Archive

Archive for the ‘Noob’s articles’ Category

Prosody: easiest, lightest and fast jabber server written in lua

January 15th, 2017 No comments

Hi there! After long time without any post i’ve come back to you with new experience and few new posts. So today we gonna do install Prosody jabber server to our Linux VPS.

Few month ago a’ve installed Prosody in my server and i was surprised: the setup was really quickly, i edited all configs during 5-10 minutes since i started to do it and afterwards it is really fast and not eating all memory like ejabberd likes do. No more words, let’s begin, guys!

Like everytime, i’ve used CentOS. Let’s install it:

# yum install prosody

We should say “yes” to all packages, that will ask you to install. It is depends packages that necessary for normal Prosody work. Install from repo will fast, so i think we can go to config edit step. I’ve skiped all coments inside config for your comfort and put my own. I described only important things. If you want lern more about Prosody config – just read config’s content. My guide – is for fast install.

admins = { "system@yourdomain.com"  }

modules_enabled = {

-- Generally required

"roster"; -- Allow users to have a roster. Recommended 😉

"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.

"tls"; -- Add support for secure TLS on c2s/s2s connections

"dialback"; -- s2s dialback support

"disco"; -- Service discovery

-- Not essential, but recommended

"private"; -- Private XML storage (for room bookmarks, etc.)

"vcard"; -- Allow users to set vCards

-- These are commented by default as they have a performance impact

--"privacy"; -- Support privacy lists

--"compression"; -- Stream compression (Note: Requires installed lua-zlib RPM package)

-- Nice to have

"version"; -- Replies to server version requests

"uptime"; -- Report how long server has been running

"time"; -- Let others know the time here on this server

"ping"; -- Replies to XMPP pings with pongs

"pep"; -- Enables users to publish their mood, activity, playing music and more

"register"; -- Allow users to register on this server using a client and change passwords

-- Admin interfaces

"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands

--"admin_telnet"; -- Opens telnet console interface on localhost port 5582

-- HTTP modules

--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"

--"http_files"; -- Serve static files from a directory over HTTP

-- Other specific functionality

"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.

"groups"; -- Shared roster support

--"announce"; -- Send announcement to all online users

--"welcome"; -- Welcome users who register accounts

--"watchregistrations"; -- Alert admins of registrations

--"motd"; -- Send a message to users when they log in

--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.

};

modules_disabled = {

-- "offline"; -- Store offline messages

-- "c2s"; -- Handle client connections

-- "s2s"; -- Handle server-to-server connections

};

allow_registration = true;

min_seconds_between_registrations = 300;

ssl = {

key = "/etc/prosody/sert/yourdomain.com.key";

certificate = "/etc/prosody/sert/fullchain.cer";

}

c2s_require_encryption = false

s2s_secure_auth = false

authentication = "internal_plain"

storage = "sql" -- Default is "internal" (Note: "sql" requires installed

sql = { driver = "MySQL", database = "databasename", username = "databaseuser", password = "databasepwd", host = "localhost" }

log = {

info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging

error = "/var/log/prosody/prosody.err"; -- Log errors also to file

}

pidfile = "/var/run/prosody/prosody.pid";

Include "conf.d/*.cfg.lua"

It is not finish. You also should create virtualhost for your domain in Prosody. You can edit an exist example.com.cfg.lua or create own one. I just edited an exist example.com.cfg.lua:

VirtualHost "example.com"
ssl = {
        key = "/etc/prosody/sert/example.com.key";
        certificate = "/etc/prosody/sert/fullchain.cer";
}
Component "conference.example.com" "muc"

So as you can see, i implemented 2 things in there. The first is i used mysql database, the second – i wrought path for SSL sertificate. I think that is big deal, because Jabber servers sometimes cant to connect to each other if one of them without SSL-sertificate. So i just used Let’s encrypt. How you can generate it too read in my previously topic. Lets make MySQL data base for our server:

# mysql - root -p
mysql> create database jabber;
mysql> grant usage on *.* to jabber@localhost identified by 'jabberpassword';
mysql> grant all privileges on jabber.* to jabber@localhost ;

So, we just created user and database for MySQL. After that you need to put this data to the Prosody config. You did it, right? Ok, go to the next step. Put Prosody service to autostart:

# systemctl enable prosody

We forgot something. Yes, we definatley forgot something, i see it, but i don’t know what. Oh, i see! Ofcource we forgot to put rules into firewall:

# nano /etc/sysconfig/iptables

Put this rules to file:

-A INPUT -p tcp -m state --state NEW -m tcp --dport 5222 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5269 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5223 -j ACCEPT

Yes, that’s so much better! Let’s start this beauty:

# systemctl start prosody

That’s it. You can connect to your new Jabber server and register from client.

