How to run prosody on OpenWrt

Installing and Using OpenWrt
1

This seems to be the best sub-forum to ask this question. I'm coming from this topic: https://forum.openwrt.org/t/off-grid-messaging-though-openwrts-802-11s-mesh-network I've been working on the first step from that topic which is getting prosody to run.

Have any of you been successful in setting up and running prosody on a 21.02.0 openwrt router? In localhost mode only? I get the impression that maybe this package is missing one or two things in its setup or its configuration. I am absolutely a newbie to prosody, XMPP, and certificates so I am likely missing one or two understandings on this as well.

I've been following this guide that was provided in my last topic. It is partially outdated and it did not provide an how-to steps on getting prosody to run local only. It took me several attempts of running prosody to realize that using the example.org in prosody will take me out to the internet, which I did not want it to do. I'm trying to create an off-grid chat system through openwrt routers. There will be no internet access in where these routers are going so everything will need to be pointed to localhost. I suspected this is what is tripping in me up if I follow the guide exactly.

I went to prosody's documentation webpages to follow the guides there. Upon a clean reset of openwrt in the router and installing prosody, if I follow the steps shown here and here, these following commands will not work in openwrt.

prosodyctl adduser user@localhost
prosodyctl cert generate localhost

I had to ctl-c twice to get out of these commands. It did not matter if I used example.org or localhost. The commands just hang. No completion or showing any indication of work being done. Do you know why this is so?

I was able to create accounts with this command: prosodyctl register user localhost password but I'm not sure this is setting things up correctly.

Like as before, it took me a lot of trials and errors to realize that I should not be using example.org as shown in this guide to set the VirtualHost with in the prosody.cfg.lau file with. I discovered that if I wanted a local network, I should set the VirtualHost to localhost in the prosody.cfg.lau file. Once that was in place, I was able to get pidgin to connect to prosody. Sort of.

As for the certificate problem, I tried to create my own self-signed certificates on another computer by following this guide but again, this took me out of local and to internet. Once more again, I realized I need to create a self-signed certificate that pointed to localhost only. I found this webpage and I tried this command example.

openssl req -x509 -out localhost.crt -keyout localhost.key \
-newkey rsa:2048 -nodes -sha256 \
-subj '/CN=localhost' -extensions EXT -config <( \
printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")

For about an hour, I was able to use this certificate in pidgin before pidgin kicked it out as invalid certificate. I created another new certificate and still, pidgin (immediately) spat that one out too. I'm still too much of a newbie in understanding the nuances of certificates (this is a first for me) so I'm not sure where I went wrong in creating these certificates.

That's where I am at now. If you were successful in getting prosody up and running in localhost-only mode on your 21.02.0 openwrt, I'd appreciate very much to hear from you on how you pulled it off.

2

Ok, I had prosody working well enough for me to check it out properly. Let me share how I got it working for other newbies to learn from. In hindsight, it was embarrassingly simple. There were so many point of failures in the online guides if one didn't know anything about prosody, XMPP, and pidgin. This short guide will take those pitfalls out of the way.

Ideally, start with a clean and working router intended for off-grid operation. I will nickname this 'off-grid router' in this guide. Set your off-grid router's LAN static IP address to 192.168.2.1. This will will get you away from your internet-connected router's 192.168.1.1 during the initial set up. This is so you can avoid IP conflicts when you connect the off-grid router to it. One easy way to connect the off-grid router to another router is to go to its wifi webpage and do a scan for the internet router to join. Failing that, try connecting off-grid router's WAN to internet router's LAN.

You're likely already have your computer connected to your off-grid router at this point, via either ethernet or wifi. Ethernet is the preferred connection. It's important that your computer's gateway and primary DNS is also pointing to 192.168.2.1. Not setting the primary DNS IP address was a point of failure for me.

Log into off-grid router via ssh and do this.

opkg update
opkg install prosody

Simple enough. Then disconnect your off-grid router from the internet router. This is to ensure that you do not accidentally connect to other servers and thinking it was your prosody server/router.

Run prosodyctl check next. You should get this.

# prosodyctl check
Checks will be skipped for these disabled hosts: example.com

Checking config...
Done.

Checking DNS for host localhost...
    Target 'localhost' cannot be accessed from other servers

Checking certificates...
Checking certificate for localhost
  Certificate: /etc/prosody/certs/localhost.crt

All checks passed, congratulations!

If you get a different result, you must fix the errors. Do not proceed until you get this successful message.

For now, use the stock certificates that came with prosody. Unless you know what you're doing, do not roll your own until you get this up and running. This was a huge source of failure points for me.

The certificate permissions in /etc/prosody/certs should be as followed.

# ls -l /etc/prosody/certs
-rw-r--r--    1 root     prosody   localhost.crt
-rw-r--r--    1 root     prosody   localhost.key

These must be configured as shown or your prosody set up will fail.

Leave the prosody.cfg.lua file alone. That was another huge source of failure points for me. I kept changing it while blindly following the examples in the guides. Change one thing and it break. Just leave it alone for now. We want prosody up and running; we can mess with it after.

To create accounts, use this command:

prosodyctl register user1 localhost 123
prosodyctl register user2 localhost 123
etc, etc.

That is username, VirtualHost-name, and password.

I was using pidgin so that will be the xmpp client in this short guide. When you create the account for prosody in pidgin, the following input boxes need to be filled out as followed. This was another huge source of failure points for me.

On the Basic tab:

protocol: XMPP
username: user1
domain: localhost   <<This is important to set correctly.
password: 123 
check 'save this password' on

In the Advanced tab:

connect server: 192.168.2.1

That's it. That was how I finally got prosody up and running in my openwrt off-grid router.

You may find it necessary to reset your router and start over clean if you've changed too many things and prosody is no longer functioning. It's quite picky. If you're starting over clean and you're using pidgin, you'll want to also delete pidgin's profile folder at ~/.purple/. If you're still having troubles at this point, you might find pidgin's Debug Window (it's in the help menu) and prosody's logs in /tmp/log/prosody/ both useful aids in troubleshooting the issues.

I was able to play with posody in the off-grid openwrt router a bit, checking out to see what it can do as a potential off-grid communication device. Let me quickly share that experience with you. Pidgin to Pidgin via the off-grid router was unsurprisingly an excellent experience. Solid and fast connection. I tried three different apps on my iPhone to see if they'll connect to prosody. Monal will not work (developers have refused to allow self-signed certificates). Siskin IM will not let me specify the server (192.168.2.1) so it didn't worked. ChatSecure did connected successfully. Notifications were weak in these apps (pidgin, too). It became obvious to me at this point that one must have these XMPP clients pre-installed. Not a problem if planned for and downloaded/installed in advance but this is something to keep in mind.

What would be better, if anyone is interested in making, is a webpage version of the XMPP client that can be install as a Luci package. That way, any devices with a browser can connect to an openwrt router, log into Luci, go to the chat webpage, and message with other XMPP clients via this method. Or maybe it would be better to put the chat webpage on a different port, like 192.168.2.1:8080, for example. No needs to pre-download and install other apps or programs. Just one webpage version of XMPP client Luci package for all.