Prosody is a modern XMPP communication server. It aims to be easy to set up and configure, and efficient with system resources. Additionally, for developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols.

Prosody is open-source software under the permissive MIT/X11 license.



たまにIM/IRCを禁止しているところがあります お財布が痛くならない持続可能なプランにしましょう。prosodyは省メモリで動作します


CentOS7で構築します Ubuntu/Debianで構築したい場合はHOMEBREWSERVER.CLUBを参照

yum install epel-release
yum install prosody certbot lua-sec mercurial
cd /usr/src
hg clone https://hg.prosody.im/prosody-modules/ prosody-modules
cd /etc/prosody
cp prosody.cfg.lua prosody.cfg.lua.backup
yum install lua-dbi -y
certbot certonly --rsa-key-size 4096 -d example.com
prosodyctl --root cert import /etc/letsencrypt/live/example.com/


ストレージはMariadbにします。 MariaDB - Setting up MariaDB Repositories - MariaDB

vi /etc/yum.repos.d/Mariadb.repo

# MariaDB 10.3 CentOS repository list - created 2018-12-03 14:33 UTC
# http://downloads.mariadb.org/mariadb/repositories/
name = MariaDB
baseurl = http://yum.mariadb.org/10.3/centos7-amd64

sudo yum install MariaDB-server MariaDB-client


service mariadb start
chkconfig mariadb on
mysql_secure_installation #リモートからの接続は拒否しておくこと
mysql -u root -p
CREATE USER prosody@'localhost' IDENTIFIED BY 'ここにprosody用データベースパスワード';

パスワード生成 https://www.lastpass.com/ja/password-generator


実際に取得したドメインを例に説明します ドメインは適宜置き換えてください

ドメイン名: jabber.moe


dump.jabber.moe (HTTPファイルアップロードした際のURL) proxy.jabber.moe (ファイル転送プロキシ用) muc.jabber.moe (グループチャット用 multi-user-chat)


Type Name    Content
A   @
A   jp.jabber.moe
CNAME   muc jp.jabber.moe
CNAME   dump    jp.jabber.moe
CNAME   proxy   jp.jabber.moe
TXT _acme-challenge ...略
TXT _acme-challenge.dump    ..
TXT _acme-challenge.muc ..
TXT _acme-challenge.proxy   ..
Type    Name    Priority    Weight  Port    Content
SRV jabber.tcp  5   1   5222    jp.jabber.moe
SRV _xmpp-client    5   1   5222    jp.jabber.moe
SRV _xmpp-server    5   1   5269    jp.jabber.moe
SRV xmpps-client.tcp    5   1   5223    jp.jabber.moe


5000 ファイル転送 5222 クライアント→サーバへの通信 c2s 5269 サーバ→サーバへの通信 s2s 5280 Prosodyのhttpサーバとして利用されます 5281 Prosodyのhttpsサーバとして利用されます

80/443ポートが使える環境の場合 2018年現在、rsa-key-sizeは2048でも問題ないと思います

certbot certonly --manual -d jabber.moe --rsa-key-size 4096 -d muc.jabber.moe -d proxy.jabber.moe



certbot certonly -d jabber.moe --rsa-key-size 4096 -d muc.jabber.moe -d proxy.jabber.moe --preferred-challenges dns 設定ファイル

