference.domain.tld</code>, at least for services that should be accessible to remote users.


=== Step 2: Disable cleartext connections ===
=== Step 2: Disable cleartext connections ===
Line 38: Line 38:
Further help:
Further help:
* Homepage: [https://www.ejabberd.im/ ejabberd IM]
* Homepage: [https://www.ejabberd.im/ ejabberd IM]
* Chatroom: [xmpp:ejabberd@conference.jabber.ru?join ejabberd@conference.jabber.ru]
* Chatroom: [xmpp:ejabberd@conference.process-one.net?join ejabberd@conference.process-one.net]
* Documentation: [http://docs.ejabberd.im/admin/guide/ ejabberd Installation and Operation Guide]
* Documentation: [http://docs.ejabberd.im/admin/guide/ ejabberd Installation and Operation Guide]


==== Prosody ====
==== Prosody ====
Ensure that ''prosody.cfg.lua'' contains the following settings in the [https://prosody.im/doc/configure#overview global section] of your config, or under the specific <code>VirtualHost</code> you want to secure:
Prosody is aiming to be secure by default, as of version 0.12.x no changes to the default configuration is required to enable or enforce encrypted connections.
  c2s_require_encryption = true
  s2s_require_encryption = true


Further help:
Further help:
Line 59: Line 57:


Further help:
Further help:
* Homepage: [http://www.lightwitch.org/metronome Metronome IM]
* Homepage: [https://metronome.im Metronome IM]
* Chatroom: [xmpp:grimoire@muc.metronome.im?join grimoire@muc.metronome.im]
* Chatroom: [xmpp:grimoire@muc.metronome.im?join grimoire@muc.metronome.im]
* Documentation: [http://www.lightwitch.org/metronome/documentation lightwitch.org/metronome/documentation]
* Documentation: [https://metronome.im/documentation metronome.im/documentation]


==== Tigase ====
==== Tigase ====
Neustradamus
216

edits

Retrieved from "https://wiki.xmpp.org/web/Special:MobileDiff/9902...14886"

Navigation menu