I've been running Prosody for a long time and I remember at one time I could drop an image into a client's compositionb area and hit enter and it would send the image to the other party in the chat. Or I could sent a file, it would prompt the other person to accept in and then save it in his downloads. But then that stopped working and for months now, but especially in the last week I have been trying to figure out why. One thing I did figure out is that all the newer IM clients get really bent out of shape if you don't have valid (not self-signed) certificates for your domains. But I run this server only for clients on a local network that spans two buildings (house and outbuilding) on the same property. And I ONLY want to use it for simple instant messaging (chat) and to send and receive images and files. That's it - no multi user chats, no connections to or from the Internet, just local use only.
The chat works fine but sending images and files is a no go. Depending on the XMPP client, if I drop an image file into the composition area it will send just the filename, or the path and filename, or it will say it is sending the file but the upload just sits there and the recipient sees nothing, or it will upload the file and send what is supposed to be a URL on the server where it can be obtained (presumably) but if you try to go there you just get a blank white page and nothing happens (which does not surprise me because the system is not running a web server), and anyway that's not what I want to happen, I just want it to send the image to the client. We have tried about a half dozen different clients under MacOS and Linux but none will actually send or receive the files. I figure it is probably some simple configuration error but if it is I can't spot it.
I went through the hassle of getting Let's Encrypt certificates, for that I had to create a new dynamic dns domain and make new accounts under that domain, and then because it looked like it was needed for the http_file_share component I got yet another dynamic DNS domain and got certificates for that. Why some xmpp clients don't understand that if you are on a local network only you really don't need a certificate I just don't get, but once I got those certificates some of the clients I was trying to use magically started working, but only for chat.
I have literally spent so much time trying to make this work it is ridiculous, so I am asking, can anyone tell me what I am doing wrong? Or is Prosody just the wrong tool to use in this situation?
This is a redacted copy (redacted to remove my actual dynamic dns addresses) of my prosody.cfg.lua file, with many of the commented out lines removed to save space:
---------- Server-wide settings ----------
admins = { "
us...@oldaccount.somedns.com", "
us...@oldaccount.somedns.com", "
us...@newaccount.someotherdns.com", "
us...@newaccount.someotherdns.com" }
use_ipv6 = false
plugin_paths = { "/usr/local/lib/prosody/modules" }
-- This is the list of modules Prosody will load on startup.
-- Documentation for bundled modules can be found at:
https://prosody.im/doc/modulesmodules_enabled = {
-- Generally required
"disco"; -- Service discovery
"roster"; -- Allow users to have a roster. Recommended ;)
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
"tls"; -- Add support for secure TLS on c2s/s2s connections
-- Not essential, but recommended
"blocklist"; -- Allow users to block communications with other users
"bookmarks"; -- Synchronise the list of open rooms between clients
"carbons"; -- Keep multiple online clients in sync
"dialback"; -- Support for verifying remote servers using DNS
"limits"; -- Enable bandwidth limiting for XMPP connections
"pep"; -- Allow users to store public and private data in their account
"private"; -- Legacy account storage mechanism (XEP-0049)
"smacks"; -- Stream management and resumption (XEP-0198)
"vcard4"; -- User profiles (stored in PEP)
"vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard
-- Nice to have
"csi_simple"; -- Simple but effective traffic optimizations for mobile devices
"invites"; -- Create and manage invites
"invites_adhoc"; -- Allow admins/users to create invitations via their client
"invites_register"; -- Allows invited users to create accounts
"ping"; -- Replies to XMPP pings with pongs
"register"; -- Allow users to register on this server using a client and change passwords
"time"; -- Let others know the time here on this server
"uptime"; -- Report how long server has been running
"version"; -- Replies to server version requests
--"mam"; -- Store recent messages to allow multi-device synchronization
--"turn_external"; -- Provide external STUN/TURN service for e.g. audio/video calls
-- Admin interfaces
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
"admin_shell"; -- Allow secure administration via 'prosodyctl shell'
-- HTTP modules
--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
--"http_openmetrics"; -- for exposing metrics to stats collectors
--"websocket"; -- XMPP over WebSockets
-- Other specific functionality
"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
--"announce"; -- Send announcement to all online users
--"groups"; -- Shared roster support
--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
--"mimicking"; -- Prevent address spoofing
--"motd"; -- Send a message to users when they log in
"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
--"s2s_bidi"; -- Bi-directional server-to-server (XEP-0288)
--"server_contact_info"; -- Publish contact information for this service
--"tombstones"; -- Prevent registration of deleted accounts
--"watchregistrations"; -- Alert admins of registrations
--"welcome"; -- Welcome users who register accounts
"http_file_share"; -- Let users share files via HTTP
}
-- These modules are auto-loaded, but should you want
-- to disable them then uncomment them here:
modules_disabled = {
-- "offline"; -- Store offline messages
-- "c2s"; -- Handle client connections
-- "s2s"; -- Handle server-to-server connections
}
pidfile = "/run/prosody/prosody.pid";
s2s_secure_auth = true
--s2s_insecure_domains = { "insecure.example" }
--s2s_secure_domains = { "
jabber.org" }
-- Rate limits
limits = {
c2s = {
rate = "10kb/s";
};
s2sin = {
rate = "30kb/s";
};
}
-- Authentication
authentication = "internal_hashed"
-- Storage
--storage = "sql" -- Default is "internal" (Debian: "sql" requires one of the
-- lua-dbi-sqlite3, lua-dbi-mysql or lua-dbi-postgresql packages to work)
-- For the "sql" backend, you can uncomment *one* of the below to configure:
--sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename.
--sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
--sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
-- Archiving configuration
archive_expires_after = "1w" -- Remove archived messages after 1 week
-- Logging configuration
-- Debian:
-- Logs info and higher to /var/log
-- Logs errors to syslog also
log = {
-- Log files (change 'info' to 'debug' for debug logs):
info = "/var/log/prosody/prosody.log";
error = "/var/log/prosody/prosody.err";
-- Syslog:
-- { levels = { "error" }; to = "syslog"; };
}
-- Certificates
-- Location of directory to find certificates in (relative to main config file):
certificates = "certs"
----------- Virtual hosts -----------
------ Additional config files ------
-- For organizational purposes you may prefer to add VirtualHost and
-- Component definitions in their own config files. This line includes
-- all config files in /etc/prosody/conf.d/
VirtualHost "
oldaccount.somedns.com"
ssl = {
key = "/etc/prosody/certs/oldaccount.somedns.com.key";
certificate = "/etc/prosody/certs/oldaccount.somedns.com.crt";
}
VirtualHost "
newaccount.someotherdns.com"
ssl = {
key = "/etc/prosody/certs/newaccount.someotherdns.com.key";
certificate = "/etc/prosody/certs/newaccount.someotherdns.com.crt";
}
disco_items = {
{ "
uploadaccount.someotherdns.com" },
}
------ Components ------
Component "
uploadaccount.someotherdns.com" "http_file_share"
Include "conf.d/*.cfg.lua"