vi /etc/prosody/prosody.cfg.lua

plugin_paths = { "/usr/src/prosody-modules" } -- non-standard plugin path so we can keep them up to date with mercurial
interfaces = {"*"}
legacy_ssl_ports = { 5223 }
modules_enabled = {
                "roster"; -- Allow users to have a roster. Recommended ;)
                "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
                "tls"; -- Add support for secure TLS on c2s/s2s connections
                "dialback"; -- s2s dialback support
                "disco"; -- Service discovery
                "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
                "private"; -- Private XML storage (for room bookmarks, etc.)
                "vcard"; -- Allow users to set vCards
                "version"; -- Replies to server version requests
                "uptime"; -- Report how long server has been running
                "time"; -- Let others know the time here on this server
                "ping"; -- Replies to XMPP pings with pongs
                "register"; --Allows clients to register an account on your server
                "pep"; -- Enables users to publish their mood, activity, playing music and more
               "carbons"; -- XEP-0280: Message Carbons, synchronize messages accross devices
                "smacks"; -- XEP-0198: Stream Management, keep chatting even when the network drops for a few seconds
                "mam"; -- XEP-0313: Message Archive Management, allows to retrieve chat history from server
                "csi"; -- XEP-0352: Client State Indication
                "http"; -- mod_http needed for XEP-363
                "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
                "blocklist"; -- XEP-0191  blocking of users
                --"cloud_notify"; -- Support for XEP-0357 Push Notifications for compatibility with ChatSecure/iOS. 
                -- iOS typically end the connection when an app runs in the background and requires use of Apple's Push servers to wake up and receive a message. Enabling this module allows your server to do that for your contacts on iOS.
                -- However we leave it commented out as it is another example of vertically integrated cloud platforms at odds with federation, with all the meta-data-based surveillance consequences that that might have. 
                "omemo_all_access"; -- Allow for OMEMO E2E between contacts that haven't added each other
                "pep_vcard_avatar"; -- use XEP-0153: vCard-Based Avatars to see the avatars of clients that use XEP-0084: User Avatar and vice versa.
admins = {"admin@jabber.moe"}
contact_info = {
 abuse = { "mailto:blackhatjabber@pm.me","xmpp:admin@jabber.moe"};
 admin = { "mailto:blackhatjabber@pm.me","xmpp:admin@jabber.moe"};
 feedback = { "mailto:blackhatjabber@pm.me","xmpp:admin@jabber.moe"};
 sales = { "mailto:blackhatjabber@pm.me","xmpp:admin@jabber.moe"};
 security = { "mailto:blackhatjabber@pm.me","xmpp:admin@jabber.moe"};
 support = { "mailto:blackhatjabber@pm.me","xmpp:admin@jabber.moe"};
welcome_message = "Administrator Jabber admin@jabber.moe Enjoy!"
allow_registration = true; -- Enable to allow people to register accounts on your server from their clients, for more information see http://prosody.im/doc/creating_accounts
ssl = {
        certificate = "/etc/prosody/certs/fullchain.pem";
        key = "/etc/prosody/certs/privkey.pem";
c2s_require_encryption = true -- Force clients to use encrypted connections
-- Force certificate authentication for server-to-server connections?
-- This provides ideal security, but requires servers you communicate
-- with to support encryption AND present valid, trusted certificates.
-- NOTE: Your version of LuaSec must support certificate verification!
-- For more information see http://prosody.im/doc/s2s#security

s2s_secure_auth = false
pidfile = "/var/run/prosody/prosody.pid"

authentication = "internal_hashed"

storage = "sql" 

-- Make sure to change the password 
sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "ここにprosody用データベースパスワード", host = "localhost" }

log = {
        info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
        error = "/var/log/prosody/prosody.err";

VirtualHost "jabber.moe"

-- Enable http_upload to allow image sharing across multiple devices and clients
Component "dump.jabber.moe" "http_upload"

---Set up a MUC (multi-user chat) room server on muc.jabber.moe
Component "muc.jabber.moe" "muc"
modules_enabled = {

Component "proxy.jabber.moe" "proxy65"
 proxy65_ports = { 5000 }
 proxy65_interfaces = {"*"}

証明書アップデートを自動化 sudo crontab -e

0 4 0 * 0  /usr/bin/certbot renew --renew-hook "prosodyctl --root cert import /etc/letsencrypt/live" --quiet

起動 service prosody start chkconfig prosody on テストする

XMPP Compliance Tester 80%以上で合格といえるでしょう https://compliance.conversations.im/





Configuring an XMPP server for secure, mobile instant messaging [https://homebrewserver.club/configuring-a-modern-xmpp-server.html

当記事はAttribution-ShareAlike 4.0 Internationalが適用されます