Information for packagers

Prosody's main goal is to be user-friendly and easy to use. One of the hardest parts of this task is getting the server installed and running in the first place. By providing reliable high quality packages then on most systems installing Prosody should take no more than a minute of the user's time.

If you're planning to, or already, maintain packages for Prosody, thanks! This page is here just for you. If you feel there is anything that should be added, or have any questions about how to best package Prosody feel free as always to ask us.

Changes

0.11.5

  • The prosody executable now supports command line flags to control daemonization, -D to daemonize and -F to force foreground operation, meant to be used in service/init scripts.

0.11

  • Lua 5.2 is now the recommended version, but Lua 5.1 is still supported. Lua 5.3 is still not officially supported.
  • make test now runs tests using Busted and lints with luacheck.
  • The utility util.time has been rewritten in C to gain access to clock_gettime(). Systems with glibc before 2.17 may need to be linked with -lrt to work. See #1219
  • Makefile renamed GNUmakefile to reflect use of GNU-isms. There’s also a makefile meant to be compatible with BSD make.

0.10

  • There's now a CHANGES file.
  • New optional dependency required for mod_websocket (only on Lua 5.1, other versions of Lua provide this out of the box): lua-bitop
  • In addition to Lua 5.1 and LuaJIT, Prosody now supports Lua 5.2. Although we still recommend Lua 5.1 for production usage, we encourage feedback and bug reports from Lua 5.2 users. Lua 5.3 may also work, but it currently not officially supported.
  • ./configure should now detect Lua version and the location of the files required to build.
    • If there are multiple versions, --lua-version=5.x should be specified. Especially if Lua 5.3 is available.
    • --runwith would usually only be used for eg setting LuaJIT as runtime, but this could also be done from an init script.
  • mod_posix is now automatically loaded on POSIX systems, therefore there is no need to patch it into the default config file like in previous versions.
  • Certificate handling has changed. We no longer recommend using the 'ssl' setting, and instead encourage users to rely on automatic location for a simpler workflow and better integration with Let's Encrypt
  • Removed modules (replaced with dummy modules that log an informational error):
    • mod_compression
    • mod_privacy (dummy module auto-loads mod_blocklist)
  • Added modules (for informational purposes, do not just add them to the config!):
    • mod_blocklist: Replacement for mod_privacy, faster and uses newer protocol (XEP-0191)
    • mod_carbons: XEP-0280 (sync conversations between connected clients)
    • mod_debug_sql: For, er, debugging SQL
    • mod_limits: Bandwidth rate limiting
    • mod_mam: Store messages in per-user archives (primarily used for conversation sync with offline devices)
    • mod_s2s_auth_certs: Auto-loaded internal module for authenticating remote servers based on certificate
    • mod_server_contact_info: Used to publish contact addresses of server admins (e.g. for handling abuse reports)
    • mod_storage_sql1: Deprecated storage module from 0.9, will be removed in future version
    • mod_unknown: Dummy module loaded when Prosody runs on an unknown platform
    • mod_websocket: New module that implements XMPP over Websocket connections
    • mod_windows: Module auto-loaded when running on Windows

0.9

  • The runtime can now be set with ./configure --runwith=lua5.1 if your distribution allows for installations of multiple Lua versions.
  • Certificates: As of 0.9.2 is it strongly recommended to pass --no-example-certs to ./configure if you are building packages for distribution. You should instead generate certificates at installation time on the end-users system if you wish to do so. Alternatively guide the user to create certificates themselves, as documented on our Certificates page.

Guidelines

Follows some common questions or issues that new packagers have or stumble upon.

Init script

Most platforms are using start-stop-daemon for their Prosody init scripts, as it is a little more flexible than prosodyctl at the moment. For reference, the Debian init script can be found here.

We also have user-contributed scripts for systemd as attachments to issue #280.

Pidfile option

In order for prosodyctl to locate a running Prosody, and for Prosody to detect multiple running instances, you need to set the pidfile option in the default config. It needs to point to a filename that is within a directory writeable by Prosody. On Debian we use:

    pidfile = "/var/run/prosody/prosody.pid"

mod_posix

On POSIX platforms (that is well, all of them except Windows) you should make sure that mod_posix is enabled in the default config file. It adds features like syslog support, daemonizing, and writing the pidfile.

Logging

Check you have sensible defaults for Logging. If your platform uses logrotate or something similar then include a config file for that too.

As with the pidfile, the logs need to go into a directory writeable by Prosody.

Example logging config on Debian:

        -- Hint: If you create a new log file or rename them, don't forget to update the
        --       logrotate config at /etc/logrotate.d/prosody
        log = {
                -- Log all error messages to prosody.err
                { levels = { min = "error" }, to = "file", filename = "/var/log/prosody/prosody.err" };
                -- Log everything of level "info" and higher (that is, all except "debug" messages)
                -- to prosody.log
                { levels = { min =  "info" }, to = "file", filename = "/var/log/prosody/prosody.log" };
        }

As noted, if usual on your platform then include a logrotate config for Prosody. Debian uses this:

/var/log/prosody/prosody.log /var/log/prosody/prosody.err {
        daily
        rotate 14
        compress
        postrotate
                /etc/init.d/prosody reload > /dev/null
        endscript
        sharedscripts
        missingok
}

Tip: Don't be tempted to use /var/log/prosody/prosody.* here 😄. Finding sensible defaults is difficult, as log noise will vary depending on usage. We had rough consensus in the Prosody chatroom that 14 days of logs rotated daily was a decent mid-way point.

Prosody user account

Prosody never needs to run as root. Upon installation your package should create a system user, preferably called 'prosody', with a group of the same name. If you use another name then be sure to set prosody_user in the default configuration file.

A suitable user can be created with this shell code:

if ! getent passwd prosody >/dev/null; then
    adduser --disabled-password --quiet --system \
            --home /var/lib/prosody --no-create-home \
            --gecos "Prosody XMPP Server" --group prosody
fi

Registration policy

For security reasons the default configuration file has in-band account registration disabled (allow_registration = false). Note that mod_register is still loaded though, because the same protocol is used for existing users to change their passwords. Admins are encouraged to use prosodyctl to create new users. See Creating accounts.

Data directory

On most systems the default data directory is /var/lib/prosody. This needs to be passed to ./configure using the –data-dir flag.

Make sure that upon installation the directory is created, owned by Prosody, and is not world-readable (the data files contain passwords and other sensitive information).

   chown prosody:prosody /var/lib/prosody
   chmod 750 /var/lib/prosody

Including separate files

Some systems might find it desirable to split the configuration file into multiple files. To achieve this you can use the Include directive. This also supports including files by wildcard.

Include "base_config.lua"
Include "vhosts.d/*.lua"