Disable Selinux in Centos and RHEL

March 27th, 2015 No comments

selinux-penguin-new_medium

So, probably, many of you faced with the fact that the installation of any software causes you need to disable selinux on CentOS. In fact, selinux is a very useful, flexible and secure. You should read the documentation and understand it. However, not everyone has enough time to read the selinux documentation. And i would advice you do not turn off it, but i think that you found this article in google only because of one goal: I NEED TURN OFF FUCKING SELINUX!!!
Ok then, i’ll say you how to do it…
So, for that would disable the selinux, you first need to go to the server via ssh (of course, you can go to the server and do all the following steps with the keyboard :))

ssh user@server.com

All described in the following steps must be done as root user. Edit the necessary config:

# nano /etc/sysconfig/selinux

Then find in the string file called “SELINUX =” and replace them with the value to “disable”, instead of “permissive” available there. That’s it, i can congratulate you – we have disabled selinux on CentOS and RedHat.

 

Установка Picassa на Linux

July 1st, 2012 No comments

 

К сожалению, Google перестал выпускать deb, rpm и другие пакеты для Linux. Обусловлено это тем, что сама Picassa, которую портировали под Linux, работала непосредственно через свою отдельную копию Wine. Соответственно, мы с таким же успехом можем просто скачать установщик и произвести установку через Wine. После долгого тестирования выяснилось, что программа работает не хуже чем в родной среде, и выполняет все те же самые функции без каких-либо ограничений.

Скачиваем установочный пакет:

# wget http://dl.google.com/picasa/picasa39-setup.exe

Устанавливаем Wine, если не сделали этого раньше:

# aptitude update && aptitude -y install wine

Далее, переходим в папку, куда скачивали Picassa и устанавливаем обычным способом, как в Windows. После установки можно включить поиск по папкам на наличие имеющихся изображений, после чего создать библиотеку фотографий, и многое другое.

Настройка pptpd в Debian и CentOS: часть вторая, настраиваем Windows-клиент

June 25th, 2012 No comments

 

Эта статья будет продолжением предыдущей статьи о настройке сервера pptpd. В этой статье мы будем настраивать настроенный нами в прошлой статье VPN непосредственно на рабочей станции с Windows. В принципе, ничего сложного нет, и по конфигу сервера можно легко понять, какие настройки куда вписывать, но, пожалуй я все-таки приведу небольшой пример со скриншотами. Read more…

Ставим актуальный iceweasel 11 (firefox) на debian squeeze

March 21st, 2012 5 comments

Пользуясь Debian Squeeze, мы делаем свою работу безопасней, из-за политики выпуска обновлений. С одной стороны это плюс – к нам постоянно приходят заплатки, которые не дают системе сбоить. Этот плюс является одновременно и минусом: версии программ, заключенные в пакеты в ветке stable останутся теми же, что и в день выпуска системы, как это не печально. Соответственно, iceweacel как и был 3.5.16 – так им и останется. Специально для этого разработчиками Debian был придуман проект backports – репозитарий, содержащий в себе откомпилированные под стабильные библиотеки новые версии программ. Сегодня мы обновим iceweacel 🙂

Итак, для начала установим ключик с репозитария mozilla:

# wget http://mozilla.debian.net/pkg-mozilla-archive-keyring_1.0_all.deb

Установим скачанный нами пакет:

# dpkg -i pkg-mozilla-archive-keyring_1.0_all.deb

Добавим в sources.list парочку строчек:

# echo “deb http://backports.debian.org/debian-backports squeeze-backports main”  >> /etc/apt/sources.list
# echo “deb http://backports.debian.org/debian-backports squeeze-backports main contrib non-free”  >> /etc/apt/sources.list
# echo “deb http://mozilla.debian.net/ squeeze-backports iceweasel-release”  >> /etc/apt/sources.list

Обновим список репозитариев:

# aptitude update

Удалим существующую версию iceweasel:

# aptitude -y purge iceweasel

Устанавливаем новую версию iceweasel:

# aptitude – y install -t squeeze-backports iceweasel iceweasel-l10n-ru

Всё, теперь у Вас установлен актуальный iceweasel, который на помент написания статьи был 11.0 🙂 Удачи!